Copyright | (c) 2013-2017 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
- Service Configuration
- Errors
- PolicyNotFoundException
- PolicyTypeAlreadyEnabledException
- HandshakeConstraintViolationException
- AccessDeniedException
- MalformedPolicyDocumentException
- RootNotFoundException
- MasterCannotLeaveOrganizationException
- AccountNotFoundException
- DuplicatePolicyException
- ConstraintViolationException
- FinalizingOrganizationException
- HandshakeNotFoundException
- PolicyTypeNotAvailableForOrganizationException
- ChildNotFoundException
- OrganizationalUnitNotFoundException
- DestinationParentNotFoundException
- OrganizationNotEmptyException
- PolicyTypeNotEnabledException
- DuplicateHandshakeException
- OrganizationalUnitNotEmptyException
- TooManyRequestsException
- ConcurrentModificationException
- ServiceException
- SourceParentNotFoundException
- TargetNotFoundException
- CreateAccountStatusNotFoundException
- AlreadyInOrganizationException
- DuplicateOrganizationalUnitException
- InvalidInputException
- PolicyNotAttachedException
- ParentNotFoundException
- AccessDeniedForDependencyException
- AWSOrganizationsNotInUseException
- PolicyInUseException
- InvalidHandshakeTransitionException
- HandshakeAlreadyInStateException
- DuplicateAccountException
- DuplicatePolicyAttachmentException
- Waiters
- Operations
- ListHandshakesForAccount (Paginated)
- DescribeAccount
- ListPolicies (Paginated)
- CreatePolicy
- ListRoots (Paginated)
- AcceptHandshake
- CreateOrganization
- EnableAllFeatures
- DeleteOrganization
- DescribeHandshake
- DescribePolicy
- LeaveOrganization
- MoveAccount
- ListAccounts (Paginated)
- InviteAccountToOrganization
- ListOrganizationalUnitsForParent (Paginated)
- CancelHandshake
- ListChildren (Paginated)
- DeletePolicy
- UpdatePolicy
- EnablePolicyType
- DisablePolicyType
- DescribeCreateAccountStatus
- CreateOrganizationalUnit
- ListAccountsForParent (Paginated)
- DetachPolicy
- RemoveAccountFromOrganization
- DescribeOrganizationalUnit
- ListParents (Paginated)
- CreateAccount
- ListCreateAccountStatus (Paginated)
- ListTargetsForPolicy (Paginated)
- DeclineHandshake
- AttachPolicy
- ListPoliciesForTarget (Paginated)
- DescribeOrganization
- ListHandshakesForOrganization (Paginated)
- DeleteOrganizationalUnit
- UpdateOrganizationalUnit
- Types
- AccountJoinedMethod
- AccountStatus
- ActionType
- ChildType
- CreateAccountFailureReason
- CreateAccountState
- HandshakePartyType
- HandshakeResourceType
- HandshakeState
- IAMUserAccessToBilling
- OrganizationFeatureSet
- ParentType
- PolicyType
- PolicyTypeStatus
- TargetType
- Account
- Child
- CreateAccountStatus
- Handshake
- HandshakeFilter
- HandshakeParty
- HandshakeResource
- Organization
- OrganizationalUnit
- Parent
- Policy
- PolicySummary
- PolicyTargetSummary
- PolicyTypeSummary
- Root
AWS Organizations API Reference
AWS Organizations is a web service that enables you to consolidate your multiple AWS accounts into an organization and centrally manage your accounts and their resources.
This guide provides descriptions of the Organizations API. For more information about using this service, see the AWS Organizations User Guide .
API Version
This version of the Organizations API Reference documents the Organizations API version 2016-11-28.
We recommend that you use the AWS SDKs to make programmatic API calls to Organizations. However, you also can use the Organizations Query API to make direct calls to the Organizations web service. To learn more about the Organizations Query API, see Making Query Requests in the AWS Organizations User Guide . Organizations supports GET and POST requests for all actions. That is, the API does not require you to use GET for some actions and POST for others. However, GET requests are subject to the limitation size of a URL. Therefore, for operations that require larger sizes, use a POST request.
Signing Requests
When you send HTTP requests to AWS, you must sign the requests so that AWS can identify who sent them. You sign requests with your AWS access key, which consists of an access key ID and a secret access key. We strongly recommend that you do not create an access key for your root account. Anyone who has the access key for your root account has unrestricted access to all the resources in your account. Instead, create an access key for an IAM user account that has administrative privileges. As another option, use AWS Security Token Service to generate temporary security credentials, and use those credentials to sign requests.
To sign requests, we recommend that you use Signature Version 4 . If you have an existing application that uses Signature Version 2, you do not have to update it to use Signature Version 4. However, some operations now require Signature Version 4. The documentation for operations that require version 4 indicate this requirement.
When you use the AWS Command Line Interface (AWS CLI) or one of the AWS SDKs to make requests to AWS, these tools automatically sign the requests for you with the access key that you specify when you configure the tools.
In this release, each organization can have only one root. In a future release, a single organization will support multiple roots.
Support and Feedback for AWS Organizations
We welcome your feedback. Send your comments to feedback-awsorganizations@amazon.com or post your feedback and questions in our private AWS Organizations support forum . If you don't have access to the forum, send a request for access to the email address, along with your forum user ID. For more information about the AWS support forums, see Forums Help .
Endpoint to Call When Using the CLI or the AWS API
For the current release of Organizations, you must specify the us-east-1
region for all AWS API and CLI calls. You can do this in the CLI by using these parameters and commands:
- Use the following parameter with each command to specify both the endpoint and its region:
--endpoint-url https://organizations.us-east-1.amazonaws.com
- Use the default endpoint, but configure your default region with this command:
aws configure set default.region us-east-1
- Use the following parameter with each command to specify the endpoint:
--region us-east-1
For the various SDKs used to call the APIs, see the documentation for the SDK of interest to learn how to direct the requests to a specific endpoint. For more information, see Regions and Endpoints in the AWS General Reference .
