diff --git a/.changes/1.12.7.json b/.changes/1.12.7.json new file mode 100644 index 0000000000..aefff766f8 --- /dev/null +++ b/.changes/1.12.7.json @@ -0,0 +1,17 @@ +[ + { + "category": "``cloudwatch``", + "description": "Update cloudwatch client to latest version", + "type": "api-change" + }, + { + "category": "``s3``", + "description": "Update s3 client to latest version", + "type": "api-change" + }, + { + "category": "``organizations``", + "description": "Update organizations client to latest version", + "type": "api-change" + } +] \ No newline at end of file diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 609f80117a..f47d6fea75 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,14 @@ CHANGELOG ========= +1.12.7 +====== + +* api-change:``cloudwatch``: Update cloudwatch client to latest version +* api-change:``s3``: Update s3 client to latest version +* api-change:``organizations``: Update organizations client to latest version + + 1.12.6 ====== diff --git a/botocore/__init__.py b/botocore/__init__.py index 56f41074c9..f2013bdcee 100644 --- a/botocore/__init__.py +++ b/botocore/__init__.py @@ -16,7 +16,7 @@ import re import logging -__version__ = '1.12.6' +__version__ = '1.12.7' class NullHandler(logging.Handler): diff --git a/botocore/data/cloudwatch/2010-08-01/service-2.json b/botocore/data/cloudwatch/2010-08-01/service-2.json index aa6e54641a..212f4aa473 100644 --- a/botocore/data/cloudwatch/2010-08-01/service-2.json +++ b/botocore/data/cloudwatch/2010-08-01/service-2.json @@ -158,6 +158,19 @@ ], "documentation":"
Gets statistics for the specified metric.
The maximum number of data points returned from a single call is 1,440. If you request more than 1,440 data points, CloudWatch returns an error. To reduce the number of data points, you can narrow the specified time range and make multiple requests across adjacent time ranges, or you can increase the specified period. Data points are not returned in chronological order.
CloudWatch aggregates data points based on the length of the period that you specify. For example, if you request statistics with a one-hour period, CloudWatch aggregates all data points with time stamps that fall within each one-hour period. Therefore, the number of values aggregated by CloudWatch is larger than the number of data points returned.
CloudWatch needs raw data points to calculate percentile statistics. If you publish data using a statistic set instead, you can only retrieve percentile statistics for this data if one of the following conditions is true:
The SampleCount value of the statistic set is 1.
The Min and the Max values of the statistic set are equal.
Percentile statistics are not available for metrics when any of the metric values are negative numbers.
Amazon CloudWatch retains metric data as follows:
Data points with a period of less than 60 seconds are available for 3 hours. These data points are high-resolution metrics and are available only for custom metrics that have been defined with a StorageResolution
of 1.
Data points with a period of 60 seconds (1-minute) are available for 15 days.
Data points with a period of 300 seconds (5-minute) are available for 63 days.
Data points with a period of 3600 seconds (1 hour) are available for 455 days (15 months).
Data points that are initially published with a shorter period are aggregated together for long-term storage. For example, if you collect data using a period of 1 minute, the data remains available for 15 days with 1-minute resolution. After 15 days, this data is still available, but is aggregated and retrievable only with a resolution of 5 minutes. After 63 days, the data is further aggregated and is available with a resolution of 1 hour.
CloudWatch started retaining 5-minute and 1-hour metric data as of July 9, 2016.
For information about metrics and dimensions supported by AWS services, see the Amazon CloudWatch Metrics and Dimensions Reference in the Amazon CloudWatch User Guide.
" }, + "GetMetricWidgetImage":{ + "name":"GetMetricWidgetImage", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetMetricWidgetImageInput"}, + "output":{ + "shape":"GetMetricWidgetImageOutput", + "resultWrapper":"GetMetricWidgetImageResult" + }, + "documentation":"You can use the GetMetricWidgetImage
API to retrieve a snapshot graph of one or more Amazon CloudWatch metrics as a bitmap image. You can then embed this image into your services and products, such as wiki pages, reports, and documents. You could also retrieve images regularly, such as every minute, and create your own custom live dashboard.
The graph you retrieve can include all CloudWatch metric graph features, including metric math and horizontal and vertical annotations.
There is a limit of 20 transactions per second for this API. Each GetMetricWidgetImage
action has the following limits:
As many as 100 metrics in the graph.
Up to 100 KB uncompressed payload.
A JSON string that defines the bitmap graph to be retrieved. The string includes the metrics to include in the graph, statistics, annotations, title, axis limits, and so on. You can include only one MetricWidget
parameter in each GetMetricWidgetImage
call.
