Permalink
Fetching contributors…
Cannot retrieve contributors at this time
14343 lines (13199 sloc) 585 KB
// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
package organizations
import (
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awsutil"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/private/protocol"
"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
)
const opAcceptHandshake = "AcceptHandshake"
// AcceptHandshakeRequest generates a "aws/request.Request" representing the
// client's request for the AcceptHandshake operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See AcceptHandshake for more information on using the AcceptHandshake
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the AcceptHandshakeRequest method.
// req, resp := client.AcceptHandshakeRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake
func (c *Organizations) AcceptHandshakeRequest(input *AcceptHandshakeInput) (req *request.Request, output *AcceptHandshakeOutput) {
op := &request.Operation{
Name: opAcceptHandshake,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &AcceptHandshakeInput{}
}
output = &AcceptHandshakeOutput{}
req = c.newRequest(op, input, output)
return
}
// AcceptHandshake API operation for AWS Organizations.
//
// Sends a response to the originator of a handshake agreeing to the action
// proposed by the handshake request.
//
// This operation can be called only by the following principals when they also
// have the relevant IAM permissions:
//
// * Invitation to join or Approve all features request handshakes: only
// a principal from the member account.
//
// The user who calls the API for an invitation to join must have the organizations:AcceptHandshake
// permission. If you enabled all features in the organization, then the
// user must also have the iam:CreateServiceLinkedRole permission so that
// Organizations can create the required service-linked role named AWSServiceRoleForOrganizations.
// For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integration_service-linked-roles)
// in the AWS Organizations User Guide.
//
// * Enable all features final confirmation handshake: only a principal from
// the master account.
//
// For more information about invitations, see Inviting an AWS Account to Join
// Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html)
// in the AWS Organizations User Guide. For more information about requests
// to enable all features in the organization, see Enabling All Features
// in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
// in the AWS Organizations User Guide.
//
// After you accept a handshake, it continues to appear in the results of relevant
// APIs for only 30 days. After that it is deleted.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation AcceptHandshake for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// * ErrCodeHandshakeConstraintViolationException "HandshakeConstraintViolationException"
// The requested operation would violate the constraint identified in the reason
// code.
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. Note that deleted and closed
// accounts still count toward your limit.
//
// If you get this exception immediately after creating the organization, wait
// one hour and try again. If after an hour it continues to fail with this
// error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
//
// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
// the invited account is already a member of an organization.
//
// * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
// because the organization has already enabled all features.
//
// * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
// to join an organization while it's in the process of enabling all features.
// You can resume inviting accounts after you finalize the process when all
// accounts have agreed to the change.
//
// * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
// account that doesn't have a payment instrument, such as a credit card,
// associated with it.
//
// * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
// the account is from a different marketplace than the accounts in the organization.
// For example, accounts with India addresses must be associated with the
// AISPL marketplace. All accounts in an organization must be from the same
// marketplace.
//
// * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
// change the membership of an account too quickly after its previous change.
//
// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException"
// We can't find a handshake with the HandshakeId that you specified.
//
// * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException"
// You can't perform the operation on the handshake in its current state. For
// example, you can't cancel a handshake that was already accepted or accept
// a handshake that was already declined.
//
// * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException"
// The specified handshake is already in the requested state. For example, you
// can't accept a handshake that was already accepted.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodeConcurrentModificationException "ConcurrentModificationException"
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// * ErrCodeAccessDeniedForDependencyException "AccessDeniedForDependencyException"
// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
// so that AWS Organizations can create the required service-linked role. You
// don't have that permission.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake
func (c *Organizations) AcceptHandshake(input *AcceptHandshakeInput) (*AcceptHandshakeOutput, error) {
req, out := c.AcceptHandshakeRequest(input)
return out, req.Send()
}
// AcceptHandshakeWithContext is the same as AcceptHandshake with the addition of
// the ability to pass a context and additional request options.
//
// See AcceptHandshake for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) AcceptHandshakeWithContext(ctx aws.Context, input *AcceptHandshakeInput, opts ...request.Option) (*AcceptHandshakeOutput, error) {
req, out := c.AcceptHandshakeRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opAttachPolicy = "AttachPolicy"
// AttachPolicyRequest generates a "aws/request.Request" representing the
// client's request for the AttachPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See AttachPolicy for more information on using the AttachPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the AttachPolicyRequest method.
// req, resp := client.AttachPolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy
func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *request.Request, output *AttachPolicyOutput) {
op := &request.Operation{
Name: opAttachPolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &AttachPolicyInput{}
}
output = &AttachPolicyOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
return
}
// AttachPolicy API operation for AWS Organizations.
//
// Attaches a policy to a root, an organizational unit (OU), or an individual
// account. How the policy affects accounts depends on the type of policy:
//
// * Service control policy (SCP) - An SCP specifies what permissions can
// be delegated to users in affected member accounts. The scope of influence
// for a policy depends on what you attach the policy to:
//
// If you attach an SCP to a root, it affects all accounts in the organization.
//
// If you attach an SCP to an OU, it affects all accounts in that OU and in
// any child OUs.
//
// If you attach the policy directly to an account, then it affects only that
// account.
//
// SCPs essentially are permission "filters". When you attach one SCP to a higher
// level root or OU, and you also attach a different SCP to a child OU or
// to an account, the child policy can further restrict only the permissions
// that pass through the parent filter and are available to the child. An
// SCP that is attached to a child cannot grant a permission that is not
// already granted by the parent. For example, imagine that the parent SCP
// allows permissions A, B, C, D, and E. The child SCP allows C, D, E, F,
// and G. The result is that the accounts affected by the child SCP are allowed
// to use only C, D, and E. They cannot use A or B because they were filtered
// out by the child OU. They also cannot use F and G because they were filtered
// out by the parent OU. They cannot be granted back by the child SCP; child
// SCPs can only filter the permissions they receive from the parent SCP.