How examples are presented
The JSON returned by the AWS Organizations service as response to your requests is returned as a single long string without line breaks or formatting whitespace. Both line breaks and whitespace are included in the examples in this guide to improve readability. When example input parameters also would result in long strings that would extend beyond the screen, we insert line breaks to enhance readability. You should always submit the input as a single JSON text string.
Recording API Requests
AWS Organizations supports AWS CloudTrail, a service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information collected by AWS CloudTrail, you can determine which requests were successfully made to Organizations, who made the request, when it was made, and so on. For more about AWS Organizations and its support for AWS CloudTrail, see Logging AWS Organizations Events with AWS CloudTrail in the AWS Organizations User Guide . To learn more about CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide .
- organizations :: Service
- _PolicyNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyTypeAlreadyEnabledException :: AsError a => Getting (First ServiceError) a ServiceError
- _HandshakeConstraintViolationException :: AsError a => Getting (First ServiceError) a ServiceError
- _AccessDeniedException :: AsError a => Getting (First ServiceError) a ServiceError
- _MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError
- _RootNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _MasterCannotLeaveOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError
- _AccountNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicatePolicyException :: AsError a => Getting (First ServiceError) a ServiceError
- _ConstraintViolationException :: AsError a => Getting (First ServiceError) a ServiceError
- _FinalizingOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError
- _HandshakeNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyTypeNotAvailableForOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError
- _ChildNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _OrganizationalUnitNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _DestinationParentNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _OrganizationNotEmptyException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyTypeNotEnabledException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicateHandshakeException :: AsError a => Getting (First ServiceError) a ServiceError
- _OrganizationalUnitNotEmptyException :: AsError a => Getting (First ServiceError) a ServiceError
- _TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError
- _ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError
- _ServiceException :: AsError a => Getting (First ServiceError) a ServiceError
- _SourceParentNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _TargetNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _CreateAccountStatusNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _AlreadyInOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicateOrganizationalUnitException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyNotAttachedException :: AsError a => Getting (First ServiceError) a ServiceError
- _ParentNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _AccessDeniedForDependencyException :: AsError a => Getting (First ServiceError) a ServiceError
- _AWSOrganizationsNotInUseException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyInUseException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidHandshakeTransitionException :: AsError a => Getting (First ServiceError) a ServiceError
- _HandshakeAlreadyInStateException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicateAccountException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicatePolicyAttachmentException :: AsError a => Getting (First ServiceError) a ServiceError
- module Network.AWS.Organizations.ListHandshakesForAccount
- module Network.AWS.Organizations.DescribeAccount
- module Network.AWS.Organizations.ListPolicies
- module Network.AWS.Organizations.CreatePolicy
- module Network.AWS.Organizations.ListRoots
- module Network.AWS.Organizations.AcceptHandshake
- module Network.AWS.Organizations.CreateOrganization
- module Network.AWS.Organizations.EnableAllFeatures
- module Network.AWS.Organizations.DeleteOrganization
- module Network.AWS.Organizations.DescribeHandshake
- module Network.AWS.Organizations.DescribePolicy
- module Network.AWS.Organizations.LeaveOrganization
- module Network.AWS.Organizations.MoveAccount
- module Network.AWS.Organizations.ListAccounts
- module Network.AWS.Organizations.InviteAccountToOrganization
- module Network.AWS.Organizations.ListOrganizationalUnitsForParent
- module Network.AWS.Organizations.CancelHandshake
- module Network.AWS.Organizations.ListChildren
- module Network.AWS.Organizations.DeletePolicy
- module Network.AWS.Organizations.UpdatePolicy
- module Network.AWS.Organizations.EnablePolicyType
- module Network.AWS.Organizations.DisablePolicyType
- module Network.AWS.Organizations.DescribeCreateAccountStatus
- module Network.AWS.Organizations.CreateOrganizationalUnit
- module Network.AWS.Organizations.ListAccountsForParent
- module Network.AWS.Organizations.DetachPolicy
- module Network.AWS.Organizations.RemoveAccountFromOrganization
- module Network.AWS.Organizations.DescribeOrganizationalUnit
- module Network.AWS.Organizations.ListParents
- module Network.AWS.Organizations.CreateAccount
- module Network.AWS.Organizations.ListCreateAccountStatus
- module Network.AWS.Organizations.ListTargetsForPolicy
- module Network.AWS.Organizations.DeclineHandshake
- module Network.AWS.Organizations.AttachPolicy
- module Network.AWS.Organizations.ListPoliciesForTarget
- module Network.AWS.Organizations.DescribeOrganization
- module Network.AWS.Organizations.ListHandshakesForOrganization
- module Network.AWS.Organizations.DeleteOrganizationalUnit
- module Network.AWS.Organizations.UpdateOrganizationalUnit
- data AccountJoinedMethod
- data AccountStatus
- data ActionType
- data ChildType
- data CreateAccountFailureReason
- data CreateAccountState
- data HandshakePartyType
- data HandshakeResourceType
- data HandshakeState
- data IAMUserAccessToBilling
- data OrganizationFeatureSet
- data ParentType
- data PolicyType = ServiceControlPolicy
- data PolicyTypeStatus
- data TargetType
- data Account
- account :: Account
- aStatus :: Lens' Account (Maybe AccountStatus)
- aJoinedMethod :: Lens' Account (Maybe AccountJoinedMethod)
- aEmail :: Lens' Account (Maybe Text)
- aARN :: Lens' Account (Maybe Text)
- aJoinedTimestamp :: Lens' Account (Maybe UTCTime)
- aName :: Lens' Account (Maybe Text)
- aId :: Lens' Account (Maybe Text)