For more information about the syntax of MetricWidget
see CloudWatch-Metric-Widget-Structure.
If any metric on the graph could not load all the requested data points, an orange triangle with an exclamation point appears next to the graph legend.
" + }, + "OutputFormat":{ + "shape":"OutputFormat", + "documentation":"The format of the resulting image. Only PNG images are supported.
The default is png
. If you specify png
, the API returns an HTTP response with the content-type set to text/xml
. The image data is in a MetricWidgetImage
field. For example:
<GetMetricWidgetImageResponse xmlns=\"http://monitoring.amazonaws.com/doc/2010-08-01/\">
<GetMetricWidgetImageResult>
<MetricWidgetImage>
iVBORw0KGgoAAAANSUhEUgAAAlgAAAGQEAYAAAAip...
</MetricWidgetImage>
</GetMetricWidgetImageResult>
<ResponseMetadata>
<RequestId>6f0d4192-4d42-11e8-82c1-f539a07e0e3b</RequestId>
</ResponseMetadata>
</GetMetricWidgetImageResponse>
The image/png
setting is intended only for custom HTTP requests. For most use cases, and all actions using an AWS SDK, you should use png
. If you specify image/png
, the HTTP response has a content-type set to image/png
, and the body of the response is a PNG image.
The image of the graph, in the output format specified.
" + } + } + }, "HistoryData":{ "type":"string", "max":4095, @@ -1388,6 +1424,8 @@ }, "documentation":"This structure defines the metric to be returned, along with the statistics, period, and units.
" }, + "MetricWidget":{"type":"string"}, + "MetricWidgetImage":{"type":"blob"}, "Metrics":{ "type":"list", "member":{"shape":"Metric"} @@ -1420,6 +1458,7 @@ "max":1024, "min":0 }, + "OutputFormat":{"type":"string"}, "Period":{ "type":"integer", "min":1 diff --git a/botocore/data/organizations/2016-11-28/service-2.json b/botocore/data/organizations/2016-11-28/service-2.json index 9adbd76f6c..3265dbdda6 100644 --- a/botocore/data/organizations/2016-11-28/service-2.json +++ b/botocore/data/organizations/2016-11-28/service-2.json @@ -10,7 +10,6 @@ "serviceId":"Organizations", "signatureVersion":"v4", "targetPrefix":"AWSOrganizationsV20161128", - "timestampFormat":"unixTimestamp", "uid":"organizations-2016-11-28" }, "operations":{ @@ -35,7 +34,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"AccessDeniedForDependencyException"} ], - "documentation":"Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request.
This operation can be called only by the following principals when they also have the relevant IAM permissions:
Invitation to join or Approve all features request handshakes: only a principal from the member account.
The user who calls the API for an invitation to join must have the organizations:AcceptHandshake
permission. If you enabled all features in the organization, then the user must also have the iam:CreateServiceLinkedRole
permission so that Organizations can create the required service-linked role named OrgsServiceLinkedRoleName. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
Enable all features final confirmation handshake: only a principal from the master account.
For more information about invitations, see Inviting an AWS Account to Join Your Organization in the AWS Organizations User Guide. For more information about requests to enable all features in the organization, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
After you accept a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that it is deleted.
" + "documentation":"Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request.
This operation can be called only by the following principals when they also have the relevant IAM permissions:
Invitation to join or Approve all features request handshakes: only a principal from the member account.
The user who calls the API for an invitation to join must have the organizations:AcceptHandshake
permission. If you enabled all features in the organization, then the user must also have the iam:CreateServiceLinkedRole
permission so that Organizations can create the required service-linked role named AWSServiceRoleForOrganizations. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
Enable all features final confirmation handshake: only a principal from the master account.
For more information about invitations, see Inviting an AWS Account to Join Your Organization in the AWS Organizations User Guide. For more information about requests to enable all features in the organization, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
After you accept a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that it is deleted.
" }, "AttachPolicy":{ "name":"AttachPolicy", @@ -97,7 +96,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Creates an AWS account that is automatically a member of the organization whose credentials made the request. This is an asynchronous request that AWS performs in the background. If you want to check the status of the request later, you need the OperationId
response element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation.
The user who calls the API for an invitation to join must have the organizations:CreateAccount
permission. If you enabled all features in the organization, then the user must also have the iam:CreateServiceLinkedRole
permission so that Organizations can create the required service-linked role named OrgsServiceLinkedRoleName. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
The user in the master account who calls this API must also have the iam:CreateRole
permission because AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole
by default) that grants users in the master account administrator permissions in the new member account. Principals in the master account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's master account.