//
// AWS Organizations attaches a default SCP named "FullAWSAccess to every root,
// OU, and account. This default SCP allows all services and actions, enabling
// any new child OU or account to inherit the permissions of the parent root
// or OU. If you detach the default policy, you must replace it with a policy
// that specifies the permissions that you want to allow in that OU or account.
//
// For more information about how Organizations policies permissions work, see
// Using Service Control Policies (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
// in the AWS Organizations User Guide.
//
// This operation can be called only from the organization's master account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation AttachPolicy for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// * ErrCodeConcurrentModificationException "ConcurrentModificationException"
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// * ErrCodeConstraintViolationException "ConstraintViolationException"
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to removing the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit.
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contactAWS Support (https://console.aws.amazon.com/support/home#/) to
// request an increase in your limit.
//
// Or the number of invitations that you tried to send would cause you to exceed
// the limit of accounts in your organization. Send fewer invitations or
// contact AWS Support to request an increase in the number of accounts.
//
// Deleted and closed accounts still count toward your limit.
//
// If you get receive this exception when running a command immediately after
// creating the organization, wait one hour and try again. If after an hour
// it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
//
// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
// policies that you can have in an organization.
//
// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
// from the organization that doesn't yet have enough information to exist
// as a standalone account. This account requires you to first agree to the
// AWS Customer Agreement. Follow the steps at To leave an organization when
// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at To leave an organization when
// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this master account, you first must associate a payment instrument,
// such as a credit card, with the account. Follow the steps at To leave
// an organization when all required account information has not yet been
// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a payment instrument,
// such as a credit card, with the account. Follow the steps at To leave
// an organization when all required account information has not yet been
// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's master
// account to the marketplace that corresponds to the master account's address.
// For example, accounts with India addresses must be associated with the
// AISPL marketplace. All accounts in an organization must be associated
// with the same marketplace.
//
// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide contact a valid address and phone number for the master
// account. Then try the operation again.
//
// * ErrCodeDuplicatePolicyAttachmentException "DuplicatePolicyAttachmentException"
// The selected policy is already attached to the specified target.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodePolicyNotFoundException "PolicyNotFoundException"
// We can't find a policy with the PolicyId that you specified.
//
// * ErrCodePolicyTypeNotEnabledException "PolicyTypeNotEnabledException"
// The specified policy type isn't currently enabled in this root. You can't
// attach policies of the specified type to entities in a root until you enable
// that type in the root. For more information, see Enabling All Features in
// Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
// in the AWS Organizations User Guide.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTargetNotFoundException "TargetNotFoundException"
// We can't find a root, OU, or account with the TargetId that you specified.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy
func (c *Organizations) AttachPolicy(input *AttachPolicyInput) (*AttachPolicyOutput, error) {
req, out := c.AttachPolicyRequest(input)
return out, req.Send()
}
// AttachPolicyWithContext is the same as AttachPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See AttachPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) AttachPolicyWithContext(ctx aws.Context, input *AttachPolicyInput, opts ...request.Option) (*AttachPolicyOutput, error) {
req, out := c.AttachPolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCancelHandshake = "CancelHandshake"
// CancelHandshakeRequest generates a "aws/request.Request" representing the
// client's request for the CancelHandshake operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CancelHandshake for more information on using the CancelHandshake
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the CancelHandshakeRequest method.
// req, resp := client.CancelHandshakeRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake
func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req *request.Request, output *CancelHandshakeOutput) {
op := &request.Operation{
Name: opCancelHandshake,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CancelHandshakeInput{}
}
output = &CancelHandshakeOutput{}
req = c.newRequest(op, input, output)
return
}
// CancelHandshake API operation for AWS Organizations.
//
// Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED.
//
// This operation can be called only from the account that originated the handshake.
// The recipient of the handshake can't cancel it, but can use DeclineHandshake
// instead. After a handshake is canceled, the recipient can no longer respond
// to that handshake.
//
// After you cancel a handshake, it continues to appear in the results of relevant
// APIs for only 30 days. After that it is deleted.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation CancelHandshake for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeConcurrentModificationException "ConcurrentModificationException"
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException"
// We can't find a handshake with the HandshakeId that you specified.
//
// * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException"
// You can't perform the operation on the handshake in its current state. For
// example, you can't cancel a handshake that was already accepted or accept
// a handshake that was already declined.
//
// * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException"
// The specified handshake is already in the requested state. For example, you
// can't accept a handshake that was already accepted.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake
func (c *Organizations) CancelHandshake(input *CancelHandshakeInput) (*CancelHandshakeOutput, error) {
req, out := c.CancelHandshakeRequest(input)
return out, req.Send()
}
// CancelHandshakeWithContext is the same as CancelHandshake with the addition of
// the ability to pass a context and additional request options.
//
// See CancelHandshake for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) CancelHandshakeWithContext(ctx aws.Context, input *CancelHandshakeInput, opts ...request.Option) (*CancelHandshakeOutput, error) {
req, out := c.CancelHandshakeRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCreateAccount = "CreateAccount"
// CreateAccountRequest generates a "aws/request.Request" representing the
// client's request for the CreateAccount operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateAccount for more information on using the CreateAccount
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the CreateAccountRequest method.