- data Child
- child :: Child
- cId :: Lens' Child (Maybe Text)
- cType :: Lens' Child (Maybe ChildType)
- data CreateAccountStatus
- createAccountStatus :: CreateAccountStatus
- casFailureReason :: Lens' CreateAccountStatus (Maybe CreateAccountFailureReason)
- casState :: Lens' CreateAccountStatus (Maybe CreateAccountState)
- casCompletedTimestamp :: Lens' CreateAccountStatus (Maybe UTCTime)
- casAccountName :: Lens' CreateAccountStatus (Maybe Text)
- casAccountId :: Lens' CreateAccountStatus (Maybe Text)
- casId :: Lens' CreateAccountStatus (Maybe Text)
- casRequestedTimestamp :: Lens' CreateAccountStatus (Maybe UTCTime)
- data Handshake
- handshake :: Handshake
- hState :: Lens' Handshake (Maybe HandshakeState)
- hARN :: Lens' Handshake (Maybe Text)
- hAction :: Lens' Handshake (Maybe ActionType)
- hResources :: Lens' Handshake [HandshakeResource]
- hId :: Lens' Handshake (Maybe Text)
- hExpirationTimestamp :: Lens' Handshake (Maybe UTCTime)
- hParties :: Lens' Handshake [HandshakeParty]
- hRequestedTimestamp :: Lens' Handshake (Maybe UTCTime)
- data HandshakeFilter
- handshakeFilter :: HandshakeFilter
- hfParentHandshakeId :: Lens' HandshakeFilter (Maybe Text)
- hfActionType :: Lens' HandshakeFilter (Maybe ActionType)
- data HandshakeParty
- handshakeParty :: Text -> HandshakePartyType -> HandshakeParty
- hpId :: Lens' HandshakeParty Text
- hpType :: Lens' HandshakeParty HandshakePartyType
- data HandshakeResource
- handshakeResource :: HandshakeResource
- hrValue :: Lens' HandshakeResource (Maybe Text)
- hrResources :: Lens' HandshakeResource [HandshakeResource]
- hrType :: Lens' HandshakeResource (Maybe HandshakeResourceType)
- data Organization
- organization :: Organization
- oARN :: Lens' Organization (Maybe Text)
- oMasterAccountId :: Lens' Organization (Maybe Text)
- oMasterAccountARN :: Lens' Organization (Maybe Text)
- oMasterAccountEmail :: Lens' Organization (Maybe Text)
- oAvailablePolicyTypes :: Lens' Organization [PolicyTypeSummary]
- oId :: Lens' Organization (Maybe Text)
- oFeatureSet :: Lens' Organization (Maybe OrganizationFeatureSet)
- data OrganizationalUnit
- organizationalUnit :: OrganizationalUnit
- ouARN :: Lens' OrganizationalUnit (Maybe Text)
- ouName :: Lens' OrganizationalUnit (Maybe Text)
- ouId :: Lens' OrganizationalUnit (Maybe Text)
- data Parent
- parent :: Parent
- pId :: Lens' Parent (Maybe Text)
- pType :: Lens' Parent (Maybe ParentType)
- data Policy
- policy :: Policy
- pContent :: Lens' Policy (Maybe Text)
- pPolicySummary :: Lens' Policy (Maybe PolicySummary)
- data PolicySummary
- policySummary :: PolicySummary
- psARN :: Lens' PolicySummary (Maybe Text)
- psName :: Lens' PolicySummary (Maybe Text)
- psId :: Lens' PolicySummary (Maybe Text)
- psAWSManaged :: Lens' PolicySummary (Maybe Bool)
- psType :: Lens' PolicySummary (Maybe PolicyType)
- psDescription :: Lens' PolicySummary (Maybe Text)
- data PolicyTargetSummary
- policyTargetSummary :: PolicyTargetSummary
- polTargetId :: Lens' PolicyTargetSummary (Maybe Text)
- polARN :: Lens' PolicyTargetSummary (Maybe Text)
- polName :: Lens' PolicyTargetSummary (Maybe Text)
- polType :: Lens' PolicyTargetSummary (Maybe TargetType)
- data PolicyTypeSummary
- policyTypeSummary :: PolicyTypeSummary
- ptsStatus :: Lens' PolicyTypeSummary (Maybe PolicyTypeStatus)
- ptsType :: Lens' PolicyTypeSummary (Maybe PolicyType)
- data Root
- root :: Root
- rARN :: Lens' Root (Maybe Text)
- rName :: Lens' Root (Maybe Text)
- rId :: Lens' Root (Maybe Text)
- rPolicyTypes :: Lens' Root [PolicyTypeSummary]
Service Configuration
organizations :: Service Source #
API version 2016-11-28
of the Amazon Organizations SDK configuration.
Errors
Error matchers are designed for use with the functions provided by
Control.Exception.Lens.
This allows catching (and rethrowing) service specific errors returned
by Organizations
.
PolicyNotFoundException
_PolicyNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find a policy with the PolicyId that you specified.
PolicyTypeAlreadyEnabledException
_PolicyTypeAlreadyEnabledException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The specified policy type is already enabled in the specified root.
HandshakeConstraintViolationException
_HandshakeConstraintViolationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The requested operation would violate the constraint identified in the reason code.
- ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. Note : deleted and closed accounts still count toward your limit.
Important: If you get an exception that indicates that you exceeded your account limits for the organization or that you can"t add an account because your organization is still initializing, please contact AWS Customer Support .
- HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes you can send in one day.
- ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a member of an organization.
- ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has already enabled all features.
- INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You cannot issue new invitations to join an organization while it is in the process of enabling all features. You can resume inviting accounts after you finalize the process when all accounts have agreed to the change.
- PAYMENT_INSTRUMENT_REQUIRED: You cannot complete the operation with an account that does not have a payment instrument, such as a credit card, associated with it.
- ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different marketplace than the accounts in the organization. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
- ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account too quickly after its previous change.
AccessDeniedException
_AccessDeniedException :: AsError a => Getting (First ServiceError) a ServiceError Source #
You don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access Management in the IAM User Guide .
MalformedPolicyDocumentException
_MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The provided policy document does not meet the requirements of the specified policy type. For example, the syntax might be incorrect. For details about service control policy syntax, see Service Control Policy Syntax in the AWS Organizations User Guide .
RootNotFoundException
_RootNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find a root with the RootId that you specified.
MasterCannotLeaveOrganizationException
_MasterCannotLeaveOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
You can't remove a master account from an organization. If you want the master account to become a member account in another organization, you must first delete the current organization of the master account.