This operation can be called only from the organization's master account.
For more information about creating accounts, see Creating an AWS Account in Your Organization in the AWS Organizations User Guide.
When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account, such as a payment method and signing the End User Licence Agreement (EULA) is not automatically collected. If you must remove an account from your organization later, you can do so only after you provide the missing information. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
If you get an exception that indicates that you exceeded your account limits for the organization or that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists after an hour, then contact AWS Customer Support.
Because CreateAccount
operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account.
When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable this, then only the account root user can access billing information. For information about how to disable this for an account, see Granting Access to Your Billing Information and Tools.
Creates an AWS account that is automatically a member of the organization whose credentials made the request. This is an asynchronous request that AWS performs in the background. Because CreateAccount
operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
Use the OperationId
response element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation.
Check the AWS CloudTrail log for the CreateAccountResult
event. For information on using AWS CloudTrail with Organizations, see Monitoring the Activity in Your Organization in the AWS Organizations User Guide.
The user who calls the API to create an account must have the organizations:CreateAccount
permission. If you enabled all features in the organization, AWS Organizations will create the required service-linked role named AWSServiceRoleForOrganizations
. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole
by default) that grants users in the master account administrator permissions in the new member account. Principals in the master account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's master account.
This operation can be called only from the organization's master account.
For more information about creating accounts, see Creating an AWS Account in Your Organization in the AWS Organizations User Guide.
When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account, such as a payment method and signing the end user license agreement (EULA) is not automatically collected. If you must remove an account from your organization later, you can do so only after you provide the missing information. Follow the steps at To leave an organization as a member account in the AWS Organizations User Guide.
If you get an exception that indicates that you exceeded your account limits for the organization, contact AWS Support.
If you get an exception that indicates that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists, contact AWS Support.
When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable it, only the account root user can access billing information. For information about how to disable this switch for an account, see Granting Access to Your Billing Information and Tools.
Deletes the organization. You can delete an organization only by using credentials from the master account. The organization must be empty of member accounts, organizational units (OUs), and policies.
" + "documentation":"Deletes the organization. You can delete an organization only by using credentials from the master account. The organization must be empty of member accounts.
" }, "DeleteOrganizationalUnit":{ "name":"DeleteOrganizationalUnit", @@ -473,6 +472,7 @@ "errors":[ {"shape":"AccessDeniedException"}, {"shape":"AWSOrganizationsNotInUseException"}, + {"shape":"AccountOwnerNotVerifiedException"}, {"shape":"ConcurrentModificationException"}, {"shape":"HandshakeConstraintViolationException"}, {"shape":"DuplicateHandshakeException"}, @@ -821,7 +821,7 @@ "members":{ "Message":{"shape":"ExceptionMessage"} }, - "documentation":"Your account is not a member of an organization. To make this request, you must use the credentials of an account that belongs to an organization.
", + "documentation":"Your account isn't a member of an organization. To make this request, you must use the credentials of an account that belongs to an organization.
", "exception":true }, "AcceptHandshakeRequest":{ @@ -857,7 +857,7 @@ "Message":{"shape":"ExceptionMessage"}, "Reason":{"shape":"AccessDeniedForDependencyExceptionReason"} }, - "documentation":"The operation you attempted requires you to have the iam:CreateServiceLinkedRole
so that Organizations can create the required service-linked role. You do not have that permission.
The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
so that AWS Organizations can create the required service-linked role. You don't have that permission.
We can't find an AWS account with the AccountId that you specified, or the account whose credentials you used to make this request is not a member of an organization.
", + "documentation":" We can't find an AWS account with the AccountId
that you specified, or the account whose credentials you used to make this request isn't a member of an organization.
You can't invite an existing account to your organization until you verify that you own the email address associated with the master account. For more information, see Email Address Verification in the AWS Organizations User Guide.
", "exception":true }, "AccountStatus":{ @@ -1015,7 +1024,7 @@ "members":{ "Message":{"shape":"ExceptionMessage"} }, - "documentation":"We can't find an organizational unit (OU) or AWS account with the ChildId that you specified.
", + "documentation":"We can't find an organizational unit (OU) or AWS account with the ChildId
that you specified.
Performing this operation violates a minimum or maximum value limit. For example, attempting to removing the last SCP from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation:
ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. If you need more accounts, contact AWS Support to request an increase in your limit.
Or, The number of invitations that you tried to send would cause you to exceed the limit of accounts in your organization. Send fewer invitations, or contact AWS Support to request an increase in the number of accounts.
