Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request.
This operation can be called only by the following principals when they also have the relevant IAM permissions:
Invitation to join or Approve all features request handshakes: only a principal from the member account.
The user who calls the API for an invitation to join must have the organizations:AcceptHandshake permission. If you enabled all features in the organization, the user must also have the iam:CreateServiceLinkedRole permission so that Organizations can create the required service-linked role named AWSServiceRoleForOrganizations. For more information, see Organizations and Service-Linked Roles in the Organizations User Guide.
Enable all features final confirmation handshake: only a principal from the management account.
For more information about invitations, see Inviting an Amazon Web Services account to join your organization in the Organizations User Guide. For more information about requests to enable all features in the organization, see Enabling all features in your organization in the Organizations User Guide.
After you accept a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
", "AttachPolicy": "Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:
This operation can be called only from the organization's management account.
", "CancelHandshake": "Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED.
This operation can be called only from the account that originated the handshake. The recipient of the handshake can't cancel it, but can use DeclineHandshake instead. After a handshake is canceled, the recipient can no longer respond to that handshake.
After you cancel a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
", - "CloseAccount": "Closes an Amazon Web Services account that is now a part of an Organizations, either created within the organization, or invited to join the organization.
", + "CloseAccount": "Closes an Amazon Web Services member account within an organization. You can't close the management account with this API. This is an asynchronous request that Amazon Web Services performs in the background. Because CloseAccount operates asynchronously, it can return a successful completion message even though account closure might still be in progress. You need to wait a few minutes before the account is fully closed. To check the status of the request, do one of the following:
Use the AccountId that you sent in the CloseAccount request to provide as a parameter to the DescribeAccount operation.
While the close account request is in progress, Account status will indicate PENDING_CLOSURE. When the close account request completes, the status will change to SUSPENDED.
Check the CloudTrail log for the CloseAccountResult event that gets published after the account closes successfully. For information on using CloudTrail with Organizations, see Logging and monitoring in Organizations in the Organizations User Guide.
You can only close 10% of active member accounts within a rolling 30 day period. This quota is not bound by a calendar month, but starts when you close an account. Within 30 days of that initial account closure, you can't exceed the 10% account closure limit.
To reinstate a closed account, contact Amazon Web Services Support within the 90-day grace period while the account is in SUSPENDED status.
If the Amazon Web Services account you attempt to close is linked to an Amazon Web Services GovCloud (US) account, the CloseAccount request will close both accounts. To learn important pre-closure details, see Closing an Amazon Web Services GovCloud (US) account in the Amazon Web Services GovCloud User Guide.
For more information about closing accounts, see Closing an Amazon Web Services account in the Organizations User Guide.
", "CreateAccount": "Creates an Amazon Web Services account that is automatically a member of the organization whose credentials made the request. This is an asynchronous request that Amazon Web Services performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
Use the Id member of the CreateAccountStatus response element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation.
Check the CloudTrail log for the CreateAccountResult event. For information on using CloudTrail with Organizations, see Logging and monitoring in Organizations in the Organizations User Guide.
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, Organizations creates the required service-linked role named AWSServiceRoleForOrganizations. For more information, see Organizations and Service-Linked Roles in the Organizations User Guide.
If the request includes tags, then the requester must have the organizations:TagResource permission.
Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. Organizations clones the company name and address information for the new account from the organization's management account.
This operation can be called only from the organization's management account.
For more information about creating accounts, see Creating an Amazon Web Services account in Your Organization in the Organizations User Guide.
When you create an account in an organization using the Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account, such as a payment method and signing the end user license agreement (EULA) is not automatically collected. If you must remove an account from your organization later, you can do so only after you provide the missing information. Follow the steps at To leave an organization as a member account in the Organizations User Guide.
If you get an exception that indicates that you exceeded your account limits for the organization, contact Amazon Web Services Support.
If you get an exception that indicates that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists, contact Amazon Web Services Support.
Using CreateAccount to create multiple temporary accounts isn't recommended. You can only close an account from the Billing and Cost Management console, and you must be signed in as the root user. For information on the requirements and process for closing an account, see Closing an Amazon Web Services account in the Organizations User Guide.
When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable it, only the account root user can access billing information. For information about how to disable this switch for an account, see Granting Access to Your Billing Information and Tools.
This action is available if all of the following are true:
You're authorized to create accounts in the Amazon Web Services GovCloud (US) Region. For more information on the Amazon Web Services GovCloud (US) Region, see the Amazon Web Services GovCloud User Guide.
You already have an account in the Amazon Web Services GovCloud (US) Region that is paired with a management account of an organization in the commercial Region.
You call this action from the management account of your organization in the commercial Region.
You have the organizations:CreateGovCloudAccount permission.