AccountNotFoundException
_AccountNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find an AWS account with the AccountId that you specified, or the account whose credentials you used to make this request is not a member of an organization.
DuplicatePolicyException
_DuplicatePolicyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
A policy with the same name already exists.
ConstraintViolationException
_ConstraintViolationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Performing this operation violates a minimum or maximum value limit. For example, attempting to removing the last SCP from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit.
- ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. If you need more accounts, contact AWS Support to request an increase in your limit.
Or, The number of invitations that you tried to send would cause you to exceed the limit of accounts in your organization. Send fewer invitations, or contact AWS Support to request an increase in the number of accounts.
Note : deleted and closed accounts still count toward your limit.
Important: If you get an exception that indicates that you exceeded your account limits for the organization or that you can"t add an account because your organization is still initializing, please contact AWS Customer Support .
- HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes you can send in one day.
- OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational units you can have in an organization.
- OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit tree that is too many levels deep.
- POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of policies that you can have in an organization.
- MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain type that can be attached to an entity at one time.
- MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would cause the entity to have fewer than the minimum number of policies of a certain type required.
- ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that does not yet have enough information to exist as a stand-alone account. This account requires you to first agree to the AWS Customer Agreement. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide .
- ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization that does not yet have enough information to exist as a stand-alone account. This account requires you to first complete phone verification. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide .
- MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this account, you first must associate a payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide .
- MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you first must associate a payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide .
- ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create in one day.
- MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first must migrate the organization's master account to the marketplace that corresponds to the master account's address. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be associated with the same marketplace.
- MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide contact a valid address and phone number for the master account. Then try the operation again.
FinalizingOrganizationException
_FinalizingOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
AWS Organizations could not finalize the creation of your organization. Try again later. If this persists, contact AWS customer support.
HandshakeNotFoundException
_HandshakeNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find a handshake with the HandshakeId that you specified.
PolicyTypeNotAvailableForOrganizationException
_PolicyTypeNotAvailableForOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
You can't use the specified policy type with the feature set currently enabled for this organization. For example, you can enable service control policies (SCPs) only after you enable all features in the organization. For more information, see Enabling and Disabling a Policy Type on a Root in the AWS Organizations User Guide .
ChildNotFoundException
_ChildNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find an organizational unit (OU) or AWS account with the ChildId that you specified.
OrganizationalUnitNotFoundException
_OrganizationalUnitNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find an organizational unit (OU) with the OrganizationalUnitId that you specified.
DestinationParentNotFoundException
_DestinationParentNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find the destination container (a root or OU) with the ParentId that you specified.
OrganizationNotEmptyException
_OrganizationNotEmptyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The organization isn't empty. To delete an organization, you must first remove all accounts except the master account, delete all organizational units (OUs), and delete all policies.
PolicyTypeNotEnabledException
_PolicyTypeNotEnabledException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The specified policy type is not currently enabled in this root. You cannot attach policies of the specified type to entities in a root until you enable that type in the root. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide .
DuplicateHandshakeException
_DuplicateHandshakeException :: AsError a => Getting (First ServiceError) a ServiceError Source #
A handshake with the same action and target already exists. For example, if you invited an account to join your organization, the invited account might already have a pending invitation from this organization. If you intend to resend an invitation to an account, ensure that existing handshakes that might be considered duplicates are canceled or declined.
OrganizationalUnitNotEmptyException
_OrganizationalUnitNotEmptyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The specified organizational unit (OU) is not empty. Move all accounts to another root or to other OUs, remove all child OUs, and then try the operation again.
TooManyRequestsException
_TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError Source #
You've sent too many requests in too short a period of time. The limit helps protect against denial-of-service attacks. Try again later.
ConcurrentModificationException
_ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The target of the operation is currently being modified by a different request. Try again later.
ServiceException
_ServiceException :: AsError a => Getting (First ServiceError) a ServiceError Source #
AWS Organizations can't complete your request because of an internal service error. Try again later.
SourceParentNotFoundException
_SourceParentNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find a source root or OU with the ParentId that you specified.
TargetNotFoundException
_TargetNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find a root, OU, or account with the TargetId that you specified.
CreateAccountStatusNotFoundException
_CreateAccountStatusNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find an create account request with the CreateAccountRequestId that you specified.
AlreadyInOrganizationException
_AlreadyInOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
This account is already a member of an organization. An account can belong to only one organization at a time.
DuplicateOrganizationalUnitException
_DuplicateOrganizationalUnitException :: AsError a => Getting (First ServiceError) a ServiceError Source #
An organizational unit (OU) with the same name already exists.
InvalidInputException
_InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit:
- INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.
- INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the organization.
- INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
- INVALID_ENUM: You specified a value that is not valid for that parameter.
- INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
- INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
- MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
- MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
- MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
- MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
- IMMUTABLE_POLICY: You specified a policy that is managed by AWS and cannot be modified.
- INVALID_PATTERN: You provided a value that doesn't match the required pattern.
- INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
- INPUT_REQUIRED: You must include a value for all required parameters.
- INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a previous call of the operation.
- MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
- MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
PolicyNotAttachedException
_PolicyNotAttachedException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The policy isn't attached to the specified target in the specified root.
ParentNotFoundException
_ParentNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find a root or organizational unit (OU) with the ParentId that you specified.
AccessDeniedForDependencyException
_AccessDeniedForDependencyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation you attempted requires you to have the iam:CreateServiceLinkedRole
so that Organizations can create the required service-linked role. You do not have that permission.
AWSOrganizationsNotInUseException
_AWSOrganizationsNotInUseException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Your account is not a member of an organization. To make this request, you must use the credentials of an account that belongs to an organization.
PolicyInUseException
_PolicyInUseException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The policy is attached to one or more entities. You must detach it from all roots, organizational units (OUs), and accounts before performing this operation.
InvalidHandshakeTransitionException
_InvalidHandshakeTransitionException :: AsError a => Getting (First ServiceError) a ServiceError Source #
You can't perform the operation on the handshake in its current state. For example, you can't cancel a handshake that was already accepted, or accept a handshake that was already declined.