Note: deleted and closed accounts still count toward your limit.
If you get receive this exception when running a command immediately after creating the organization, wait one hour and try again. If after an hour it continues to fail with this error, contact AWS Customer Support.
HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes you can send in one day.
OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational units you can have in an organization.
OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit tree that is too many levels deep.
ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the organization to be configured to support all features. An organization that supports consolidated billing features only cannot perform this operation.
POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of policies that you can have in an organization.
MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain type that can be attached to an entity at one time.
MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would cause the entity to have fewer than the minimum number of policies of a certain type required.
ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that does not yet have enough information to exist as a stand-alone account. This account requires you to first agree to the AWS Customer Agreement. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization that does not yet have enough information to exist as a stand-alone account. This account requires you to first complete phone verification. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this account, you first must associate a payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you first must associate a payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create in one day.
MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first must migrate the organization's master account to the marketplace that corresponds to the master account's address. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be associated with the same marketplace.
MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide contact a valid address and phone number for the master account. Then try the operation again.
Performing this operation violates a minimum or maximum value limit. For example, attempting to removing the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit.
Some of the reasons in the following list might not be applicable to this specific API or operation:
ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. If you need more accounts, contactAWS Support to request an increase in your limit.
Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in your organization. Send fewer invitations or contact AWS Support to request an increase in the number of accounts.
Deleted and closed accounts still count toward your limit.
If you get receive this exception when running a command immediately after creating the organization, wait one hour and try again. If after an hour it continues to fail with this error, contact AWS Support.
HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.
OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the organization to be configured to support all features. An organization that supports only consolidated billing features can't perform this operation.
POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of policies that you can have in an organization.
MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain type that can be attached to an entity at one time.
MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would cause the entity to have fewer than the minimum number of policies of a certain type required.
ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't yet have enough information to exist as a standalone account. This account requires you to first agree to the AWS Customer Agreement. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization that doesn't yet have enough information to exist as a standalone account. This account requires you to first complete phone verification. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this master account, you first must associate a payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you first must associate a payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create in one day.
MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first must migrate the organization's master account to the marketplace that corresponds to the master account's address. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be associated with the same marketplace.
MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide contact a valid address and phone number for the master account. Then try the operation again.
The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. You cannot access the root user of the account or remove an account that was created with an invalid email address.
" + "documentation":"The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. You can't access the root user of the account or remove an account that was created with an invalid email address.
" }, "AccountName":{ "shape":"AccountName", @@ -1095,11 +1106,11 @@ }, "RoleName":{ "shape":"RoleName", - "documentation":"(Optional)
The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account.
If you do not specify this parameter, the role name defaults to OrganizationAccountAccessRole
.
For more information about how to use this role to access the member account, see Accessing and Administering the Member Accounts in Your Organization in the AWS Organizations User Guide, and steps 2 and 3 in Tutorial: Delegate Access Across AWS Accounts Using IAM Roles in the IAM User Guide.
The regex pattern that is used to validate this parameter is a string of characters that can consist of uppercase letters, lowercase letters, digits with no spaces, and any of the following characters: =,.@-
" + "documentation":"(Optional)
The name of an IAM role that AWS Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account.
If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole
.
For more information about how to use this role to access the member account, see Accessing and Administering the Member Accounts in Your Organization in the AWS Organizations User Guide, and steps 2 and 3 in Tutorial: Delegate Access Across AWS Accounts Using IAM Roles in the IAM User Guide.
The regex pattern that is used to validate this parameter is a string of characters that can consist of uppercase letters, lowercase letters, digits with no spaces, and any of the following characters: =,.@-
" }, "IamUserAccessToBilling":{ "shape":"IAMUserAccessToBilling", - "documentation":"If set to ALLOW
, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY
, then only the root user of the new account can access account billing information. For more information, see Activating Access to the Billing and Cost Management Console in the AWS Billing and Cost Management User Guide.
If you do not specify this parameter, the value defaults to ALLOW, and IAM users and roles with the required permissions can access billing information for the new account.
" + "documentation":"If set to ALLOW
, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY
, only the root user of the new account can access account billing information. For more information, see Activating Access to the Billing and Cost Management Console in the AWS Billing and Cost Management User Guide.
If you don't specify this parameter, the value defaults to ALLOW
, and IAM users and roles with the required permissions can access billing information for the new account.