Organizations automatically creates the required service-linked role named AWSServiceRoleForOrganizations. For more information, see Organizations and Service-Linked Roles in the Organizations User Guide.
Amazon Web Services automatically enables CloudTrail for Amazon Web Services GovCloud (US) accounts, but you should also do the following:
Verify that CloudTrail is enabled to store logs.
Create an Amazon S3 bucket for CloudTrail log storage.
For more information, see Verifying CloudTrail Is Enabled in the Amazon Web Services GovCloud User Guide.
If the request includes tags, then the requester must have the organizations:TagResource permission. The tags are attached to the commercial account associated with the GovCloud account, rather than the GovCloud account itself. To add tags to the GovCloud account, call the TagResource operation in the GovCloud Region after the new GovCloud account exists.
You call this action from the management account of your organization in the commercial Region to create a standalone Amazon Web Services account in the Amazon Web Services GovCloud (US) Region. After the account is created, the management account of an organization in the Amazon Web Services GovCloud (US) Region can invite it to that organization. For more information on inviting standalone accounts in the Amazon Web Services GovCloud (US) to join an organization, see Organizations in the Amazon Web Services GovCloud User Guide.
Calling CreateGovCloudAccount is an asynchronous request that Amazon Web Services performs in the background. Because CreateGovCloudAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
Use the OperationId response element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation.
Check the CloudTrail log for the CreateAccountResult event. For information on using CloudTrail with Organizations, see Monitoring the Activity in Your Organization in the Organizations User Guide.
When you call the CreateGovCloudAccount action, you create two accounts: a standalone account in the Amazon Web Services GovCloud (US) Region and an associated account in the commercial Region for billing and support purposes. The account in the commercial Region is automatically a member of the organization whose credentials made the request. Both accounts are associated with the same email address.
A role is created in the new account in the commercial Region that allows the management account in the organization in the commercial Region to assume it. An Amazon Web Services GovCloud (US) account is then created and associated with the commercial account that you just created. A role is also created in the new Amazon Web Services GovCloud (US) account that can be assumed by the Amazon Web Services GovCloud (US) account that is associated with the management account of the commercial organization. For more information and to view a diagram that explains how account access works, see Organizations in the Amazon Web Services GovCloud User Guide.
For more information about creating accounts, see Creating an Amazon Web Services account in Your Organization in the Organizations User Guide.
When you create an account in an organization using the Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account is not automatically collected. This includes a payment method and signing the end user license agreement (EULA). If you must remove an account from your organization later, you can do so only after you provide the missing information. Follow the steps at To leave an organization as a member account in the Organizations User Guide.
If you get an exception that indicates that you exceeded your account limits for the organization, contact Amazon Web Services Support.
If you get an exception that indicates that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists, contact Amazon Web Services Support.
Using CreateGovCloudAccount to create multiple temporary accounts isn't recommended. You can only close an account from the Amazon Web Services Billing and Cost Management console, and you must be signed in as the root user. For information on the requirements and process for closing an account, see Closing an Amazon Web Services account in the Organizations User Guide.
When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable it, only the account root user can access billing information. For information about how to disable this switch for an account, see Granting Access to Your Billing Information and Tools.
Creates an Amazon Web Services organization. The account whose user is calling the CreateOrganization operation automatically becomes the management account of the new organization.
This operation must be called using credentials from the account that is to become the new organization's management account. The principal must also have the relevant IAM permissions.
By default (or if you set the FeatureSet parameter to ALL), the new organization is created with all features enabled and service control policies automatically enabled in the root. If you instead choose to create the organization supporting only the consolidated billing features by setting the FeatureSet parameter to CONSOLIDATED_BILLING\", no policy types are enabled by default, and you can't use organization policies
Performing this operation violates a minimum or maximum value limit. For example, attempting to remove the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation.
ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization. You can't remove the management account. Instead, after you remove all member accounts, delete the organization itself.
ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization that doesn't yet have enough information to exist as a standalone account. This account requires you to first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create in one day.
ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. If you need more accounts, contact Amazon Web Services Support to request an increase in your limit.
Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase in the number of accounts.
Deleted and closed accounts still count toward your limit.
If you get this exception when running a command immediately after creating the organization, wait one hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of the organization as a delegated administrator for an Amazon Web Services service integrated with Organizations. You can designate only a member account as a delegated administrator.
CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as a delegated administrator for a service integrated with your organization. To complete this operation, you must first deregister this account as a delegated administrator.
CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified region, you must enable all features mode.
DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account as a delegated administrator for an Amazon Web Services service that already has a delegated administrator. To complete this operation, you must first deregister any existing delegated administrators for this service.
EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time. You must resubmit the request and generate a new verfication code.
HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.
MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first must migrate the organization's management account to the marketplace that corresponds to the management account's address. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be associated with the same marketplace.
MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services /> Regions in China. To create an organization, the master must have a valid business license. For more information, contact customer support.
MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact address and phone number for the management account. Then try the operation again.
MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations in the Amazon Web Services GovCloud User Guide.
MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you first must associate a valid payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the Organizations User Guide.
MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated administrators than allowed for the service principal.
MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain type that can be attached to an entity at one time.
MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you first must associate a valid payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the Organizations User Guide.
MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would cause the entity to have fewer than the minimum number of policies of a certain type required.
ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the organization to be configured to support all features. An organization that supports only consolidated billing features can't perform this operation.
OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an organization.
SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled service access. Call the EnableAWSServiceAccess API first.
TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with the tag policy requirements for this account.
WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you can remove it from the organization. If you get an error that indicates that a wait period is required, try again in a few days.
Performing this operation violates a minimum or maximum value limit. For example, attempting to remove the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation.
ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization. You can't remove the management account. Instead, after you remove all member accounts, delete the organization itself.
ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization that doesn't yet have enough information to exist as a standalone account. This account requires you to first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create in one day.
ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. If you need more accounts, contact Amazon Web Services Support to request an increase in your limit.
Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase in the number of accounts.
Deleted and closed accounts still count toward your limit.
If you get this exception when running a command immediately after creating the organization, wait one hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of the organization as a delegated administrator for an Amazon Web Services service integrated with Organizations. You can designate only a member account as a delegated administrator.
CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management account for the organization, you must first either remove or close all member accounts in the organization. Follow standard account closure process using root credentials.
CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as a delegated administrator for a service integrated with your organization. To complete this operation, you must first deregister this account as a delegated administrator.
CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close at a time.
CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified region, you must enable all features mode.
DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account as a delegated administrator for an Amazon Web Services service that already has a delegated administrator. To complete this operation, you must first deregister any existing delegated administrators for this service.
EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time. You must resubmit the request and generate a new verfication code.
HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.
INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is associated with the account. Amazon Web Services does not support cards issued by financial institutions in Russia or Belarus. For more information, see Managing your Amazon Web Services payments.
MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first must migrate the organization's management account to the marketplace that corresponds to the management account's address. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be associated with the same marketplace.
MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services /> Regions in China. To create an organization, the master must have a valid business license. For more information, contact customer support.
MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact address and phone number for the management account. Then try the operation again.
MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations in the Amazon Web Services GovCloud User Guide.
MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you first must associate a valid payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the Organizations User Guide.
MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated administrators than allowed for the service principal.
MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain type that can be attached to an entity at one time.
MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you first must associate a valid payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the Organizations User Guide.
MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would cause the entity to have fewer than the minimum number of policies of a certain type required.
ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the organization to be configured to support all features. An organization that supports only consolidated billing features can't perform this operation.
OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an organization.
SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled service access. Call the EnableAWSServiceAccess API first.
TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with the tag policy requirements for this account.
WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you can remove it from the organization. If you get an error that indicates that a wait period is required, try again in a few days.
If the request failed, a description of the reason for the failure.
ACCOUNT_LIMIT_EXCEEDED: The account couldn't be created because you reached the limit on the number of accounts in your organization.
CONCURRENT_ACCOUNT_MODIFICATION: You already submitted a request with the same information.
EMAIL_ALREADY_EXISTS: The account could not be created because another Amazon Web Services account with that email address already exists.
FAILED_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization failed to receive business license validation.
GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the Amazon Web Services GovCloud (US) Region could not be created because this Region already includes an account with that email address.
IDENTITY_INVALID_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization can't complete business license validation because it doesn't have valid identity data.
INVALID_ADDRESS: The account could not be created because the address you provided is not valid.
INVALID_EMAIL: The account could not be created because the email address you provided is not valid.
INTERNAL_FAILURE: The account could not be created because of an internal failure. Try again later. If the problem persists, contact Amazon Web Services Customer Support.
MISSING_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization has not received Business Validation.
MISSING_PAYMENT_INSTRUMENT: You must configure the management account with a valid payment method, such as a credit card.
PENDING_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization is still in the process of completing business license validation.
UNKNOWN_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization has an unknown issue with business license validation.
If the request failed, a description of the reason for the failure.
ACCOUNT_LIMIT_EXCEEDED: The account couldn't be created because you reached the limit on the number of accounts in your organization.
CONCURRENT_ACCOUNT_MODIFICATION: You already submitted a request with the same information.
EMAIL_ALREADY_EXISTS: The account could not be created because another Amazon Web Services account with that email address already exists.
FAILED_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization failed to receive business license validation.
GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the Amazon Web Services GovCloud (US) Region could not be created because this Region already includes an account with that email address.
IDENTITY_INVALID_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization can't complete business license validation because it doesn't have valid identity data.
INVALID_ADDRESS: The account could not be created because the address you provided is not valid.
INVALID_EMAIL: The account could not be created because the email address you provided is not valid.
INVALID_PAYMENT_INSTRUMENT: The Amazon Web Services account that owns your organization does not have a supported payment method associated with the account. Amazon Web Services does not support cards issued by financial institutions in Russia or Belarus. For more information, see Managing your Amazon Web Services payments.
INTERNAL_FAILURE: The account could not be created because of an internal failure. Try again later. If the problem persists, contact Amazon Web Services Customer Support.
MISSING_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization has not received Business Validation.
MISSING_PAYMENT_INSTRUMENT: You must configure the management account with a valid payment method, such as a credit card.
PENDING_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization is still in the process of completing business license validation.
UNKNOWN_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization has an unknown issue with business license validation.
The friendly name of the member account.
", "CreateAccountStatus$AccountName": "The account name given to the account when it was created.
", - "CreateGovCloudAccountRequest$AccountName": "The friendly name of the member account.
" + "CreateGovCloudAccountRequest$AccountName": "The friendly name of the member account.
The account name can consist of only the characters [a-z],[A-Z],[0-9], hyphen (-), or dot (.) You can't separate characters with a dash (–).
" } }, "CreateAccountRequest": { diff --git a/apis/outposts/2019-12-03/api-2.json b/apis/outposts/2019-12-03/api-2.json index 2b1627b5903..9ca5f7d749b 100644 --- a/apis/outposts/2019-12-03/api-2.json +++ b/apis/outposts/2019-12-03/api-2.json @@ -199,6 +199,21 @@ {"shape":"InternalServerException"} ] }, + "ListAssets":{ + "name":"ListAssets", + "http":{ + "method":"GET", + "requestUri":"/outposts/{OutpostId}/assets" + }, + "input":{"shape":"ListAssetsInput"}, + "output":{"shape":"ListAssetsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"NotFoundException"}, + {"shape":"InternalServerException"} + ] + }, "ListCatalogItems":{ "name":"ListCatalogItems", "http":{ @@ -431,6 +446,29 @@ "max":1011, "pattern":"^(arn:aws([a-z-]+)?:outposts:[a-z\\d-]+:\\d{12}:([a-z\\d-]+)/)[a-z]{2,8}-[a-f0-9]{17}$" }, + "AssetId":{ + "type":"string", + "max":100, + "min":1, + "pattern":"^(\\w+)$" + }, + "AssetInfo":{ + "type":"structure", + "members":{ + "AssetId":{"shape":"AssetId"}, + "RackId":{"shape":"RackId"}, + "AssetType":{"shape":"AssetType"}, + "ComputeAttributes":{"shape":"ComputeAttributes"} + } + }, + "AssetListDefinition":{ + "type":"list", + "member":{"shape":"AssetInfo"} + }, + "AssetType":{ + "type":"string", + "enum":["COMPUTE"] + }, "AvailabilityZone":{ "type":"string", "max":1000, @@ -523,6 +561,12 @@ "type":"list", "member":{"shape":"City"} }, + "ComputeAttributes":{ + "type":"structure", + "members":{ + "HostId":{"shape":"HostId"} + } + }, "ConflictException":{ "type":"structure", "members":{ @@ -814,6 +858,16 @@ "Site":{"shape":"Site"} } }, + "HostId":{ + "type":"string", + "max":50, + "min":1, + "pattern":"^[A-Za-z0-9-]*$" + }, + "HostIdList":{ + "type":"list", + "member":{"shape":"HostId"} + }, "ISO8601Timestamp":{"type":"timestamp"}, "InstanceType":{"type":"string"}, "InstanceTypeItem":{ @@ -899,6 +953,39 @@ "key":{"shape":"LineItemStatus"}, "value":{"shape":"LineItemQuantity"} }, + "ListAssetsInput":{ + "type":"structure", + "required":["OutpostIdentifier"], + "members":{ + "OutpostIdentifier":{ + "shape":"OutpostIdentifier", + "location":"uri", + "locationName":"OutpostId" + }, + "HostIdFilter":{ + "shape":"HostIdList", + "location":"querystring", + "locationName":"HostIdFilter" + }, + "MaxResults":{ + "shape":"MaxResults1000", + "location":"querystring", + "locationName":"MaxResults" + }, + "NextToken":{ + "shape":"Token", + "location":"querystring", + "locationName":"NextToken" + } + } + }, + "ListAssetsOutput":{ + "type":"structure", + "members":{ + "Assets":{"shape":"AssetListDefinition"}, + "NextToken":{"shape":"Token"} + } + }, "ListCatalogItemsInput":{ "type":"structure", "members":{ @@ -1268,6 +1355,12 @@ ] }, "Quantity":{"type":"string"}, + "RackId":{ + "type":"string", + "max":20, + "min":5, + "pattern":"^[\\S \\n]+$" + }, "RackPhysicalProperties":{ "type":"structure", "members":{ diff --git a/apis/outposts/2019-12-03/docs-2.json b/apis/outposts/2019-12-03/docs-2.json index af1b049d2e0..7ebb5ad199e 100644 --- a/apis/outposts/2019-12-03/docs-2.json +++ b/apis/outposts/2019-12-03/docs-2.json @@ -11,13 +11,14 @@ "GetCatalogItem": "Gets information about a catalog item.
", "GetOrder": "Gets an order.
", "GetOutpost": "Gets information about the specified Outpost.
", - "GetOutpostInstanceTypes": "Lists the instance types for the specified Outpost.
", + "GetOutpostInstanceTypes": "Gets the instance types for the specified Outpost.
", "GetSite": "Gets information about the specified Outpost site.
", "GetSiteAddress": "Gets the site address.
", - "ListCatalogItems": "Use to create a list of every item in the catalog. Add filters to your request to return a more specific list of results. Use filters to match an item class, storage option, or EC2 family.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Create a list of the Outpost orders for your Amazon Web Services account. You can filter your request by Outpost to return a more specific list of results.
", - "ListOutposts": "Create a list of the Outposts for your Amazon Web Services account. Add filters to your request to return a more specific list of results. Use filters to match an Outpost lifecycle status, Availability Zone (us-east-1a), and AZ ID (use1-az1).
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Create a list of the Outpost sites for your Amazon Web Services account. Add operating address filters to your request to return a more specific list of results. Use filters to match site city, country code, or state/region of the operating address.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Lists the hardware assets in an Outpost. If you are using Dedicated Hosts on Amazon Web Services Outposts, you can filter your request by host ID to return a list of hardware assets that allocate resources for Dedicated Hosts.
", + "ListCatalogItems": "Lists the items in the catalog. Add filters to your request to return a more specific list of results. Use filters to match an item class, storage option, or EC2 family.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Lists the Outpost orders for your Amazon Web Services account. You can filter your request by Outpost to return a more specific list of results.
", + "ListOutposts": "Lists the Outposts for your Amazon Web Services account. Add filters to your request to return a more specific list of results. Use filters to match an Outpost lifecycle status, Availability Zone (us-east-1a), and AZ ID (use1-az1).
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Lists the Outpost sites for your Amazon Web Services account. Add operating address filters to your request to return a more specific list of results. Use filters to match site city, country code, or state/region of the operating address.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Lists the tags for the specified resource.
", "TagResource": "Adds tags to the specified resource.
", "UntagResource": "Removes tags from the specified resource.
", @@ -83,6 +84,30 @@ "UntagResourceRequest$ResourceArn": "The Amazon Resource Name (ARN) of the resource.
" } }, + "AssetId": { + "base": null, + "refs": { + "AssetInfo$AssetId": "The ID of the asset.
" + } + }, + "AssetInfo": { + "base": "Information about hardware assets.
", + "refs": { + "AssetListDefinition$member": null + } + }, + "AssetListDefinition": { + "base": null, + "refs": { + "ListAssetsOutput$Assets": "Information about hardware assets.
" + } + }, + "AssetType": { + "base": null, + "refs": { + "AssetInfo$AssetType": "The type of the asset.
" + } + }, "AvailabilityZone": { "base": "The Availability Zone.
", "refs": { @@ -178,6 +203,12 @@ "ListSitesInput$OperatingAddressCityFilter": "A filter for the city of the Outpost site.
Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
Information about compute hardware assets.
", + "refs": { + "AssetInfo$ComputeAttributes": "Information about compute hardware assets.
" + } + }, "ConflictException": { "base": "Updating or deleting this resource can cause an inconsistent state.
", "refs": { @@ -368,6 +399,19 @@ "refs": { } }, + "HostId": { + "base": null, + "refs": { + "ComputeAttributes$HostId": "The host ID of any Dedicated Hosts on the asset.
", + "HostIdList$member": null + } + }, + "HostIdList": { + "base": null, + "refs": { + "ListAssetsInput$HostIdFilter": "A filter for the host ID of Dedicated Hosts on the Outpost.
Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
The status of all line items in the order.
" } }, + "ListAssetsInput": { + "base": null, + "refs": { + } + }, + "ListAssetsOutput": { + "base": null, + "refs": { + } + }, "ListCatalogItemsInput": { "base": null, "refs": { @@ -518,6 +572,7 @@ "base": "The maximum page size.