HandshakeAlreadyInStateException
_HandshakeAlreadyInStateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The specified handshake is already in the requested state. For example, you can't accept a handshake that was already accepted.
DuplicateAccountException
_DuplicateAccountException :: AsError a => Getting (First ServiceError) a ServiceError Source #
That account is already present in the specified destination.
DuplicatePolicyAttachmentException
_DuplicatePolicyAttachmentException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The selected policy is already attached to the specified target.
Waiters
Waiters poll by repeatedly sending a request until some remote success condition
configured by the Wait
specification is fulfilled. The Wait
specification
determines how many attempts should be made, in addition to delay and retry strategies.
Operations
Some AWS operations return results that are incomplete and require subsequent
requests in order to obtain the entire result set. The process of sending
subsequent requests to continue where a previous request left off is called
pagination. For example, the ListObjects
operation of Amazon S3 returns up to
1000 objects at a time, and you must send subsequent requests with the
appropriate Marker in order to retrieve the next page of results.
Operations that have an AWSPager
instance can transparently perform subsequent
requests, correctly setting Markers and other request facets to iterate through
the entire result set of a truncated API operation. Operations which support
this have an additional note in the documentation.
Many operations have the ability to filter results on the server side. See the individual operation parameters for details.
ListHandshakesForAccount (Paginated)
DescribeAccount
ListPolicies (Paginated)
CreatePolicy
ListRoots (Paginated)
AcceptHandshake
CreateOrganization
EnableAllFeatures
DeleteOrganization
DescribeHandshake
DescribePolicy
LeaveOrganization
MoveAccount
ListAccounts (Paginated)
InviteAccountToOrganization
ListOrganizationalUnitsForParent (Paginated)
CancelHandshake
ListChildren (Paginated)
DeletePolicy
UpdatePolicy
EnablePolicyType
DisablePolicyType
DescribeCreateAccountStatus
CreateOrganizationalUnit
ListAccountsForParent (Paginated)
DetachPolicy
RemoveAccountFromOrganization
DescribeOrganizationalUnit
ListParents (Paginated)
CreateAccount
ListCreateAccountStatus (Paginated)
ListTargetsForPolicy (Paginated)
DeclineHandshake
AttachPolicy
ListPoliciesForTarget (Paginated)
DescribeOrganization
ListHandshakesForOrganization (Paginated)
DeleteOrganizationalUnit
UpdateOrganizationalUnit
Types
AccountJoinedMethod
data AccountJoinedMethod Source #
AccountStatus
data AccountStatus Source #
ActionType
data ActionType Source #
ChildType
CreateAccountFailureReason
data CreateAccountFailureReason Source #
AccountLimitExceeded | |
ConcurrentAccountModification | |
EmailAlreadyExists | |
InternalFailure | |
InvalidAddress | |
InvalidEmail |
CreateAccountState
data CreateAccountState Source #
HandshakePartyType
data HandshakePartyType Source #
HandshakeResourceType
data HandshakeResourceType Source #
HandshakeState
data HandshakeState Source #
IAMUserAccessToBilling
data IAMUserAccessToBilling Source #
OrganizationFeatureSet
data OrganizationFeatureSet Source #
ParentType
data ParentType Source #
PolicyType
data PolicyType Source #
PolicyTypeStatus
data PolicyTypeStatus Source #
TargetType
data TargetType Source #
Account
Contains information about an AWS account that is a member of an organization.
See: account
smart constructor.
Creates a value of Account
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
aStatus
- The status of the account in the organization.aJoinedMethod
- The method by which the account joined the organization.aEmail
- The email address associated with the AWS account. The regex pattern for this parameter is a string of characters that represents a standard Internet email address.aARN
- The Amazon Resource Name (ARN) of the account. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .aJoinedTimestamp
- The date the account became a part of the organization.aName
- The friendly name of the account. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.aId
- The unique identifier (ID) of the account. The regex pattern for an account ID string requires exactly 12 digits.
aStatus :: Lens' Account (Maybe AccountStatus) Source #
The status of the account in the organization.
aJoinedMethod :: Lens' Account (Maybe AccountJoinedMethod) Source #
The method by which the account joined the organization.
aEmail :: Lens' Account (Maybe Text) Source #
The email address associated with the AWS account. The regex pattern for this parameter is a string of characters that represents a standard Internet email address.
aARN :: Lens' Account (Maybe Text) Source #
The Amazon Resource Name (ARN) of the account. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
aJoinedTimestamp :: Lens' Account (Maybe UTCTime) Source #
The date the account became a part of the organization.
aName :: Lens' Account (Maybe Text) Source #
The friendly name of the account. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
aId :: Lens' Account (Maybe Text) Source #
The unique identifier (ID) of the account. The regex pattern for an account ID string requires exactly 12 digits.
Child
Contains a list of child entities, either OUs or accounts.
See: child
smart constructor.
Creates a value of Child
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
cId
- The unique identifier (ID) of this child entity. The regex pattern for a child ID string requires one of the following: * Account: a string that consists of exactly 12 digits. * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that contains the OU) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.cType
- The type of this child entity.
cId :: Lens' Child (Maybe Text) Source #
The unique identifier (ID) of this child entity. The regex pattern for a child ID string requires one of the following: * Account: a string that consists of exactly 12 digits. * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that contains the OU) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
CreateAccountStatus
data CreateAccountStatus Source #
Contains the status about a CreateAccount
request to create an AWS account in an organization.