A structure that contains details about the request to create an account. This response structure might not be fully populated when you first receive it because account creation is an asynchronous process. You can pass the returned CreateAccountStatus ID as a parameter to DescribeCreateAccountStatus
to get status about the progress of the request at later times.
A structure that contains details about the request to create an account. This response structure might not be fully populated when you first receive it because account creation is an asynchronous process. You can pass the returned CreateAccountStatus
ID as a parameter to DescribeCreateAccountStatus to get status about the progress of the request at later times. You can also check the AWS CloudTrail log for the CreateAccountResult
event. For more information, see Monitoring the Activity in Your Organization in the AWS Organizations User Guide.
We can't find an create account request with the CreateAccountRequestId that you specified.
", + "documentation":"We can't find an create account request with the CreateAccountRequestId
that you specified.
We can't find the destination container (a root or OU) with the ParentId that you specified.
", + "documentation":"We can't find the destination container (a root or OU) with the ParentId
that you specified.
An organizational unit (OU) with the same name already exists.
", + "documentation":"An OU with the same name already exists.
", "exception":true }, "DuplicatePolicyAttachmentException":{ @@ -1580,7 +1591,7 @@ "members":{ "Message":{"shape":"ExceptionMessage"} }, - "documentation":"AWS Organizations could not perform the operation because your organization has not finished initializing. This can take up to an hour. Try again later. If after one hour you continue to receive this error, contact AWS Customer Support.
", + "documentation":"AWS Organizations couldn't perform the operation because your organization hasn't finished initializing. This can take up to an hour. Try again later. If after one hour you continue to receive this error, contact AWS Support.
", "exception":true }, "GenericArn":{ @@ -1643,7 +1654,7 @@ "Message":{"shape":"ExceptionMessage"}, "Reason":{"shape":"HandshakeConstraintViolationExceptionReason"} }, - "documentation":"The requested operation would violate the constraint identified in the reason code.
Some of the reasons in the following list might not be applicable to this specific API or operation:
ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. Note: deleted and closed accounts still count toward your limit.
If you get this exception immediately after creating the organization, wait one hour and try again. If after an hour it continues to fail with this error, contact AWS Customer Support.
HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes you can send in one day.
ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a member of an organization.
ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has already enabled all features.
INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You cannot issue new invitations to join an organization while it is in the process of enabling all features. You can resume inviting accounts after you finalize the process when all accounts have agreed to the change.
PAYMENT_INSTRUMENT_REQUIRED: You cannot complete the operation with an account that does not have a payment instrument, such as a credit card, associated with it.
ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different marketplace than the accounts in the organization. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account too quickly after its previous change.
The requested operation would violate the constraint identified in the reason code.
Some of the reasons in the following list might not be applicable to this specific API or operation:
ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. Note that deleted and closed accounts still count toward your limit.
If you get this exception immediately after creating the organization, wait one hour and try again. If after an hour it continues to fail with this error, contact AWS Support.
HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.
ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a member of an organization.
ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has already enabled all features.
INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while it's in the process of enabling all features. You can resume inviting accounts after you finalize the process when all accounts have agreed to the change.
PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment instrument, such as a credit card, associated with it.
ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different marketplace than the accounts in the organization. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account too quickly after its previous change.
We can't find a handshake with the HandshakeId that you specified.
", + "documentation":"We can't find a handshake with the HandshakeId
that you specified.
You can't perform the operation on the handshake in its current state. For example, you can't cancel a handshake that was already accepted, or accept a handshake that was already declined.
", + "documentation":"You can't perform the operation on the handshake in its current state. For example, you can't cancel a handshake that was already accepted or accept a handshake that was already declined.
", "exception":true }, "InvalidInputException":{ @@ -1801,7 +1812,7 @@ "Message":{"shape":"ExceptionMessage"}, "Reason":{"shape":"InvalidInputExceptionReason"} }, - "documentation":"The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation:
IMMUTABLE_POLICY: You specified a policy that is managed by AWS and cannot be modified.
INPUT_REQUIRED: You must include a value for all required parameters.
INVALID_ENUM: You specified a value that is not valid for that parameter.
INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.
INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a previous call of the operation.
INVALID_PATTERN: You provided a value that doesn't match the required pattern.
INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
INVALID_ROLE_NAME: You provided a role name that is not valid. A role name can’t begin with the reserved prefix 'AWSServiceRoleFor'.
INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the organization.
INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation:
IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
INPUT_REQUIRED: You must include a value for all required parameters.
INVALID_ENUM: You specified a value that isn't valid for that parameter.
INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.
INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a previous call of the operation.
INVALID_PATTERN: You provided a value that doesn't match the required pattern.
INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved prefix AWSServiceRoleFor
.
INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the organization.
INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
The identifier (ID) of the AWS account that you want to invite to join your organization. This is a JSON object that contains the following elements:
{ \"Type\": \"ACCOUNT\", \"Id\": \"< account id number >\" }
If you use the AWS CLI, you can submit this as a single string, similar to the following example:
--target Id=123456789012,Type=ACCOUNT
If you specify \"Type\": \"ACCOUNT\"
, then you must provide the AWS account ID number as the Id
. If you specify \"Type\": \"EMAIL\"
, then you must specify the email address that is associated with the account.
--target Id=bill@example.com,Type=EMAIL
The identifier (ID) of the AWS account that you want to invite to join your organization. This is a JSON object that contains the following elements:
{ \"Type\": \"ACCOUNT\", \"Id\": \"< account id number >\" }
If you use the AWS CLI, you can submit this as a single string, similar to the following example:
--target Id=123456789012,Type=ACCOUNT
If you specify \"Type\": \"ACCOUNT\"
, then you must provide the AWS account ID number as the Id
. If you specify \"Type\": \"EMAIL\"
, then you must specify the email address that is associated with the account.
--target Id=diego@example.com,Type=EMAIL
(Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included per page in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included per page in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included per page in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included per page in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included per page in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included per page in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included per page in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included per page in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included per page in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included per page in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included per page in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included per page in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
(Optional) Use this to limit the number of results you want included per page in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken
response element is present and has a value (is not null). Include that value as the NextToken
request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken
after every operation to ensure that you receive all of the results.
The provided policy document does not meet the requirements of the specified policy type. For example, the syntax might be incorrect. For details about service control policy syntax, see Service Control Policy Syntax in the AWS Organizations User Guide.
", + "documentation":"The provided policy document doesn't meet the requirements of the specified policy type. For example, the syntax might be incorrect. For details about service control policy syntax, see Service Control Policy Syntax in the AWS Organizations User Guide.
", "exception":true }, "MasterCannotLeaveOrganizationException":{ @@ -2349,7 +2360,7 @@ "members":{ "Message":{"shape":"ExceptionMessage"} }, - "documentation":"The organization isn't empty. To delete an organization, you must first remove all accounts except the master account, delete all organizational units (OUs), and delete all policies.
", + "documentation":"The organization isn't empty. To delete an organization, you must first remove all accounts except the master account, delete all OUs, and delete all policies.
", "exception":true }, "OrganizationalUnit":{ @@ -2388,7 +2399,7 @@ "members":{ "Message":{"shape":"ExceptionMessage"} }, - "documentation":"The specified organizational unit (OU) is not empty. Move all accounts to another root or to other OUs, remove all child OUs, and then try the operation again.
", + "documentation":"The specified OU is not empty. Move all accounts to another root or to other OUs, remove all child OUs, and try the operation again.
", "exception":true }, "OrganizationalUnitNotFoundException":{ @@ -2396,7 +2407,7 @@ "members":{ "Message":{"shape":"ExceptionMessage"} }, - "documentation":"We can't find an organizational unit (OU) with the OrganizationalUnitId that you specified.
", + "documentation":"We can't find an OU with the OrganizationalUnitId
that you specified.
We can't find a root or organizational unit (OU) with the ParentId that you specified.
", + "documentation":"We can't find a root or OU with the ParentId
that you specified.
The policy is attached to one or more entities. You must detach it from all roots, organizational units (OUs), and accounts before performing this operation.
", + "documentation":"The policy is attached to one or more entities. You must detach it from all roots, OUs, and accounts before performing this operation.
", "exception":true }, "PolicyName":{ @@ -2501,7 +2512,7 @@ "members":{ "Message":{"shape":"ExceptionMessage"} }, - "documentation":"We can't find a policy with the PolicyId that you specified.
", + "documentation":"We can't find a policy with the PolicyId
that you specified.
You can't use the specified policy type with the feature set currently enabled for this organization. For example, you can enable service control policies (SCPs) only after you enable all features in the organization. For more information, see Enabling and Disabling a Policy Type on a Root in the AWS Organizations User Guide.
", + "documentation":"You can't use the specified policy type with the feature set currently enabled for this organization. For example, you can enable SCPs only after you enable all features in the organization. For more information, see Enabling and Disabling a Policy Type on a Root in the AWS Organizations User Guide.