", "refs": { "GetOutpostInstanceTypesInput$MaxResults": null, + "ListAssetsInput$MaxResults": null, "ListCatalogItemsInput$MaxResults": null, "ListOrdersInput$MaxResults": null, "ListOutpostsInput$MaxResults": null, @@ -642,6 +697,7 @@ "base": null, "refs": { "CreateOrderInput$OutpostIdentifier": "The ID or the Amazon Resource Name (ARN) of the Outpost.
", + "ListAssetsInput$OutpostIdentifier": "The ID or the Amazon Resource Name (ARN) of the Outpost.
", "ListOrdersInput$OutpostIdentifierFilter": "The ID or the Amazon Resource Name (ARN) of the Outpost.
" } }, @@ -712,6 +768,12 @@ "EC2Capacity$Quantity": "The quantity of the EC2 capacity.
" } }, + "RackId": { + "base": null, + "refs": { + "AssetInfo$RackId": "The rack ID of the asset.
" + } + }, "RackPhysicalProperties": { "base": "Information about the physical and logistical details for racks at sites. For more information about hardware requirements for racks, see Network readiness checklist in the Amazon Web Services Outposts User Guide.
", "refs": { @@ -893,6 +955,8 @@ "refs": { "GetOutpostInstanceTypesInput$NextToken": null, "GetOutpostInstanceTypesOutput$NextToken": null, + "ListAssetsInput$NextToken": null, + "ListAssetsOutput$NextToken": null, "ListCatalogItemsInput$NextToken": null, "ListCatalogItemsOutput$NextToken": null, "ListOrdersInput$NextToken": null, diff --git a/apis/outposts/2019-12-03/paginators-1.json b/apis/outposts/2019-12-03/paginators-1.json index 8c53cd893a6..2aef900bb5a 100644 --- a/apis/outposts/2019-12-03/paginators-1.json +++ b/apis/outposts/2019-12-03/paginators-1.json @@ -1,5 +1,15 @@ { "pagination": { + "GetOutpostInstanceTypes": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults" + }, + "ListAssets": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults" + }, "ListCatalogItems": { "input_token": "NextToken", "output_token": "NextToken", diff --git a/apis/synthetics/2017-10-11/api-2.json b/apis/synthetics/2017-10-11/api-2.json index 6d3eb64f124..db89cbddfd7 100644 --- a/apis/synthetics/2017-10-11/api-2.json +++ b/apis/synthetics/2017-10-11/api-2.json @@ -396,7 +396,20 @@ }, "CanaryStateReasonCode":{ "type":"string", - "enum":["INVALID_PERMISSIONS"] + "enum":[ + "INVALID_PERMISSIONS", + "CREATE_PENDING", + "CREATE_IN_PROGRESS", + "CREATE_FAILED", + "UPDATE_PENDING", + "UPDATE_IN_PROGRESS", + "UPDATE_COMPLETE", + "ROLLBACK_COMPLETE", + "ROLLBACK_FAILED", + "DELETE_IN_PROGRESS", + "DELETE_FAILED", + "SYNC_DELETE_IN_PROGRESS" + ] }, "CanaryStatus":{ "type":"structure", @@ -468,6 +481,11 @@ "shape":"CanaryName", "location":"uri", "locationName":"name" + }, + "DeleteLambda":{ + "shape":"boolean", + "location":"querystring", + "locationName":"deleteLambda" } } }, @@ -890,6 +908,7 @@ "SecurityGroupIds":{"shape":"SecurityGroupIds"} } }, - "VpcId":{"type":"string"} + "VpcId":{"type":"string"}, + "boolean":{"type":"boolean"} } } diff --git a/apis/synthetics/2017-10-11/docs-2.json b/apis/synthetics/2017-10-11/docs-2.json index b0d5f806296..305cdfcf75f 100644 --- a/apis/synthetics/2017-10-11/docs-2.json +++ b/apis/synthetics/2017-10-11/docs-2.json @@ -3,7 +3,7 @@ "service": "You can use Amazon CloudWatch Synthetics to continually monitor your services. You can create and manage canaries, which are modular, lightweight scripts that monitor your endpoints and APIs from the outside-in. You can set up your canaries to run 24 hours a day, once per minute. The canaries help you check the availability and latency of your web services and troubleshoot anomalies by investigating load time data, screenshots of the UI, logs, and metrics. The canaries seamlessly integrate with CloudWatch ServiceLens to help you trace the causes of impacted nodes in your applications. For more information, see Using ServiceLens to Monitor the Health of Your Applications in the Amazon CloudWatch User Guide.
Before you create and manage canaries, be aware of the security considerations. For more information, see Security Considerations for Synthetics Canaries.
", "operations": { "CreateCanary": "Creates a canary. Canaries are scripts that monitor your endpoints and APIs from the outside-in. Canaries help you check the availability and latency of your web services and troubleshoot anomalies by investigating load time data, screenshots of the UI, logs, and metrics. You can set up a canary to run continuously or just once.