See: createAccountStatus
smart constructor.
createAccountStatus :: CreateAccountStatus Source #
Creates a value of CreateAccountStatus
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
casFailureReason
- If the request failed, a description of the reason for the failure. * ACCOUNT_LIMIT_EXCEEDED: The account could not be created because you have reached the limit on the number of accounts in your organization. * EMAIL_ALREADY_EXISTS: The account could not be created because another AWS account with that email address already exists. * INVALID_ADDRESS: The account could not be created because the address you provided is not valid. * INVALID_EMAIL: The account could not be created because the email address you provided is not valid. * INTERNAL_FAILURE: The account could not be created because of an internal failure. Try again later. If the problem persists, contact Customer Support.casState
- The status of the request.casCompletedTimestamp
- The date and time that the account was created and the request completed.casAccountName
- The account name given to the account when it was created.casAccountId
- If the account was created successfully, the unique identifier (ID) of the new account. The regex pattern for an account ID string requires exactly 12 digits.casId
- The unique identifier (ID) that references this request. You get this value from the response of the initialCreateAccount
request to create the account. The regex pattern for an create account request ID string requires "car-" followed by from 8 to 32 lower-case letters or digits.casRequestedTimestamp
- The date and time that the request was made for the account creation.
casFailureReason :: Lens' CreateAccountStatus (Maybe CreateAccountFailureReason) Source #
If the request failed, a description of the reason for the failure. * ACCOUNT_LIMIT_EXCEEDED: The account could not be created because you have reached the limit on the number of accounts in your organization. * EMAIL_ALREADY_EXISTS: The account could not be created because another AWS account with that email address already exists. * INVALID_ADDRESS: The account could not be created because the address you provided is not valid. * INVALID_EMAIL: The account could not be created because the email address you provided is not valid. * INTERNAL_FAILURE: The account could not be created because of an internal failure. Try again later. If the problem persists, contact Customer Support.
casState :: Lens' CreateAccountStatus (Maybe CreateAccountState) Source #
The status of the request.
casCompletedTimestamp :: Lens' CreateAccountStatus (Maybe UTCTime) Source #
The date and time that the account was created and the request completed.
casAccountName :: Lens' CreateAccountStatus (Maybe Text) Source #
The account name given to the account when it was created.
casAccountId :: Lens' CreateAccountStatus (Maybe Text) Source #
If the account was created successfully, the unique identifier (ID) of the new account. The regex pattern for an account ID string requires exactly 12 digits.
casId :: Lens' CreateAccountStatus (Maybe Text) Source #
The unique identifier (ID) that references this request. You get this value from the response of the initial CreateAccount
request to create the account. The regex pattern for an create account request ID string requires "car-" followed by from 8 to 32 lower-case letters or digits.
casRequestedTimestamp :: Lens' CreateAccountStatus (Maybe UTCTime) Source #
The date and time that the request was made for the account creation.
Handshake
Contains information that must be exchanged to securely establish a relationship between two accounts (an originator and a recipient ). For example, when a master account (the originator) invites another account (the recipient) to join its organization, the two accounts exchange information as a series of handshake requests and responses.
Note: Handshakes that are CANCELED, ACCEPTED, or DECLINED show up in lists for only 30 days after entering that state After that they are deleted.
See: handshake
smart constructor.
handshake :: Handshake Source #
Creates a value of Handshake
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
hState
- The current state of the handshake. Use the state to trace the flow of the handshake through the process from its creation to its acceptance. The meaning of each of the valid values is as follows: * REQUESTED : This handshake was sent to multiple recipients (applicable to only some handshake types) and not all recipients have responded yet. The request stays in this state until all recipients respond. * OPEN : This handshake was sent to multiple recipients (applicable to only some policy types) and all recipients have responded, allowing the originator to complete the handshake action. * CANCELED : This handshake is no longer active because it was canceled by the originating account. * ACCEPTED : This handshake is complete because it has been accepted by the recipient. * DECLINED : This handshake is no longer active because it was declined by the recipient account. * EXPIRED : This handshake is no longer active because the originator did not receive a response of any kind from the recipient before the expiration time (15 days).hARN
- The Amazon Resource Name (ARN) of a handshake. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .hAction
- The type of handshake, indicating what action occurs when the recipient accepts the handshake. The following handshake types are supported: * INVITE : This type of handshake represents a request to join an organization. It is always sent from the master account to only non-member accounts. * ENABLE_ALL_FEATURES : This type of handshake represents a request to enable all features in an organization. It is always sent from the master account to only invited member accounts. Created accounts do not receive this because those accounts were created by the organization's master account and approval is inferred. * APPROVE_ALL_FEATURES : This type of handshake is sent from the Organizations service when all member accounts have approved theENABLE_ALL_FEATURES
invitation. It is sent only to the master account and signals the master that it can finalize the process to enable all features.hResources
- Additional information that is needed to process the handshake.hId
- The unique identifier (ID) of a handshake. The originating account creates the ID when it initiates the handshake. The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.hExpirationTimestamp
- The date and time that the handshake expires. If the recipient of the handshake request fails to respond before the specified date and time, the handshake becomes inactive and is no longer valid.hParties
- Information about the two accounts that are participating in the handshake.hRequestedTimestamp
- The date and time that the handshake request was made.
hState :: Lens' Handshake (Maybe HandshakeState) Source #
The current state of the handshake. Use the state to trace the flow of the handshake through the process from its creation to its acceptance. The meaning of each of the valid values is as follows: * REQUESTED : This handshake was sent to multiple recipients (applicable to only some handshake types) and not all recipients have responded yet. The request stays in this state until all recipients respond. * OPEN : This handshake was sent to multiple recipients (applicable to only some policy types) and all recipients have responded, allowing the originator to complete the handshake action. * CANCELED : This handshake is no longer active because it was canceled by the originating account. * ACCEPTED : This handshake is complete because it has been accepted by the recipient. * DECLINED : This handshake is no longer active because it was declined by the recipient account. * EXPIRED : This handshake is no longer active because the originator did not receive a response of any kind from the recipient before the expiration time (15 days).
hARN :: Lens' Handshake (Maybe Text) Source #
The Amazon Resource Name (ARN) of a handshake. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
hAction :: Lens' Handshake (Maybe ActionType) Source #
The type of handshake, indicating what action occurs when the recipient accepts the handshake. The following handshake types are supported: * INVITE : This type of handshake represents a request to join an organization. It is always sent from the master account to only non-member accounts. * ENABLE_ALL_FEATURES : This type of handshake represents a request to enable all features in an organization. It is always sent from the master account to only invited member accounts. Created accounts do not receive this because those accounts were created by the organization's master account and approval is inferred. * APPROVE_ALL_FEATURES : This type of handshake is sent from the Organizations service when all member accounts have approved the ENABLE_ALL_FEATURES
invitation. It is sent only to the master account and signals the master that it can finalize the process to enable all features.