// req, resp := client.CreateAccountRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount
func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *request.Request, output *CreateAccountOutput) {
op := &request.Operation{
Name: opCreateAccount,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CreateAccountInput{}
}
output = &CreateAccountOutput{}
req = c.newRequest(op, input, output)
return
}
// CreateAccount API operation for AWS Organizations.
//
// Creates an AWS account that is automatically a member of the organization
// whose credentials made the request. This is an asynchronous request that
// AWS performs in the background. Because CreateAccount operates asynchronously,
// it can return a successful completion message even though account initialization
// might still be in progress. You might need to wait a few minutes before you
// can successfully access the account. To check the status of the request,
// do one of the following:
//
// * Use the OperationId response element from this operation to provide
// as a parameter to the DescribeCreateAccountStatus operation.
//
// * Check the AWS CloudTrail log for the CreateAccountResult event. For
// information on using AWS CloudTrail with Organizations, see Monitoring
// the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html)
// in the AWS Organizations User Guide.
//
// The user who calls the API to create an account must have the organizations:CreateAccountpermission. If you enabled all features in the organization, AWS Organizations
// will create the required service-linked role named AWSServiceRoleForOrganizations. For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs)in the AWS Organizations User Guide.
//
// AWS Organizations preconfigures the new member account with a role (named
// OrganizationAccountAccessRoleby default) that grants users in the master account administrator permissions
// in the new member account. Principals in the master account can assume the
// role. AWS Organizations clones the company name and address information for
// the new account from the organization's master account.
//
// This operation can be called only from the organization's master account.
//
// For more information about creating accounts, see Creating an AWS Account
// in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html)in the AWS Organizations User Guide.
//
// When you create an account in an organization using the AWS Organizations
// console, API, or CLI commands, the information required for the account to
// operate as a standalone account, such as a payment method and signing the
// end user license agreement (EULA) is not automatically collected. If you
// must remove an account from your organization later, you can do so only after
// you provide the missing information. Follow the steps at To leave an organization
// as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// If you get an exception that indicates that you exceeded your account limits
// for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/).
//
// If you get an exception that indicates that the operation failed because
// your organization is still initializing, wait one hour and then try again.
// If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/).
//
// When you create a member account with this operation, you can choose whether
// to create the account with the IAM User and Role Access to Billing Information
// switch enabled. If you enable it, IAM users and roles that have appropriate
// permissions can view billing information for the account. If you disable
// it, only the account root user can access billing information. For information
// about how to disable this switch for an account, see Granting Access to Your
// Billing Information and Tools (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation CreateAccount for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// * ErrCodeConcurrentModificationException "ConcurrentModificationException"
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// * ErrCodeConstraintViolationException "ConstraintViolationException"
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to removing the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit.
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contactAWS Support (https://console.aws.amazon.com/support/home#/) to
// request an increase in your limit.
//
// Or the number of invitations that you tried to send would cause you to exceed
// the limit of accounts in your organization. Send fewer invitations or
// contact AWS Support to request an increase in the number of accounts.
//
// Deleted and closed accounts still count toward your limit.
//
// If you get receive this exception when running a command immediately after
// creating the organization, wait one hour and try again. If after an hour
// it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
//
// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
// policies that you can have in an organization.
//
// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
// from the organization that doesn't yet have enough information to exist
// as a standalone account. This account requires you to first agree to the
// AWS Customer Agreement. Follow the steps at To leave an organization when
// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at To leave an organization when
// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this master account, you first must associate a payment instrument,
// such as a credit card, with the account. Follow the steps at To leave
// an organization when all required account information has not yet been
// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a payment instrument,
// such as a credit card, with the account. Follow the steps at To leave
// an organization when all required account information has not yet been
// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's master
// account to the marketplace that corresponds to the master account's address.
// For example, accounts with India addresses must be associated with the
// AISPL marketplace. All accounts in an organization must be associated
// with the same marketplace.
//
// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide contact a valid address and phone number for the master
// account. Then try the operation again.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodeFinalizingOrganizationException "FinalizingOrganizationException"
// AWS Organizations couldn't perform the operation because your organization
// hasn't finished initializing. This can take up to an hour. Try again later.
// If after one hour you continue to receive this error, contact AWS Support
// (https://console.aws.amazon.com/support/home#/).
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount
func (c *Organizations) CreateAccount(input *CreateAccountInput) (*CreateAccountOutput, error) {
req, out := c.CreateAccountRequest(input)
return out, req.Send()
}
// CreateAccountWithContext is the same as CreateAccount with the addition of
// the ability to pass a context and additional request options.
//
// See CreateAccount for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) CreateAccountWithContext(ctx aws.Context, input *CreateAccountInput, opts ...request.Option) (*CreateAccountOutput, error) {
req, out := c.CreateAccountRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCreateOrganization = "CreateOrganization"
// CreateOrganizationRequest generates a "aws/request.Request" representing the
// client's request for the CreateOrganization operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateOrganization for more information on using the CreateOrganization
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the CreateOrganizationRequest method.
// req, resp := client.CreateOrganizationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization
func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput) (req *request.Request, output *CreateOrganizationOutput) {
op := &request.Operation{
Name: opCreateOrganization,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CreateOrganizationInput{}
}
output = &CreateOrganizationOutput{}
req = c.newRequest(op, input, output)
return
}
// CreateOrganization API operation for AWS Organizations.
//
// Creates an AWS organization. The account whose user is calling the CreateOrganization
// operation automatically becomes the master account (http://docs.aws.amazon.com/IAM/latest/UserGuide/orgs_getting-started_concepts.html#account)
// of the new organization.
//
// This operation must be called using credentials from the account that is
// to become the new organization's master account. The principal must also
// have the relevant IAM permissions.