Do not use CreateCanary to modify an existing canary. Use UpdateCanary instead.
To create canaries, you must have the CloudWatchSyntheticsFullAccess policy. If you are creating a new IAM role for the canary, you also need the the iam:CreateRole, iam:CreatePolicy and iam:AttachRolePolicy permissions. For more information, see Necessary Roles and Permissions.
Do not include secrets or proprietary information in your canary names. The canary name makes up part of the Amazon Resource Name (ARN) for the canary, and the ARN is included in outbound calls over the internet. For more information, see Security Considerations for Synthetics Canaries.
", - "DeleteCanary": "Permanently deletes the specified canary.
When you delete a canary, resources used and created by the canary are not automatically deleted. After you delete a canary that you do not intend to use again, you should also delete the following:
The Lambda functions and layers used by this canary. These have the prefix cwsyn-MyCanaryName .
The CloudWatch alarms created for this canary. These alarms have a name of Synthetics-SharpDrop-Alarm-MyCanaryName .
Amazon S3 objects and buckets, such as the canary's artifact location.
IAM roles created for the canary. If they were created in the console, these roles have the name role/service-role/CloudWatchSyntheticsRole-MyCanaryName .
CloudWatch Logs log groups created for the canary. These logs groups have the name /aws/lambda/cwsyn-MyCanaryName .
Before you delete a canary, you might want to use GetCanary to display the information about this canary. Make note of the information returned by this operation so that you can delete these resources after you delete the canary.
Permanently deletes the specified canary.
If you specify DeleteLambda to true, CloudWatch Synthetics also deletes the Lambda functions and layers that are used by the canary.
Other esources used and created by the canary are not automatically deleted. After you delete a canary that you do not intend to use again, you should also delete the following:
The CloudWatch alarms created for this canary. These alarms have a name of Synthetics-SharpDrop-Alarm-MyCanaryName .
Amazon S3 objects and buckets, such as the canary's artifact location.
IAM roles created for the canary. If they were created in the console, these roles have the name role/service-role/CloudWatchSyntheticsRole-MyCanaryName .
CloudWatch Logs log groups created for the canary. These logs groups have the name /aws/lambda/cwsyn-MyCanaryName .
Before you delete a canary, you might want to use GetCanary to display the information about this canary. Make note of the information returned by this operation so that you can delete these resources after you delete the canary.
This operation returns a list of the canaries in your account, along with full details about each canary.
This operation supports resource-level authorization using an IAM policy and the Names parameter. If you specify the Names parameter, the operation is successful only if you have authorization to view all the canaries that you specify in your request. If you do not have permission to view any of the canaries, the request fails with a 403 response.
You are required to use the Names parameter if you are logged on to a user or role that has an IAM policy that restricts which canaries that you are allowed to view. For more information, see Limiting a user to viewing specific canaries.
Use this operation to see information from the most recent run of each canary that you have created.
This operation supports resource-level authorization using an IAM policy and the Names parameter. If you specify the Names parameter, the operation is successful only if you have authorization to view all the canaries that you specify in your request. If you do not have permission to view any of the canaries, the request fails with a 403 response.
You are required to use the Names parameter if you are logged on to a user or role that has an IAM policy that restricts which canaries that you are allowed to view. For more information, see Limiting a user to viewing specific canaries.
Returns a list of Synthetics canary runtime versions. For more information, see Canary Runtime Versions.
", @@ -654,6 +654,12 @@ "refs": { "VpcConfigOutput$VpcId": "The IDs of the VPC where this canary is to run.
" } + }, + "boolean": { + "base": null, + "refs": { + "DeleteCanaryRequest$DeleteLambda": "Specifies whether to also delete the Lambda functions and layers used by this canary. The default is false.
Type: Boolean
" + } } } } diff --git a/gems/aws-partitions/CHANGELOG.md b/gems/aws-partitions/CHANGELOG.md index 5423eb76c9a..64cf3eed39a 100644 --- a/gems/aws-partitions/CHANGELOG.md +++ b/gems/aws-partitions/CHANGELOG.md @@ -1,6 +1,11 @@ Unreleased Changes ------------------ +1.582.0 (2022-05-02) +------------------ + +* Feature - Updated the partitions source data the determines the AWS service regions and endpoints. + 1.581.0 (2022-04-27) ------------------ diff --git a/gems/aws-partitions/VERSION b/gems/aws-partitions/VERSION index 629e9b19135..13ee58993d9 100644 --- a/gems/aws-partitions/VERSION +++ b/gems/aws-partitions/VERSION @@ -1 +1 @@ -1.581.0 +1.582.0 diff --git a/gems/aws-partitions/partitions.json b/gems/aws-partitions/partitions.json index b4d5cc45bd5..e2c1687b7bf 100644 --- a/gems/aws-partitions/partitions.json +++ b/gems/aws-partitions/partitions.json @@ -6638,6 +6638,13 @@ "us-west-2" : { } } }, + "ivschat" : { + "endpoints" : { + "eu-west-1" : { }, + "us-east-1" : { }, + "us-west-2" : { } + } + }, "kafka" : { "endpoints" : { "af-south-1" : { }, @@ -7707,6 +7714,38 @@ "us-east-1" : { } } }, + "media-pipelines-chime" : { + "endpoints" : { + "ap-southeast-1" : { }, + "eu-central-1" : { }, + "us-east-1" : { + "variants" : [ { + "hostname" : "media-pipelines-chime-fips.us-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-east-1-fips" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "deprecated" : true, + "hostname" : "media-pipelines-chime-fips.us-east-1.amazonaws.com" + }, + "us-west-2" : { + "variants" : [ { + "hostname" : "media-pipelines-chime-fips.us-west-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-2-fips" : { + "credentialScope" : { + "region" : "us-west-2" + }, + "deprecated" : true, + "hostname" : "media-pipelines-chime-fips.us-west-2.amazonaws.com" + } + } + }, "mediaconnect" : { "endpoints" : { "ap-east-1" : { }, @@ -8475,6 +8514,7 @@ }, "nimble" : { "endpoints" : { + "ap-northeast-1" : { }, "ap-southeast-2" : { }, "ca-central-1" : { }, "eu-west-2" : { }, @@ -9746,6 +9786,7 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-3" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-north-1" : { }, @@ -18478,6 +18519,11 @@ "us-isob-east-1" : { } } }, + "ram" : { + "endpoints" : { + "us-isob-east-1" : { } + } + }, "rds" : { "endpoints" : { "us-isob-east-1" : { } diff --git a/gems/aws-sdk-organizations/CHANGELOG.md b/gems/aws-sdk-organizations/CHANGELOG.md index fb676c5b9b1..9e20c1e6633 100644 --- a/gems/aws-sdk-organizations/CHANGELOG.md +++ b/gems/aws-sdk-organizations/CHANGELOG.md @@ -1,6 +1,11 @@ Unreleased Changes ------------------ +1.70.0 (2022-05-02) +------------------ + +* Feature - This release adds the INVALID_PAYMENT_INSTRUMENT as a fail reason and an error message. + 1.69.0 (2022-03-29) ------------------ diff --git a/gems/aws-sdk-organizations/VERSION b/gems/aws-sdk-organizations/VERSION index 49349856550..832e9afb6c1 100644 --- a/gems/aws-sdk-organizations/VERSION +++ b/gems/aws-sdk-organizations/VERSION @@ -1 +1 @@ -1.69.0 +1.70.0 diff --git a/gems/aws-sdk-organizations/lib/aws-sdk-organizations.rb b/gems/aws-sdk-organizations/lib/aws-sdk-organizations.rb index 303bbc2e97d..941e9f3ab94 100644 --- a/gems/aws-sdk-organizations/lib/aws-sdk-organizations.rb +++ b/gems/aws-sdk-organizations/lib/aws-sdk-organizations.rb @@ -48,6 +48,6 @@ # @!group service module Aws::Organizations - GEM_VERSION = '1.69.0' + GEM_VERSION = '1.70.0' end diff --git a/gems/aws-sdk-organizations/lib/aws-sdk-organizations/client.rb b/gems/aws-sdk-organizations/lib/aws-sdk-organizations/client.rb index dbccf2a29e9..3dc49435667 100644 --- a/gems/aws-sdk-organizations/lib/aws-sdk-organizations/client.rb +++ b/gems/aws-sdk-organizations/lib/aws-sdk-organizations/client.rb @@ -710,9 +710,52 @@ def cancel_handshake(params = {}, options = {}) req.send_request(options) end - # Closes an Amazon Web Services account that is now a part of an - # Organizations, either created within the organization, or invited to - # join the organization. + # Closes an Amazon Web Services member account within an organization. + # You can't close the management account with this API. This is an + # asynchronous request that Amazon Web Services performs in the + # background. Because `CloseAccount` operates asynchronously, it can + # return a successful completion message even though account closure + # might still be in progress. You need to wait a few minutes before the + # account is fully closed. To check the status of the request, do one of + # the following: + # + # * Use the `AccountId` that you sent in the `CloseAccount` request to + # provide as a parameter to the DescribeAccount operation. + # + # While the close account request is in progress, Account status will + # indicate PENDING\_CLOSURE. When the close account request completes, + # the status will change to SUSPENDED. + # + # * Check the CloudTrail log for the `CloseAccountResult` event that + # gets published after the account closes successfully. For + # information on using CloudTrail with Organizations, see [Logging and + # monitoring in Organizations][1] in the *Organizations User Guide.* + # + #