hResources :: Lens' Handshake [HandshakeResource] Source #
Additional information that is needed to process the handshake.
hId :: Lens' Handshake (Maybe Text) Source #
The unique identifier (ID) of a handshake. The originating account creates the ID when it initiates the handshake. The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.
hExpirationTimestamp :: Lens' Handshake (Maybe UTCTime) Source #
The date and time that the handshake expires. If the recipient of the handshake request fails to respond before the specified date and time, the handshake becomes inactive and is no longer valid.
hParties :: Lens' Handshake [HandshakeParty] Source #
Information about the two accounts that are participating in the handshake.
hRequestedTimestamp :: Lens' Handshake (Maybe UTCTime) Source #
The date and time that the handshake request was made.
HandshakeFilter
data HandshakeFilter Source #
Specifies the criteria that are used to select the handshakes for the operation.
See: handshakeFilter
smart constructor.
handshakeFilter :: HandshakeFilter Source #
Creates a value of HandshakeFilter
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
hfParentHandshakeId
- Specifies the parent handshake. Only used for handshake types that are a child of another type. If you specifyParentHandshakeId
, you cannot also specifyActionType
. The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.hfActionType
- Specifies the type of handshake action. If you specifyActionType
, you cannot also specifyParentHandshakeId
.
hfParentHandshakeId :: Lens' HandshakeFilter (Maybe Text) Source #
Specifies the parent handshake. Only used for handshake types that are a child of another type. If you specify ParentHandshakeId
, you cannot also specify ActionType
. The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.
hfActionType :: Lens' HandshakeFilter (Maybe ActionType) Source #
Specifies the type of handshake action. If you specify ActionType
, you cannot also specify ParentHandshakeId
.
HandshakeParty
data HandshakeParty Source #
Identifies a participant in a handshake.
See: handshakeParty
smart constructor.
Creates a value of HandshakeParty
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
hpId
- The unique identifier (ID) for the party. The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.hpType
- The type of party.
hpId :: Lens' HandshakeParty Text Source #
The unique identifier (ID) for the party. The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.
hpType :: Lens' HandshakeParty HandshakePartyType Source #
The type of party.
HandshakeResource
data HandshakeResource Source #
Contains additional data that is needed to process a handshake.
See: handshakeResource
smart constructor.
handshakeResource :: HandshakeResource Source #
Creates a value of HandshakeResource
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
hrValue
- The information that is passed to the other party in the handshake. The format of the value string must match the requirements of the specified type.hrResources
- When needed, contains an additional array ofHandshakeResource
objects.hrType
- The type of information being passed, specifying how the value is to be interpreted by the other party: *ACCOUNT
- Specifies an AWS account ID number. *ORGANIZATION
- Specifies an organization ID number. *EMAIL
- Specifies the email address that is associated with the account that receives the handshake. *OWNER_EMAIL
- Specifies the email address associated with the master account. Included as information about an organization. *OWNER_NAME
- Specifies the name associated with the master account. Included as information about an organization. *NOTES
- Additional text provided by the handshake initiator and intended for the recipient to read.
hrValue :: Lens' HandshakeResource (Maybe Text) Source #
The information that is passed to the other party in the handshake. The format of the value string must match the requirements of the specified type.
hrResources :: Lens' HandshakeResource [HandshakeResource] Source #
When needed, contains an additional array of HandshakeResource
objects.
hrType :: Lens' HandshakeResource (Maybe HandshakeResourceType) Source #
The type of information being passed, specifying how the value is to be interpreted by the other party: * ACCOUNT
- Specifies an AWS account ID number. * ORGANIZATION
- Specifies an organization ID number. * EMAIL
- Specifies the email address that is associated with the account that receives the handshake. * OWNER_EMAIL
- Specifies the email address associated with the master account. Included as information about an organization. * OWNER_NAME
- Specifies the name associated with the master account. Included as information about an organization. * NOTES
- Additional text provided by the handshake initiator and intended for the recipient to read.
Organization
data Organization Source #
Contains details about an organization. An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies .
See: organization
smart constructor.
organization :: Organization Source #
Creates a value of Organization
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
oARN
- The Amazon Resource Name (ARN) of an organization. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .oMasterAccountId
- The unique identifier (ID) of the master account of an organization. The regex pattern for an account ID string requires exactly 12 digits.oMasterAccountARN
- The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .oMasterAccountEmail
- The email address that is associated with the AWS account that is designated as the master account for the organization.oAvailablePolicyTypes
- A list of policy types that are enabled for this organization. For example, if your organization has all features enabled, then service control policies (SCPs) are included in the list.oId
- The unique identifier (ID) of an organization. The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lower-case letters or digits.oFeatureSet
- Specifies the functionality that currently is available to the organization. If set to ALL, then all features are enabled and policies can be applied to accounts in the organization. If set to CONSOLIDATED_BILLING, then only consolidated billing functionality is available. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide .
oARN :: Lens' Organization (Maybe Text) Source #
The Amazon Resource Name (ARN) of an organization. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
oMasterAccountId :: Lens' Organization (Maybe Text) Source #
The unique identifier (ID) of the master account of an organization. The regex pattern for an account ID string requires exactly 12 digits.
oMasterAccountARN :: Lens' Organization (Maybe Text) Source #
The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
oMasterAccountEmail :: Lens' Organization (Maybe Text) Source #
The email address that is associated with the AWS account that is designated as the master account for the organization.
oAvailablePolicyTypes :: Lens' Organization [PolicyTypeSummary] Source #
A list of policy types that are enabled for this organization. For example, if your organization has all features enabled, then service control policies (SCPs) are included in the list.
oId :: Lens' Organization (Maybe Text) Source #
The unique identifier (ID) of an organization. The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lower-case letters or digits.
oFeatureSet :: Lens' Organization (Maybe OrganizationFeatureSet) Source #
Specifies the functionality that currently is available to the organization. If set to ALL, then all features are enabled and policies can be applied to accounts in the organization. If set to CONSOLIDATED_BILLING, then only consolidated billing functionality is available. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide .
OrganizationalUnit
data OrganizationalUnit Source #
Contains details about an organizational unit (OU). An OU is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.
See: organizationalUnit
smart constructor.
organizationalUnit :: OrganizationalUnit Source #
Creates a value of OrganizationalUnit
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ouARN
- The Amazon Resource Name (ARN) of this OU. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .ouName
- The friendly name of this OU. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.ouId
- The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that contains the OU) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
ouARN :: Lens' OrganizationalUnit (Maybe Text) Source #
The Amazon Resource Name (ARN) of this OU. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
ouName :: Lens' OrganizationalUnit (Maybe Text) Source #
The friendly name of this OU. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
ouId :: Lens' OrganizationalUnit (Maybe Text) Source #
The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that contains the OU) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
Parent
Contains information about either a root or an organizational unit (OU) that can contain OUs or accounts in an organization.
See: parent
smart constructor.
Creates a value of Parent
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pId
- The unique identifier (ID) of the parent entity. The regex pattern for a parent ID string requires one of the following: * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits. * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.pType
- The type of the parent entity.
pId :: Lens' Parent (Maybe Text) Source #
The unique identifier (ID) of the parent entity. The regex pattern for a parent ID string requires one of the following: * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits. * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
Policy
Contains rules to be applied to the affected accounts. Policies can be attached directly to accounts, or to roots and OUs to affect all accounts in those hierarchies.
See: policy
smart constructor.
Creates a value of Policy
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pContent
- The text content of the policy.pPolicySummary
- A structure that contains additional details about the policy.
pPolicySummary :: Lens' Policy (Maybe PolicySummary) Source #
A structure that contains additional details about the policy.
PolicySummary
data PolicySummary Source #
Contains information about a policy, but does not include the content. To see the content of a policy, see DescribePolicy
.
See: policySummary
smart constructor.
policySummary :: PolicySummary Source #
Creates a value of PolicySummary
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
psARN
- The Amazon Resource Name (ARN) of the policy. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .psName
- The friendly name of the policy. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.psId
- The unique identifier (ID) of the policy. The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lower-case letters or digits.psAWSManaged
- A boolean value that indicates whether the specified policy is an AWS managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.psType
- The type of policy.psDescription
- The description of the policy.
psARN :: Lens' PolicySummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the policy. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
psName :: Lens' PolicySummary (Maybe Text) Source #
The friendly name of the policy. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
psId :: Lens' PolicySummary (Maybe Text) Source #
The unique identifier (ID) of the policy. The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lower-case letters or digits.
psAWSManaged :: Lens' PolicySummary (Maybe Bool) Source #
A boolean value that indicates whether the specified policy is an AWS managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.
psType :: Lens' PolicySummary (Maybe PolicyType) Source #
The type of policy.
psDescription :: Lens' PolicySummary (Maybe Text) Source #
The description of the policy.
PolicyTargetSummary
data PolicyTargetSummary Source #
Contains information about a root, OU, or account that a policy is attached to.
See: policyTargetSummary
smart constructor.
policyTargetSummary :: PolicyTargetSummary Source #
Creates a value of PolicyTargetSummary
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
polTargetId
- The unique identifier (ID) of the policy target. The regex pattern for a target ID string requires one of the following: * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits. * Account: a string that consists of exactly 12 digits. * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.polARN
- The Amazon Resource Name (ARN) of the policy target. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .polName
- The friendly name of the policy target. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.polType
- The type of the policy target.
polTargetId :: Lens' PolicyTargetSummary (Maybe Text) Source #
The unique identifier (ID) of the policy target. The regex pattern for a target ID string requires one of the following: * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits. * Account: a string that consists of exactly 12 digits. * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
polARN :: Lens' PolicyTargetSummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the policy target. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
polName :: Lens' PolicyTargetSummary (Maybe Text) Source #
The friendly name of the policy target. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
polType :: Lens' PolicyTargetSummary (Maybe TargetType) Source #
The type of the policy target.
PolicyTypeSummary
data PolicyTypeSummary Source #
Contains information about a policy type and its status in the associated root.
See: policyTypeSummary
smart constructor.
policyTypeSummary :: PolicyTypeSummary Source #
Creates a value of PolicyTypeSummary
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ptsStatus :: Lens' PolicyTypeSummary (Maybe PolicyTypeStatus) Source #
The status of the policy type as it relates to the associated root. To attach a policy of the specified type to a root or to an OU or account in that root, it must be available in the organization and enabled for that root.
ptsType :: Lens' PolicyTypeSummary (Maybe PolicyType) Source #
The name of the policy type.
Root
Contains details about a root. A root is a top-level parent node in the hierarchy of an organization that can contain organizational units (OUs) and accounts. Every root contains every AWS account in the organization. Each root enables the accounts to be organized in a different way and to have different policy types enabled for use in that root.
See: root
smart constructor.
Creates a value of Root
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rARN
- The Amazon Resource Name (ARN) of the root. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .rName
- The friendly name of the root. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.rId
- The unique identifier (ID) for the root. The regex pattern for a root ID string requires "r-" followed by from 4 to 32 lower-case letters or digits.rPolicyTypes
- The types of policies that are currently enabled for the root and therefore can be attached to the root or to its OUs or accounts.
rARN :: Lens' Root (Maybe Text) Source #
The Amazon Resource Name (ARN) of the root. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
rName :: Lens' Root (Maybe Text) Source #
The friendly name of the root. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
rId :: Lens' Root (Maybe Text) Source #
The unique identifier (ID) for the root. The regex pattern for a root ID string requires "r-" followed by from 4 to 32 lower-case letters or digits.
rPolicyTypes :: Lens' Root [PolicyTypeSummary] Source #
The types of policies that are currently enabled for the root and therefore can be attached to the root or to its OUs or accounts.