//
// By default (or if you set the FeatureSet parameter to ALL), the new organization
// is created with all features enabled and service control policies automatically
// enabled in the root. If you instead choose to create the organization supporting
// only the consolidated billing features by setting the FeatureSet parameter
// to CONSOLIDATED_BILLING", then no policy types are enabled by default and
// you cannot use organization policies.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation CreateOrganization for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeAlreadyInOrganizationException "AlreadyInOrganizationException"
// This account is already a member of an organization. An account can belong
// to only one organization at a time.
//
// * ErrCodeConcurrentModificationException "ConcurrentModificationException"
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// * ErrCodeConstraintViolationException "ConstraintViolationException"
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to removing the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit.
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contactAWS Support (https://console.aws.amazon.com/support/home#/) to
// request an increase in your limit.
//
// Or the number of invitations that you tried to send would cause you to exceed
// the limit of accounts in your organization. Send fewer invitations or
// contact AWS Support to request an increase in the number of accounts.
//
// Deleted and closed accounts still count toward your limit.
//
// If you get receive this exception when running a command immediately after
// creating the organization, wait one hour and try again. If after an hour
// it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
//
// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
// policies that you can have in an organization.
//
// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
// from the organization that doesn't yet have enough information to exist
// as a standalone account. This account requires you to first agree to the
// AWS Customer Agreement. Follow the steps at To leave an organization when
// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at To leave an organization when
// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this master account, you first must associate a payment instrument,
// such as a credit card, with the account. Follow the steps at To leave
// an organization when all required account information has not yet been
// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a payment instrument,
// such as a credit card, with the account. Follow the steps at To leave
// an organization when all required account information has not yet been
// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's master
// account to the marketplace that corresponds to the master account's address.
// For example, accounts with India addresses must be associated with the
// AISPL marketplace. All accounts in an organization must be associated
// with the same marketplace.
//
// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide contact a valid address and phone number for the master
// account. Then try the operation again.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// * ErrCodeAccessDeniedForDependencyException "AccessDeniedForDependencyException"
// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
// so that AWS Organizations can create the required service-linked role. You
// don't have that permission.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization
func (c *Organizations) CreateOrganization(input *CreateOrganizationInput) (*CreateOrganizationOutput, error) {
req, out := c.CreateOrganizationRequest(input)
return out, req.Send()
}
// CreateOrganizationWithContext is the same as CreateOrganization with the addition of
// the ability to pass a context and additional request options.
//
// See CreateOrganization for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) CreateOrganizationWithContext(ctx aws.Context, input *CreateOrganizationInput, opts ...request.Option) (*CreateOrganizationOutput, error) {
req, out := c.CreateOrganizationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCreateOrganizationalUnit = "CreateOrganizationalUnit"
// CreateOrganizationalUnitRequest generates a "aws/request.Request" representing the
// client's request for the CreateOrganizationalUnit operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateOrganizationalUnit for more information on using the CreateOrganizationalUnit
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the CreateOrganizationalUnitRequest method.
// req, resp := client.CreateOrganizationalUnitRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit
func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizationalUnitInput) (req *request.Request, output *CreateOrganizationalUnitOutput) {
op := &request.Operation{
Name: opCreateOrganizationalUnit,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CreateOrganizationalUnitInput{}
}
output = &CreateOrganizationalUnitOutput{}
req = c.newRequest(op, input, output)
return
}
// CreateOrganizationalUnit API operation for AWS Organizations.
//
// Creates an organizational unit (OU) within a root or parent OU. An OU is
// a container for accounts that enables you to organize your accounts to apply
// policies according to your business requirements. The number of levels deep
// that you can nest OUs is dependent upon the policy types enabled for that
// root. For service control policies, the limit is five.
//
// For more information about OUs, see Managing Organizational Units (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html)
// in the AWS Organizations User Guide.
//
// This operation can be called only from the organization's master account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation CreateOrganizationalUnit for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// * ErrCodeConcurrentModificationException "ConcurrentModificationException"
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// * ErrCodeConstraintViolationException "ConstraintViolationException"
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to removing the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit.
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contactAWS Support (https://console.aws.amazon.com/support/home#/) to
// request an increase in your limit.
//
// Or the number of invitations that you tried to send would cause you to exceed
// the limit of accounts in your organization. Send fewer invitations or
// contact AWS Support to request an increase in the number of accounts.
//
// Deleted and closed accounts still count toward your limit.
//
// If you get receive this exception when running a command immediately after
// creating the organization, wait one hour and try again. If after an hour
// it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
//
// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
// policies that you can have in an organization.
//
// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
// from the organization that doesn't yet have enough information to exist
// as a standalone account. This account requires you to first agree to the
// AWS Customer Agreement. Follow the steps at To leave an organization when
// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at To leave an organization when
// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this master account, you first must associate a payment instrument,
// such as a credit card, with the account. Follow the steps at To leave
// an organization when all required account information has not yet been
// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a payment instrument,
// such as a credit card, with the account. Follow the steps at To leave
// an organization when all required account information has not yet been
// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's master
// account to the marketplace that corresponds to the master account's address.
// For example, accounts with India addresses must be associated with the
// AISPL marketplace. All accounts in an organization must be associated
// with the same marketplace.
//
// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide contact a valid address and phone number for the master
// account. Then try the operation again.