", "exception":true }, "PolicyTypeNotEnabledException":{ @@ -2589,7 +2600,7 @@ "members":{ "Message":{"shape":"ExceptionMessage"} }, - "documentation":"The specified policy type is not currently enabled in this root. You cannot attach policies of the specified type to entities in a root until you enable that type in the root. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
", + "documentation":"The specified policy type isn't currently enabled in this root. You can't attach policies of the specified type to entities in a root until you enable that type in the root. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
", "exception":true }, "PolicyTypeStatus":{ @@ -2672,7 +2683,7 @@ "members":{ "Message":{"shape":"ExceptionMessage"} }, - "documentation":"We can't find a root with the RootId that you specified.
", + "documentation":"We can't find a root with the RootId
that you specified.
We can't find a source root or OU with the ParentId that you specified.
", + "documentation":"We can't find a source root or OU with the ParentId
that you specified.
We can't find a root, OU, or account with the TargetId that you specified.
", + "documentation":"We can't find a root, OU, or account with the TargetId
that you specified.
Creates a new replication configuration (or replaces an existing one, if present).
" + "documentation":"Creates a new replication configuration (or replaces an existing one, if present). For more information, see Cross-Region Replication (CRR) in the Amazon S3 Developer Guide.
" }, "PutBucketRequestPayment":{ "name":"PutBucketRequestPayment", @@ -2150,6 +2149,7 @@ "members":{ "Bucket":{ "shape":"BucketName", + "documentation":"Deletes the replication subresource associated with the specified bucket.
There is usually some time lag before replication configuration deletion is fully propagated to all the Amazon S3 systems.
For more information, see Cross-Region Replication (CRR) in the Amazon S3 Developer Guide.
", "location":"uri", "locationName":"Bucket" } @@ -2211,6 +2211,23 @@ } } }, + "DeleteMarkerReplication":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"DeleteMarkerReplicationStatus", + "documentation":"The status of the delete marker replication.
In the current implementation, Amazon S3 does not replicate the delete markers. Therefore, the status must be Disabled
.
Specifies whether Amazon S3 should replicate delete makers.
" + }, + "DeleteMarkerReplicationStatus":{ + "type":"string", + "enum":[ + "Enabled", + "Disabled" + ] + }, "DeleteMarkerVersionId":{"type":"string"}, "DeleteMarkers":{ "type":"list", @@ -2379,11 +2396,11 @@ "members":{ "Bucket":{ "shape":"BucketName", - "documentation":"Amazon resource name (ARN) of the bucket where you want Amazon S3 to store replicas of the object identified by the rule.
" + "documentation":"Amazon resource name (ARN) of the bucket where you want Amazon S3 to store replicas of the object identified by the rule.
If you have multiple rules in your replication configuration, all rules must specify the same bucket as the destination. A replication configuration can replicate objects only to one destination bucket.
" }, "Account":{ "shape":"AccountId", - "documentation":"Account ID of the destination bucket. Currently this is only being verified if Access Control Translation is enabled
" + "documentation":"Account ID of the destination bucket. Currently Amazon S3 verifies this value only if Access Control Translation is enabled.
In a cross-account scenario, if you tell Amazon S3 to change replica ownership to the AWS account that owns the destination bucket by adding the AccessControlTranslation
element, this is the account ID of the destination bucket owner.
Container for information regarding the access control for replicas.
" + "documentation":"Container for information regarding the access control for replicas.
Use only in a cross-account scenario, where source and destination bucket owners are not the same, when you want to change replica ownership to the AWS account that owns the destination bucket. If you don't add this element to the replication configuration, the replicas are owned by same AWS account that owns the source object.
" }, "EncryptionConfiguration":{ "shape":"EncryptionConfiguration", - "documentation":"Container for information regarding encryption based configuration for replicas.
" + "documentation":" Container that provides encryption-related information. You must specify this element if the SourceSelectionCriteria
is specified.
Container for replication destination information.
" @@ -2433,7 +2450,7 @@ "members":{ "ReplicaKmsKeyID":{ "shape":"ReplicaKmsKeyID", - "documentation":"The id of the KMS key used to encrypt the replica object.
" + "documentation":"The ID of the AWS KMS key for the region where the destination bucket resides. Amazon S3 uses this key to encrypt the replica object.
" } }, "documentation":"Container for information regarding encryption based configuration for replicas.
" @@ -5059,6 +5076,7 @@ }, "Policy":{"type":"string"}, "Prefix":{"type":"string"}, + "Priority":{"type":"integer"}, "Progress":{ "type":"structure", "members":{ @@ -6052,7 +6070,7 @@ }, "Rules":{ "shape":"ReplicationRules", - "documentation":"Container for information about a particular replication rule. Replication configuration must have at least one rule and can contain up to 1,000 rules.