//
// * ErrCodeDuplicateOrganizationalUnitException "DuplicateOrganizationalUnitException"
// An OU with the same name already exists.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodeParentNotFoundException "ParentNotFoundException"
// We can't find a root or OU with the ParentId that you specified.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit
func (c *Organizations) CreateOrganizationalUnit(input *CreateOrganizationalUnitInput) (*CreateOrganizationalUnitOutput, error) {
req, out := c.CreateOrganizationalUnitRequest(input)
return out, req.Send()
}
// CreateOrganizationalUnitWithContext is the same as CreateOrganizationalUnit with the addition of
// the ability to pass a context and additional request options.
//
// See CreateOrganizationalUnit for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) CreateOrganizationalUnitWithContext(ctx aws.Context, input *CreateOrganizationalUnitInput, opts ...request.Option) (*CreateOrganizationalUnitOutput, error) {
req, out := c.CreateOrganizationalUnitRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCreatePolicy = "CreatePolicy"
// CreatePolicyRequest generates a "aws/request.Request" representing the
// client's request for the CreatePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreatePolicy for more information on using the CreatePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the CreatePolicyRequest method.
// req, resp := client.CreatePolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy
func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) {
op := &request.Operation{
Name: opCreatePolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CreatePolicyInput{}
}
output = &CreatePolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// CreatePolicy API operation for AWS Organizations.
//
// Creates a policy of a specified type that you can attach to a root, an organizational
// unit (OU), or an individual AWS account.
//
// For more information about policies and their use, see Managing Organization
// Policies (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html).
//
// This operation can be called only from the organization's master account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation CreatePolicy for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// * ErrCodeConcurrentModificationException "ConcurrentModificationException"
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// * ErrCodeConstraintViolationException "ConstraintViolationException"
// Performing this operation violates a minimum or maximum value limit. For
// example, attempting to removing the last service control policy (SCP) from
// an OU or root, inviting or creating too many accounts to the organization,
// or attaching too many policies to an account, OU, or root. This exception
// includes a reason that contains additional information about the violated
// limit.
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
// the number of accounts in an organization. If you need more accounts,
// contactAWS Support (https://console.aws.amazon.com/support/home#/) to
// request an increase in your limit.
//
// Or the number of invitations that you tried to send would cause you to exceed
// the limit of accounts in your organization. Send fewer invitations or
// contact AWS Support to request an increase in the number of accounts.
//
// Deleted and closed accounts still count toward your limit.
//
// If you get receive this exception when running a command immediately after
// creating the organization, wait one hour and try again. If after an hour
// it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
//
// * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
// handshakes that you can send in one day.
//
// * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
// that you can have in an organization.
//
// * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
// too many levels deep.
//
// * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
// that requires the organization to be configured to support all features.
// An organization that supports only consolidated billing features can't
// perform this operation.
//
// * POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of
// policies that you can have in an organization.
//
// * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
// number of policies of a certain type that can be attached to an entity
// at one time.
//
// * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
// policy from an entity that would cause the entity to have fewer than the
// minimum number of policies of a certain type required.
//
// * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
// from the organization that doesn't yet have enough information to exist
// as a standalone account. This account requires you to first agree to the
// AWS Customer Agreement. Follow the steps at To leave an organization when
// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
// an account from the organization that doesn't yet have enough information
// to exist as a standalone account. This account requires you to first complete
// phone verification. Follow the steps at To leave an organization when
// all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
// with this master account, you first must associate a payment instrument,
// such as a credit card, with the account. Follow the steps at To leave
// an organization when all required account information has not yet been
// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
// with this member account, you first must associate a payment instrument,
// such as a credit card, with the account. Follow the steps at To leave
// an organization when all required account information has not yet been
// provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
// in the AWS Organizations User Guide.
//
// * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
// of accounts that you can create in one day.
//
// * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
// in this organization, you first must migrate the organization's master
// account to the marketplace that corresponds to the master account's address.
// For example, accounts with India addresses must be associated with the
// AISPL marketplace. All accounts in an organization must be associated
// with the same marketplace.
//
// * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
// must first provide contact a valid address and phone number for the master
// account. Then try the operation again.
//
// * ErrCodeDuplicatePolicyException "DuplicatePolicyException"
// A policy with the same name already exists.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException"
// The provided policy document doesn't meet the requirements of the specified
// policy type. For example, the syntax might be incorrect. For details about
// service control policy syntax, see Service Control Policy Syntax (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
// in the AWS Organizations User Guide.
//
// * ErrCodePolicyTypeNotAvailableForOrganizationException "PolicyTypeNotAvailableForOrganizationException"
// You can't use the specified policy type with the feature set currently enabled
// for this organization. For example, you can enable SCPs only after you enable
// all features in the organization. For more information, see Enabling and
// Disabling a Policy Type on a Root (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)
// in the AWS Organizations User Guide.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy
func (c *Organizations) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) {
req, out := c.CreatePolicyRequest(input)
return out, req.Send()
}
// CreatePolicyWithContext is the same as CreatePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See CreatePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error) {
req, out := c.CreatePolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeclineHandshake = "DeclineHandshake"
// DeclineHandshakeRequest generates a "aws/request.Request" representing the
// client's request for the DeclineHandshake operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeclineHandshake for more information on using the DeclineHandshake
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DeclineHandshakeRequest method.
// req, resp := client.DeclineHandshakeRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake
func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (req *request.Request, output *DeclineHandshakeOutput) {
op := &request.Operation{
Name: opDeclineHandshake,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeclineHandshakeInput{}
}
output = &DeclineHandshakeOutput{}
req = c.newRequest(op, input, output)
return
}
// DeclineHandshake API operation for AWS Organizations.
//
// Declines a handshake request. This sets the handshake state to DECLINED and
// effectively deactivates the request.
//
// This operation can be called only from the account that received the handshake.
// The originator of the handshake can use CancelHandshake instead. The originator
// can't reactivate a declined request, but can re-initiate the process with
// a new handshake request.
//
// After you decline a handshake, it continues to appear in the results of relevant
// APIs for only 30 days. After that it is deleted.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DeclineHandshake for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeConcurrentModificationException "ConcurrentModificationException"
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException"
// We can't find a handshake with the HandshakeId that you specified.
//
// * ErrCodeInvalidHandshakeTransitionException "InvalidHandshakeTransitionException"
// You can't perform the operation on the handshake in its current state. For
// example, you can't cancel a handshake that was already accepted or accept
// a handshake that was already declined.
//
// * ErrCodeHandshakeAlreadyInStateException "HandshakeAlreadyInStateException"
// The specified handshake is already in the requested state. For example, you
// can't accept a handshake that was already accepted.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake
func (c *Organizations) DeclineHandshake(input *DeclineHandshakeInput) (*DeclineHandshakeOutput, error) {
req, out := c.DeclineHandshakeRequest(input)
return out, req.Send()
}
// DeclineHandshakeWithContext is the same as DeclineHandshake with the addition of
// the ability to pass a context and additional request options.
//
// See DeclineHandshake for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DeclineHandshakeWithContext(ctx aws.Context, input *DeclineHandshakeInput, opts ...request.Option) (*DeclineHandshakeOutput, error) {
req, out := c.DeclineHandshakeRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeleteOrganization = "DeleteOrganization"
// DeleteOrganizationRequest generates a "aws/request.Request" representing the
// client's request for the DeleteOrganization operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteOrganization for more information on using the DeleteOrganization
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DeleteOrganizationRequest method.
// req, resp := client.DeleteOrganizationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization
func (c *Organizations) DeleteOrganizationRequest(input *DeleteOrganizationInput) (req *request.Request, output *DeleteOrganizationOutput) {
op := &request.Operation{
Name: opDeleteOrganization,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeleteOrganizationInput{}
}
output = &DeleteOrganizationOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
return
}
// DeleteOrganization API operation for AWS Organizations.
//
// Deletes the organization. You can delete an organization only by using credentials
// from the master account. The organization must be empty of member accounts.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DeleteOrganization for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// * ErrCodeConcurrentModificationException "ConcurrentModificationException"
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodeOrganizationNotEmptyException "OrganizationNotEmptyException"
// The organization isn't empty. To delete an organization, you must first remove
// all accounts except the master account, delete all OUs, and delete all policies.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization
func (c *Organizations) DeleteOrganization(input *DeleteOrganizationInput) (*DeleteOrganizationOutput, error) {
req, out := c.DeleteOrganizationRequest(input)
return out, req.Send()
}
// DeleteOrganizationWithContext is the same as DeleteOrganization with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteOrganization for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DeleteOrganizationWithContext(ctx aws.Context, input *DeleteOrganizationInput, opts ...request.Option) (*DeleteOrganizationOutput, error) {
req, out := c.DeleteOrganizationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeleteOrganizationalUnit = "DeleteOrganizationalUnit"
// DeleteOrganizationalUnitRequest generates a "aws/request.Request" representing the
// client's request for the DeleteOrganizationalUnit operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteOrganizationalUnit for more information on using the DeleteOrganizationalUnit
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DeleteOrganizationalUnitRequest method.
// req, resp := client.DeleteOrganizationalUnitRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit
func (c *Organizations) DeleteOrganizationalUnitRequest(input *DeleteOrganizationalUnitInput) (req *request.Request, output *DeleteOrganizationalUnitOutput) {
op := &request.Operation{
Name: opDeleteOrganizationalUnit,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeleteOrganizationalUnitInput{}
}
output = &DeleteOrganizationalUnitOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
return
}
// DeleteOrganizationalUnit API operation for AWS Organizations.
//
// Deletes an organizational unit (OU) from a root or another OU. You must first
// remove all accounts and child OUs from the OU that you want to delete.
//
// This operation can be called only from the organization's master account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DeleteOrganizationalUnit for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// * ErrCodeConcurrentModificationException "ConcurrentModificationException"
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodeOrganizationalUnitNotEmptyException "OrganizationalUnitNotEmptyException"
// The specified OU is not empty. Move all accounts to another root or to other
// OUs, remove all child OUs, and try the operation again.
//
// * ErrCodeOrganizationalUnitNotFoundException "OrganizationalUnitNotFoundException"
// We can't find an OU with the OrganizationalUnitId that you specified.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit
func (c *Organizations) DeleteOrganizationalUnit(input *DeleteOrganizationalUnitInput) (*DeleteOrganizationalUnitOutput, error) {
req, out := c.DeleteOrganizationalUnitRequest(input)
return out, req.Send()
}
// DeleteOrganizationalUnitWithContext is the same as DeleteOrganizationalUnit with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteOrganizationalUnit for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DeleteOrganizationalUnitWithContext(ctx aws.Context, input *DeleteOrganizationalUnitInput, opts ...request.Option) (*DeleteOrganizationalUnitOutput, error) {
req, out := c.DeleteOrganizationalUnitRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeletePolicy = "DeletePolicy"
// DeletePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeletePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeletePolicy for more information on using the DeletePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DeletePolicyRequest method.
// req, resp := client.DeletePolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy
func (c *Organizations) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) {
op := &request.Operation{
Name: opDeletePolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeletePolicyInput{}
}
output = &DeletePolicyOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Remove(jsonrpc.UnmarshalHandler)
req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler)
return
}
// DeletePolicy API operation for AWS Organizations.
//
// Deletes the specified policy from your organization. Before you perform this
// operation, you must first detach the policy from all organizational units
// (OUs), roots, and accounts.
//
// This operation can be called only from the organization's master account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DeletePolicy for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// * ErrCodeConcurrentModificationException "ConcurrentModificationException"
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodePolicyInUseException "PolicyInUseException"
// The policy is attached to one or more entities. You must detach it from all
// roots, OUs, and accounts before performing this operation.
//
// * ErrCodePolicyNotFoundException "PolicyNotFoundException"
// We can't find a policy with the PolicyId that you specified.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy
func (c *Organizations) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) {
req, out := c.DeletePolicyRequest(input)
return out, req.Send()
}
// DeletePolicyWithContext is the same as DeletePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DeletePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) {
req, out := c.DeletePolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeAccount = "DescribeAccount"
// DescribeAccountRequest generates a "aws/request.Request" representing the
// client's request for the DescribeAccount operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeAccount for more information on using the DescribeAccount
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DescribeAccountRequest method.
// req, resp := client.DescribeAccountRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount
func (c *Organizations) DescribeAccountRequest(input *DescribeAccountInput) (req *request.Request, output *DescribeAccountOutput) {
op := &request.Operation{
Name: opDescribeAccount,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeAccountInput{}
}
output = &DescribeAccountOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeAccount API operation for AWS Organizations.
//
// Retrieves Organizations-related information about the specified account.
//
// This operation can be called only from the organization's master account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DescribeAccount for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeAccountNotFoundException "AccountNotFoundException"
// We can't find an AWS account with the AccountId that you specified, or the
// account whose credentials you used to make this request isn't a member of
// an organization.
//
// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount
func (c *Organizations) DescribeAccount(input *DescribeAccountInput) (*DescribeAccountOutput, error) {
req, out := c.DescribeAccountRequest(input)
return out, req.Send()
}
// DescribeAccountWithContext is the same as DescribeAccount with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeAccount for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DescribeAccountWithContext(ctx aws.Context, input *DescribeAccountInput, opts ...request.Option) (*DescribeAccountOutput, error) {
req, out := c.DescribeAccountRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeCreateAccountStatus = "DescribeCreateAccountStatus"
// DescribeCreateAccountStatusRequest generates a "aws/request.Request" representing the
// client's request for the DescribeCreateAccountStatus operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeCreateAccountStatus for more information on using the DescribeCreateAccountStatus
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DescribeCreateAccountStatusRequest method.
// req, resp := client.DescribeCreateAccountStatusRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus
func (c *Organizations) DescribeCreateAccountStatusRequest(input *DescribeCreateAccountStatusInput) (req *request.Request, output *DescribeCreateAccountStatusOutput) {
op := &request.Operation{
Name: opDescribeCreateAccountStatus,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeCreateAccountStatusInput{}
}
output = &DescribeCreateAccountStatusOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeCreateAccountStatus API operation for AWS Organizations.
//
// Retrieves the current status of an asynchronous request to create an account.
//
// This operation can be called only from the organization's master account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DescribeCreateAccountStatus for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// * ErrCodeCreateAccountStatusNotFoundException "CreateAccountStatusNotFoundException"
// We can't find an create account request with the CreateAccountRequestId that
// you specified.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus
func (c *Organizations) DescribeCreateAccountStatus(input *DescribeCreateAccountStatusInput) (*DescribeCreateAccountStatusOutput, error) {
req, out := c.DescribeCreateAccountStatusRequest(input)
return out, req.Send()
}
// DescribeCreateAccountStatusWithContext is the same as DescribeCreateAccountStatus with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeCreateAccountStatus for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DescribeCreateAccountStatusWithContext(ctx aws.Context, input *DescribeCreateAccountStatusInput, opts ...request.Option) (*DescribeCreateAccountStatusOutput, error) {
req, out := c.DescribeCreateAccountStatusRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeHandshake = "DescribeHandshake"
// DescribeHandshakeRequest generates a "aws/request.Request" representing the
// client's request for the DescribeHandshake operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeHandshake for more information on using the DescribeHandshake
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DescribeHandshakeRequest method.
// req, resp := client.DescribeHandshakeRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake
func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) (req *request.Request, output *DescribeHandshakeOutput) {
op := &request.Operation{
Name: opDescribeHandshake,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeHandshakeInput{}
}
output = &DescribeHandshakeOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeHandshake API operation for AWS Organizations.
//
// Retrieves information about a previously requested handshake. The handshake
// ID comes from the response to the original InviteAccountToOrganization operation
// that generated the handshake.
//
// You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for only
// 30 days after they change to that state. They are then deleted and no longer
// accessible.
//
// This operation can be called from any account in the organization.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DescribeHandshake for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeConcurrentModificationException "ConcurrentModificationException"
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// * ErrCodeHandshakeNotFoundException "HandshakeNotFoundException"
// We can't find a handshake with the HandshakeId that you specified.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake
func (c *Organizations) DescribeHandshake(input *DescribeHandshakeInput) (*DescribeHandshakeOutput, error) {
req, out := c.DescribeHandshakeRequest(input)
return out, req.Send()
}
// DescribeHandshakeWithContext is the same as DescribeHandshake with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeHandshake for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DescribeHandshakeWithContext(ctx aws.Context, input *DescribeHandshakeInput, opts ...request.Option) (*DescribeHandshakeOutput, error) {
req, out := c.DescribeHandshakeRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeOrganization = "DescribeOrganization"
// DescribeOrganizationRequest generates a "aws/request.Request" representing the
// client's request for the DescribeOrganization operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeOrganization for more information on using the DescribeOrganization
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DescribeOrganizationRequest method.
// req, resp := client.DescribeOrganizationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization
func (c *Organizations) DescribeOrganizationRequest(input *DescribeOrganizationInput) (req *request.Request, output *DescribeOrganizationOutput) {
op := &request.Operation{
Name: opDescribeOrganization,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeOrganizationInput{}
}
output = &DescribeOrganizationOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeOrganization API operation for AWS Organizations.
//
// Retrieves information about the organization that the user's account belongs
// to.
//
// This operation can be called from any account in the organization.
//
// Even if a policy type is shown as available in the organization, it can be
// disabled separately at the root level with DisablePolicyType. Use ListRoots
// to see the status of policy types for a specified root.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DescribeOrganization for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// * ErrCodeConcurrentModificationException "ConcurrentModificationException"
// The target of the operation is currently being modified by a different request.
// Try again later.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization
func (c *Organizations) DescribeOrganization(input *DescribeOrganizationInput) (*DescribeOrganizationOutput, error) {
req, out := c.DescribeOrganizationRequest(input)
return out, req.Send()
}
// DescribeOrganizationWithContext is the same as DescribeOrganization with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeOrganization for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DescribeOrganizationWithContext(ctx aws.Context, input *DescribeOrganizationInput, opts ...request.Option) (*DescribeOrganizationOutput, error) {
req, out := c.DescribeOrganizationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeOrganizationalUnit = "DescribeOrganizationalUnit"
// DescribeOrganizationalUnitRequest generates a "aws/request.Request" representing the
// client's request for the DescribeOrganizationalUnit operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeOrganizationalUnit for more information on using the DescribeOrganizationalUnit
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DescribeOrganizationalUnitRequest method.
// req, resp := client.DescribeOrganizationalUnitRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit
func (c *Organizations) DescribeOrganizationalUnitRequest(input *DescribeOrganizationalUnitInput) (req *request.Request, output *DescribeOrganizationalUnitOutput) {
op := &request.Operation{
Name: opDescribeOrganizationalUnit,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeOrganizationalUnitInput{}
}
output = &DescribeOrganizationalUnitOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeOrganizationalUnit API operation for AWS Organizations.
//
// Retrieves information about an organizational unit (OU).
//
// This operation can be called only from the organization's master account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DescribeOrganizationalUnit for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one
// or more of the request parameters. This exception includes a reason that
// contains additional information about the violated limit:
//
// Some of the reasons in the following list might not be applicable to this
// specific API or operation:
//
// * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
// can't be modified.
//
// * INPUT_REQUIRED: You must include a value for all required parameters.
//
// * INVALID_ENUM: You specified a value that isn't valid for that parameter.
//
// * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
// characters.
//
// * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
// at least one invalid value.
//
// * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
// organization, or email) as a party.
//
// * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
// from the response to a previous call of the operation.
//
// * INVALID_PATTERN: You provided a value that doesn't match the required
// pattern.
//
// * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
// match the required pattern.
//
// * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
// name can't begin with the reserved prefix AWSServiceRoleFor.
//
// * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
// Name (ARN) for the organization.
//
// * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
//
// * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
// for the operation.
//
// * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
// than allowed.
//
// * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
// value than allowed.
//
// * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
// than allowed.
//
// * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
// value than allowed.
//
// * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
// between entities in the same root.
//
// * ErrCodeOrganizationalUnitNotFoundException "OrganizationalUnitNotFoundException"
// We can't find an OU with the OrganizationalUnitId that you specified.
//
// * ErrCodeServiceException "ServiceException"
// AWS Organizations can't complete your request because of an internal service
// error. Try again later.
//
// * ErrCodeTooManyRequestsException "TooManyRequestsException"
// You've sent too many requests in too short a period of time. The limit helps
// protect against denial-of-service attacks. Try again later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit
func (c *Organizations) DescribeOrganizationalUnit(input *DescribeOrganizationalUnitInput) (*DescribeOrganizationalUnitOutput, error) {
req, out := c.DescribeOrganizationalUnitRequest(input)
return out, req.Send()
}
// DescribeOrganizationalUnitWithContext is the same as DescribeOrganizationalUnit with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeOrganizationalUnit for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *Organizations) DescribeOrganizationalUnitWithContext(ctx aws.Context, input *DescribeOrganizationalUnitInput, opts ...request.Option) (*DescribeOrganizationalUnitOutput, error) {
req, out := c.DescribeOrganizationalUnitRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribePolicy = "DescribePolicy"
// DescribePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DescribePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribePolicy for more information on using the DescribePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the DescribePolicyRequest method.
// req, resp := client.DescribePolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy
func (c *Organizations) DescribePolicyRequest(input *DescribePolicyInput) (req *request.Request, output *DescribePolicyOutput) {
op := &request.Operation{
Name: opDescribePolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribePolicyInput{}
}
output = &DescribePolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribePolicy API operation for AWS Organizations.
//
// Retrieves information about a policy.
//
// This operation can be called only from the organization's master account.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Organizations's
// API operation DescribePolicy for usage and error information.
//
// Returned Error Codes:
// * ErrCodeAccessDeniedException "AccessDeniedException"
// You don't have permissions to perform the requested operation. The user or
// role that is making the request must have at least one IAM permissions policy
// attached that grants the required permissions. For more information, see
// Access Management (http://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
// in the IAM User Guide.
//
// * ErrCodeAWSOrganizationsNotInUseException "AWSOrganizationsNotInUseException"
// Your account isn't a member of an organization. To make this request, you
// must use the credentials of an account that belongs to an organization.
//
// * ErrCodeInvalidInputException "InvalidInputException"
// The requested operation failed because you provided invalid values for one