", + "documentation":"Container for one or more replication rules. Replication configuration must have at least one rule and can contain up to 1,000 rules.
", "locationName":"Rule" } }, @@ -6061,7 +6079,6 @@ "ReplicationRule":{ "type":"structure", "required":[ - "Prefix", "Status", "Destination" ], @@ -6070,25 +6087,61 @@ "shape":"ID", "documentation":"Unique identifier for the rule. The value cannot be longer than 255 characters.
" }, + "Priority":{ + "shape":"Priority", + "documentation":"The priority associated with the rule. If you specify multiple rules in a replication configuration, then Amazon S3 applies rule priority in the event there are conflicts (two or more rules identify the same object based on filter specified). The rule with higher priority takes precedence. For example,
Same object quality prefix based filter criteria If prefixes you specified in multiple rules overlap.
Same object qualify tag based filter criteria specified in multiple rules
For more information, see Cross-Region Replication (CRR) in the Amazon S3 Developer Guide.
" + }, "Prefix":{ "shape":"Prefix", - "documentation":"Object keyname prefix identifying one or more objects to which the rule applies. Maximum prefix length can be up to 1,024 characters. Overlapping prefixes are not supported.
" + "documentation":"Object keyname prefix identifying one or more objects to which the rule applies. Maximum prefix length can be up to 1,024 characters.
", + "deprecated":true }, + "Filter":{"shape":"ReplicationRuleFilter"}, "Status":{ "shape":"ReplicationRuleStatus", "documentation":"The rule is ignored if status is not Enabled.
" }, "SourceSelectionCriteria":{ "shape":"SourceSelectionCriteria", - "documentation":"Container for filters that define which source objects should be replicated.
" + "documentation":"Container that describes additional filters in identifying source objects that you want to replicate. Currently, Amazon S3 supports only the filter that you can specify for objects created with server-side encryption using an AWS KMS-managed key. You can choose to enable or disable replication of these objects.
if you want Amazon S3 to replicate objects created with server-side encryption using AWS KMS-managed keys.
" }, "Destination":{ "shape":"Destination", "documentation":"Container for replication destination information.
" - } + }, + "DeleteMarkerReplication":{"shape":"DeleteMarkerReplication"} }, "documentation":"Container for information about a particular replication rule.
" }, + "ReplicationRuleAndOperator":{ + "type":"structure", + "members":{ + "Prefix":{"shape":"Prefix"}, + "Tags":{ + "shape":"TagSet", + "flattened":true, + "locationName":"Tag" + } + } + }, + "ReplicationRuleFilter":{ + "type":"structure", + "members":{ + "Prefix":{ + "shape":"Prefix", + "documentation":"Object keyname prefix that identifies subset of objects to which the rule applies.
" + }, + "Tag":{ + "shape":"Tag", + "documentation":"Container for specifying a tag key and value.
The rule applies only to objects having the tag in its tagset.
" + }, + "And":{ + "shape":"ReplicationRuleAndOperator", + "documentation":"Container for specifying rule filters. These filters determine the subset of objects to which the rule applies. The element is required only if you specify more than one filter. For example:
You specify both a Prefix
and a Tag
filters. Then you wrap these in an And
tag.
You specify filter based on multiple tags. Then you wrap the Tag
elements in an And
tag.
Filter that identifies subset of objects to which the replication rule applies. A Filter
must specify exactly one Prefix
, Tag
, or an And
child element.
Container for filter information of selection of KMS Encrypted S3 objects.
" + "documentation":" Container for filter information of selection of KMS Encrypted S3 objects. The element is required if you include SourceSelectionCriteria
in the replication configuration.
Container for filters that define which source objects should be replicated.
" diff --git a/botocore/data/secretsmanager/2017-10-17/service-2.sdk-extras.json b/botocore/data/secretsmanager/2017-10-17/service-2.sdk-extras.json new file mode 100644 index 0000000000..dc78f8922c --- /dev/null +++ b/botocore/data/secretsmanager/2017-10-17/service-2.sdk-extras.json @@ -0,0 +1,8 @@ +{ + "version": 1.0, + "merge": { + "metadata": { + "serviceId": "Secrets Manager" + } + } +} diff --git a/docs/source/conf.py b/docs/source/conf.py index c3e0d3d4f2..1c3d661f59 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -54,7 +54,7 @@ # The short X.Y version. version = '1.12' # The full version, including alpha/beta/rc tags. -release = '1.12.6' +release = '1.12.7' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages.