com.amazonaws.services.organizations.AWSOrganizationsClient Maven / Gradle / Ivy
Show all versions of aws-java-sdk-organizations Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.organizations;
import org.w3c.dom.*;
import java.net.*;
import java.util.*;
import javax.annotation.Generated;
import org.apache.commons.logging.*;
import com.amazonaws.*;
import com.amazonaws.annotation.SdkInternalApi;
import com.amazonaws.auth.*;
import com.amazonaws.handlers.*;
import com.amazonaws.http.*;
import com.amazonaws.internal.*;
import com.amazonaws.internal.auth.*;
import com.amazonaws.metrics.*;
import com.amazonaws.regions.*;
import com.amazonaws.transform.*;
import com.amazonaws.util.*;
import com.amazonaws.protocol.json.*;
import com.amazonaws.util.AWSRequestMetrics.Field;
import com.amazonaws.annotation.ThreadSafe;
import com.amazonaws.client.AwsSyncClientParams;
import com.amazonaws.client.builder.AdvancedConfig;
import com.amazonaws.services.organizations.AWSOrganizationsClientBuilder;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.services.organizations.model.*;
import com.amazonaws.services.organizations.model.transform.*;
/**
* Client for accessing Organizations. All service calls made using this client are blocking, and will not return until
* the service call completes.
*
*
* Organizations is a web service that enables you to consolidate your multiple Amazon Web Services accounts into an
* organization and centrally manage your accounts and their resources.
*
*
* This guide provides descriptions of the Organizations operations. For more information about using this service, see
* the Organizations User
* Guide.
*
*
* Support and feedback for Organizations
*
*
* We welcome your feedback. Send your comments to [email protected] or post your feedback and
* questions in the Organizations support forum. For
* more information about the Amazon Web Services support forums, see Forums Help.
*
*
* Endpoint to call When using the CLI or the Amazon Web Services SDK
*
*
* For the current release of Organizations, specify the us-east-1
region for all Amazon Web Services API
* and CLI calls made from the commercial Amazon Web Services Regions outside of China. If calling from one of the
* Amazon Web Services Regions in China, then specify cn-northwest-1
. You can do this in the CLI by using
* these parameters and commands:
*
*
* -
*
* Use the following parameter with each command to specify both the endpoint and its region:
*
*
* --endpoint-url https://organizations.us-east-1.amazonaws.com
(from commercial Amazon Web Services
* Regions outside of China)
*
*
* or
*
*
* --endpoint-url https://organizations.cn-northwest-1.amazonaws.com.cn
(from Amazon Web Services
* Regions in China)
*
*
* -
*
* Use the default endpoint, but configure your default region with this command:
*
*
* aws configure set default.region us-east-1
(from commercial Amazon Web Services Regions outside of
* China)
*
*
* or
*
*
* aws configure set default.region cn-northwest-1
(from Amazon Web Services Regions in China)
*
*
* -
*
* Use the following parameter with each command to specify the endpoint:
*
*
* --region us-east-1
(from commercial Amazon Web Services Regions outside of China)
*
*
* or
*
*
* --region cn-northwest-1
(from Amazon Web Services Regions in China)
*
*
*
*
* Recording API Requests
*
*
* Organizations supports CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services
* account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can
* determine which requests the Organizations service received, who made the request and when, and so on. For more about
* Organizations and its support for CloudTrail, see Logging Organizations API calls with CloudTrail in the Organizations User Guide. To learn more about
* CloudTrail, including how to turn it on and find your log files, see the CloudTrail User
* Guide.
*
*/
@ThreadSafe
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class AWSOrganizationsClient extends AmazonWebServiceClient implements AWSOrganizations {
/** Provider for AWS credentials. */
private final AWSCredentialsProvider awsCredentialsProvider;
private static final Log log = LogFactory.getLog(AWSOrganizations.class);
/** Default signing name for the service. */
private static final String DEFAULT_SIGNING_NAME = "organizations";
/** Client configuration factory providing ClientConfigurations tailored to this client */
protected static final ClientConfigurationFactory configFactory = new ClientConfigurationFactory();
private final AdvancedConfig advancedConfig;
private static final com.amazonaws.protocol.json.SdkJsonProtocolFactory protocolFactory = new com.amazonaws.protocol.json.SdkJsonProtocolFactory(
new JsonClientMetadata()
.withProtocolVersion("1.1")
.withSupportsCbor(false)
.withSupportsIon(false)
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ConcurrentModificationException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.ConcurrentModificationExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("HandshakeNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.HandshakeNotFoundExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("DuplicateAccountException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.DuplicateAccountExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("MalformedPolicyDocumentException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.MalformedPolicyDocumentExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("DuplicatePolicyException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.DuplicatePolicyExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ChildNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.ChildNotFoundExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("AccountOwnerNotVerifiedException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.AccountOwnerNotVerifiedExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("PolicyNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.PolicyNotFoundExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("AccessDeniedForDependencyException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.AccessDeniedForDependencyExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("PolicyChangesInProgressException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.PolicyChangesInProgressExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("AccountAlreadyRegisteredException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.AccountAlreadyRegisteredExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ConstraintViolationException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.ConstraintViolationExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("EffectivePolicyNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.EffectivePolicyNotFoundExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("AccountNotRegisteredException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.AccountNotRegisteredExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("AccountAlreadyClosedException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.AccountAlreadyClosedExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ParentNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.ParentNotFoundExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ResourcePolicyNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.ResourcePolicyNotFoundExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("HandshakeConstraintViolationException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.HandshakeConstraintViolationExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("PolicyInUseException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.PolicyInUseExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("PolicyTypeNotAvailableForOrganizationException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.PolicyTypeNotAvailableForOrganizationExceptionUnmarshaller
.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("DuplicateHandshakeException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.DuplicateHandshakeExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("HandshakeAlreadyInStateException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.HandshakeAlreadyInStateExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ServiceException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.ServiceExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("RootNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.RootNotFoundExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("OrganizationNotEmptyException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.OrganizationNotEmptyExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("OrganizationalUnitNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.OrganizationalUnitNotFoundExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("PolicyTypeAlreadyEnabledException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.PolicyTypeAlreadyEnabledExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("AccessDeniedException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.AccessDeniedExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("DuplicatePolicyAttachmentException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.DuplicatePolicyAttachmentExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ConflictException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.ConflictExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("MasterCannotLeaveOrganizationException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.MasterCannotLeaveOrganizationExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("DestinationParentNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.DestinationParentNotFoundExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("PolicyTypeNotEnabledException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.PolicyTypeNotEnabledExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidInputException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.InvalidInputExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("TargetNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.TargetNotFoundExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("CreateAccountStatusNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.CreateAccountStatusNotFoundExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("PolicyNotAttachedException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.PolicyNotAttachedExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("AlreadyInOrganizationException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.AlreadyInOrganizationExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("AccountNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.AccountNotFoundExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("SourceParentNotFoundException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.SourceParentNotFoundExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("AWSOrganizationsNotInUseException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.AWSOrganizationsNotInUseExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("UnsupportedAPIEndpointException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.UnsupportedAPIEndpointExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("DuplicateOrganizationalUnitException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.DuplicateOrganizationalUnitExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidHandshakeTransitionException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.InvalidHandshakeTransitionExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("TooManyRequestsException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.TooManyRequestsExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("FinalizingOrganizationException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.FinalizingOrganizationExceptionUnmarshaller.getInstance()))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("OrganizationalUnitNotEmptyException").withExceptionUnmarshaller(
com.amazonaws.services.organizations.model.transform.OrganizationalUnitNotEmptyExceptionUnmarshaller.getInstance()))
.withBaseServiceExceptionClass(com.amazonaws.services.organizations.model.AWSOrganizationsException.class));
/**
* Constructs a new client to invoke service methods on Organizations. A credentials provider chain will be used
* that searches for credentials in this order:
*
* - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
* - Java System Properties - aws.accessKeyId and aws.secretKey
* - Instance profile credentials delivered through the Amazon EC2 metadata service
*
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @see DefaultAWSCredentialsProviderChain
* @deprecated use {@link AWSOrganizationsClientBuilder#defaultClient()}
*/
@Deprecated
public AWSOrganizationsClient() {
this(DefaultAWSCredentialsProviderChain.getInstance(), configFactory.getConfig());
}
/**
* Constructs a new client to invoke service methods on Organizations. A credentials provider chain will be used
* that searches for credentials in this order:
*
* - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
* - Java System Properties - aws.accessKeyId and aws.secretKey
* - Instance profile credentials delivered through the Amazon EC2 metadata service
*
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param clientConfiguration
* The client configuration options controlling how this client connects to Organizations (ex: proxy
* settings, retry counts, etc.).
*
* @see DefaultAWSCredentialsProviderChain
* @deprecated use {@link AWSOrganizationsClientBuilder#withClientConfiguration(ClientConfiguration)}
*/
@Deprecated
public AWSOrganizationsClient(ClientConfiguration clientConfiguration) {
this(DefaultAWSCredentialsProviderChain.getInstance(), clientConfiguration);
}
/**
* Constructs a new client to invoke service methods on Organizations using the specified AWS account credentials.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentials
* The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.
* @deprecated use {@link AWSOrganizationsClientBuilder#withCredentials(AWSCredentialsProvider)} for example:
* {@code AWSOrganizationsClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(awsCredentials)).build();}
*/
@Deprecated
public AWSOrganizationsClient(AWSCredentials awsCredentials) {
this(awsCredentials, configFactory.getConfig());
}
/**
* Constructs a new client to invoke service methods on Organizations using the specified AWS account credentials
* and client configuration options.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentials
* The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.
* @param clientConfiguration
* The client configuration options controlling how this client connects to Organizations (ex: proxy
* settings, retry counts, etc.).
* @deprecated use {@link AWSOrganizationsClientBuilder#withCredentials(AWSCredentialsProvider)} and
* {@link AWSOrganizationsClientBuilder#withClientConfiguration(ClientConfiguration)}
*/
@Deprecated
public AWSOrganizationsClient(AWSCredentials awsCredentials, ClientConfiguration clientConfiguration) {
super(clientConfiguration);
this.awsCredentialsProvider = new StaticCredentialsProvider(awsCredentials);
this.advancedConfig = AdvancedConfig.EMPTY;
init();
}
/**
* Constructs a new client to invoke service methods on Organizations using the specified AWS account credentials
* provider.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentialsProvider
* The AWS credentials provider which will provide credentials to authenticate requests with AWS services.
* @deprecated use {@link AWSOrganizationsClientBuilder#withCredentials(AWSCredentialsProvider)}
*/
@Deprecated
public AWSOrganizationsClient(AWSCredentialsProvider awsCredentialsProvider) {
this(awsCredentialsProvider, configFactory.getConfig());
}
/**
* Constructs a new client to invoke service methods on Organizations using the specified AWS account credentials
* provider and client configuration options.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentialsProvider
* The AWS credentials provider which will provide credentials to authenticate requests with AWS services.
* @param clientConfiguration
* The client configuration options controlling how this client connects to Organizations (ex: proxy
* settings, retry counts, etc.).
* @deprecated use {@link AWSOrganizationsClientBuilder#withCredentials(AWSCredentialsProvider)} and
* {@link AWSOrganizationsClientBuilder#withClientConfiguration(ClientConfiguration)}
*/
@Deprecated
public AWSOrganizationsClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration) {
this(awsCredentialsProvider, clientConfiguration, null);
}
/**
* Constructs a new client to invoke service methods on Organizations using the specified AWS account credentials
* provider, client configuration options, and request metric collector.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentialsProvider
* The AWS credentials provider which will provide credentials to authenticate requests with AWS services.
* @param clientConfiguration
* The client configuration options controlling how this client connects to Organizations (ex: proxy
* settings, retry counts, etc.).
* @param requestMetricCollector
* optional request metric collector
* @deprecated use {@link AWSOrganizationsClientBuilder#withCredentials(AWSCredentialsProvider)} and
* {@link AWSOrganizationsClientBuilder#withClientConfiguration(ClientConfiguration)} and
* {@link AWSOrganizationsClientBuilder#withMetricsCollector(RequestMetricCollector)}
*/
@Deprecated
public AWSOrganizationsClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration,
RequestMetricCollector requestMetricCollector) {
super(clientConfiguration, requestMetricCollector);
this.awsCredentialsProvider = awsCredentialsProvider;
this.advancedConfig = AdvancedConfig.EMPTY;
init();
}
public static AWSOrganizationsClientBuilder builder() {
return AWSOrganizationsClientBuilder.standard();
}
/**
* Constructs a new client to invoke service methods on Organizations using the specified parameters.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param clientParams
* Object providing client parameters.
*/
AWSOrganizationsClient(AwsSyncClientParams clientParams) {
this(clientParams, false);
}
/**
* Constructs a new client to invoke service methods on Organizations using the specified parameters.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param clientParams
* Object providing client parameters.
*/
AWSOrganizationsClient(AwsSyncClientParams clientParams, boolean endpointDiscoveryEnabled) {
super(clientParams);
this.awsCredentialsProvider = clientParams.getCredentialsProvider();
this.advancedConfig = clientParams.getAdvancedConfig();
init();
}
private void init() {
setServiceNameIntern(DEFAULT_SIGNING_NAME);
setEndpointPrefix(ENDPOINT_PREFIX);
// calling this.setEndPoint(...) will also modify the signer accordingly
setEndpoint("organizations.us-east-1.amazonaws.com");
HandlerChainFactory chainFactory = new HandlerChainFactory();
requestHandler2s.addAll(chainFactory.newRequestHandlerChain("/com/amazonaws/services/organizations/request.handlers"));
requestHandler2s.addAll(chainFactory.newRequestHandler2Chain("/com/amazonaws/services/organizations/request.handler2s"));
requestHandler2s.addAll(chainFactory.getGlobalHandlers());
}
/**
*
* Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request.
*
*
* You can only call this operation by the following principals when they also have the relevant IAM permissions:
*
*
* -
*
* Invitation to join or Approve all features request handshakes: only a principal from the member
* account.
*
*
* The user who calls the API for an invitation to join must have the organizations:AcceptHandshake
* permission. If you enabled all features in the organization, the user must also have the
* iam:CreateServiceLinkedRole
permission so that Organizations can create the required service-linked
* role named AWSServiceRoleForOrganizations
. For more information, see Organizations and service-linked roles in the Organizations User Guide.
*
*
* -
*
* Enable all features final confirmation handshake: only a principal from the management account.
*
*
* For more information about invitations, see Inviting an
* Amazon Web Services account to join your organization in the Organizations User Guide. For more
* information about requests to enable all features in the organization, see Enabling all features in your organization in the Organizations User Guide.
*
*
*
*
* After you accept a handshake, it continues to appear in the results of relevant APIs for only 30 days. After
* that, it's deleted.
*
*
* @param acceptHandshakeRequest
* @return Result of the AcceptHandshake operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws HandshakeConstraintViolationException
* The requested operation would violate the constraint identified in the reason code.
*
* Some of the reasons in the following list might not be applicable to this specific API or operation:
*
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. Note that deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception immediately after creating the organization, wait one hour and try again. If
* after an hour it continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a
* member of an organization.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while
* it's in the process of enabling all features. You can resume inviting accounts after you finalize the
* process when all accounts have agreed to the change.
*
*
* -
*
* ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has
* already enabled all features.
*
*
* -
*
* ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the
* organization has already started the process to enable all features.
*
*
* -
*
* ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different
* marketplace than the accounts in the organization. For example, accounts with India addresses must be
* associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
*
*
* -
*
* ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account
* too quickly after its previous change.
*
*
* -
*
* PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment
* instrument, such as a credit card, associated with it.
*
*
* @throws HandshakeNotFoundException
* We can't find a handshake with the HandshakeId
that you specified.
* @throws InvalidHandshakeTransitionException
* You can't perform the operation on the handshake in its current state. For example, you can't cancel a
* handshake that was already accepted or accept a handshake that was already declined.
* @throws HandshakeAlreadyInStateException
* The specified handshake is already in the requested state. For example, you can't accept a handshake that
* was already accepted.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws AccessDeniedForDependencyException
* The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
for
* organizations.amazonaws.com
permission so that Organizations can create the required
* service-linked role. You don't have that permission.
* @sample AWSOrganizations.AcceptHandshake
* @see AWS
* API Documentation
*/
@Override
public AcceptHandshakeResult acceptHandshake(AcceptHandshakeRequest request) {
request = beforeClientExecution(request);
return executeAcceptHandshake(request);
}
@SdkInternalApi
final AcceptHandshakeResult executeAcceptHandshake(AcceptHandshakeRequest acceptHandshakeRequest) {
ExecutionContext executionContext = createExecutionContext(acceptHandshakeRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new AcceptHandshakeRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(acceptHandshakeRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "AcceptHandshake");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new AcceptHandshakeResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects
* accounts depends on the type of policy. Refer to the Organizations User Guide for information about each
* policy type:
*
*
* -
*
*
* -
*
*
* BACKUP_POLICY
*
*
* -
*
*
* -
*
*
* TAG_POLICY
*
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param attachPolicyRequest
* @return Result of the AttachPolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws DuplicatePolicyAttachmentException
* The selected policy is already attached to the specified target.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId
that you specified.
* @throws PolicyTypeNotEnabledException
* The specified policy type isn't currently enabled in this root. You can't attach policies of the
* specified type to entities in a root until you enable that type in the root. For more information, see Enabling all features in your organization in the Organizations User Guide.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId
that you specified.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @sample AWSOrganizations.AttachPolicy
* @see AWS API
* Documentation
*/
@Override
public AttachPolicyResult attachPolicy(AttachPolicyRequest request) {
request = beforeClientExecution(request);
return executeAttachPolicy(request);
}
@SdkInternalApi
final AttachPolicyResult executeAttachPolicy(AttachPolicyRequest attachPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(attachPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new AttachPolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(attachPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "AttachPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new AttachPolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED
.
*
*
* This operation can be called only from the account that originated the handshake. The recipient of the handshake
* can't cancel it, but can use DeclineHandshake instead. After a handshake is canceled, the recipient can no
* longer respond to that handshake.
*
*
* After you cancel a handshake, it continues to appear in the results of relevant APIs for only 30 days. After
* that, it's deleted.
*
*
* @param cancelHandshakeRequest
* @return Result of the CancelHandshake operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeNotFoundException
* We can't find a handshake with the HandshakeId
that you specified.
* @throws InvalidHandshakeTransitionException
* You can't perform the operation on the handshake in its current state. For example, you can't cancel a
* handshake that was already accepted or accept a handshake that was already declined.
* @throws HandshakeAlreadyInStateException
* The specified handshake is already in the requested state. For example, you can't accept a handshake that
* was already accepted.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.CancelHandshake
* @see AWS
* API Documentation
*/
@Override
public CancelHandshakeResult cancelHandshake(CancelHandshakeRequest request) {
request = beforeClientExecution(request);
return executeCancelHandshake(request);
}
@SdkInternalApi
final CancelHandshakeResult executeCancelHandshake(CancelHandshakeRequest cancelHandshakeRequest) {
ExecutionContext executionContext = createExecutionContext(cancelHandshakeRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CancelHandshakeRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(cancelHandshakeRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CancelHandshake");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CancelHandshakeResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Closes an Amazon Web Services member account within an organization. You can close an account when all
* features are enabled . You can't close the management account with this API. This is an asynchronous request
* that Amazon Web Services performs in the background. Because CloseAccount
operates asynchronously,
* it can return a successful completion message even though account closure might still be in progress. You need to
* wait a few minutes before the account is fully closed. To check the status of the request, do one of the
* following:
*
*
* -
*
* Use the AccountId
that you sent in the CloseAccount
request to provide as a parameter
* to the DescribeAccount operation.
*
*
* While the close account request is in progress, Account status will indicate PENDING_CLOSURE. When the close
* account request completes, the status will change to SUSPENDED.
*
*
* -
*
* Check the CloudTrail log for the CloseAccountResult
event that gets published after the account
* closes successfully. For information on using CloudTrail with Organizations, see Logging and monitoring in Organizations in the Organizations User Guide.
*
*
*
*
*
* -
*
* You can close only 10% of member accounts, between 10 and 1000, within a rolling 30 day period. This quota is not
* bound by a calendar month, but starts when you close an account. After you reach this limit, you can close
* additional accounts. For more information, see Closing a
* member account in your organization and Quotas for
* Organizationsin the Organizations User Guide.
*
*
* -
*
* To reinstate a closed account, contact Amazon Web Services Support within the 90-day grace period while the
* account is in SUSPENDED status.
*
*
* -
*
* If the Amazon Web Services account you attempt to close is linked to an Amazon Web Services GovCloud (US)
* account, the CloseAccount
request will close both accounts. To learn important pre-closure details,
* see Closing an
* Amazon Web Services GovCloud (US) account in the Amazon Web Services GovCloud User Guide.
*
*
*
*
*
* @param closeAccountRequest
* @return Result of the CloseAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountAlreadyClosedException
* You attempted to close an account that is already closed.
* @throws AccountNotFoundException
* We can't find an Amazon Web Services account with the AccountId
that you specified, or the
* account whose credentials you used to make this request isn't a member of an organization.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConflictException
* The request failed because it conflicts with the current state of the specified resource.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.CloseAccount
* @see AWS API
* Documentation
*/
@Override
public CloseAccountResult closeAccount(CloseAccountRequest request) {
request = beforeClientExecution(request);
return executeCloseAccount(request);
}
@SdkInternalApi
final CloseAccountResult executeCloseAccount(CloseAccountRequest closeAccountRequest) {
ExecutionContext executionContext = createExecutionContext(closeAccountRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CloseAccountRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(closeAccountRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CloseAccount");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CloseAccountResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates an Amazon Web Services account that is automatically a member of the organization whose credentials made
* the request. This is an asynchronous request that Amazon Web Services performs in the background. Because
* CreateAccount
operates asynchronously, it can return a successful completion message even though
* account initialization might still be in progress. You might need to wait a few minutes before you can
* successfully access the account. To check the status of the request, do one of the following:
*
*
* -
*
* Use the Id
value of the CreateAccountStatus
response element from this operation to
* provide as a parameter to the DescribeCreateAccountStatus operation.
*
*
* -
*
* Check the CloudTrail log for the CreateAccountResult
event. For information on using CloudTrail with
* Organizations, see Logging and monitoring in Organizations in the Organizations User Guide.
*
*
*
*
* The user who calls the API to create an account must have the organizations:CreateAccount
* permission. If you enabled all features in the organization, Organizations creates the required service-linked
* role named AWSServiceRoleForOrganizations
. For more information, see Organizations and service-linked roles in the Organizations User Guide.
*
*
* If the request includes tags, then the requester must have the organizations:TagResource
permission.
*
*
* Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole
* by default) that grants users in the management account administrator permissions in the new member account.
* Principals in the management account can assume the role. Organizations clones the company name and address
* information for the new account from the organization's management account.
*
*
* This operation can be called only from the organization's management account.
*
*
* For more information about creating accounts, see Creating a
* member account in your organization in the Organizations User Guide.
*
*
*
* -
*
* When you create an account in an organization using the Organizations console, API, or CLI commands, the
* information required for the account to operate as a standalone account, such as a payment method and signing the
* end user license agreement (EULA) is not automatically collected. If you must remove an account from your
* organization later, you can do so only after you provide the missing information. For more information, see
* Considerations before removing an account from an organization in the Organizations User Guide.
*
*
* -
*
* If you get an exception that indicates that you exceeded your account limits for the organization, contact Amazon Web Services Support.
*
*
* -
*
* If you get an exception that indicates that the operation failed because your organization is still initializing,
* wait one hour and then try again. If the error persists, contact Amazon Web Services Support.
*
*
* -
*
* Using CreateAccount
to create multiple temporary accounts isn't recommended. You can only close an
* account from the Billing and Cost Management console, and you must be signed in as the root user. For information
* on the requirements and process for closing an account, see Closing a
* member account in your organization in the Organizations User Guide.
*
*
*
*
*
* When you create a member account with this operation, you can choose whether to create the account with the
* IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that
* have appropriate permissions can view billing information for the account. If you disable it, only the account
* root user can access billing information. For information about how to disable this switch for an account, see Granting
* access to your billing information and tools.
*
*
*
* @param createAccountRequest
* @return Result of the CreateAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws FinalizingOrganizationException
* Organizations couldn't perform the operation because your organization hasn't finished initializing. This
* can take up to an hour. Try again later. If after one hour you continue to receive this error, contact Amazon Web Services Support.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.CreateAccount
* @see AWS
* API Documentation
*/
@Override
public CreateAccountResult createAccount(CreateAccountRequest request) {
request = beforeClientExecution(request);
return executeCreateAccount(request);
}
@SdkInternalApi
final CreateAccountResult executeCreateAccount(CreateAccountRequest createAccountRequest) {
ExecutionContext executionContext = createExecutionContext(createAccountRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateAccountRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createAccountRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateAccount");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreateAccountResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* This action is available if all of the following are true:
*
*
* -
*
* You're authorized to create accounts in the Amazon Web Services GovCloud (US) Region. For more information on the
* Amazon Web Services GovCloud (US) Region, see the Amazon Web Services GovCloud
* User Guide.
*
*
* -
*
* You already have an account in the Amazon Web Services GovCloud (US) Region that is paired with a management
* account of an organization in the commercial Region.
*
*
* -
*
* You call this action from the management account of your organization in the commercial Region.
*
*
* -
*
* You have the organizations:CreateGovCloudAccount
permission.
*
*
*
*
* Organizations automatically creates the required service-linked role named
* AWSServiceRoleForOrganizations
. For more information, see Organizations and service-linked roles in the Organizations User Guide.
*
*
* Amazon Web Services automatically enables CloudTrail for Amazon Web Services GovCloud (US) accounts, but you
* should also do the following:
*
*
* -
*
* Verify that CloudTrail is enabled to store logs.
*
*
* -
*
* Create an Amazon S3 bucket for CloudTrail log storage.
*
*
* For more information, see Verifying CloudTrail Is
* Enabled in the Amazon Web Services GovCloud User Guide.
*
*
*
*
* If the request includes tags, then the requester must have the organizations:TagResource
permission.
* The tags are attached to the commercial account associated with the GovCloud account, rather than the GovCloud
* account itself. To add tags to the GovCloud account, call the TagResource operation in the GovCloud Region
* after the new GovCloud account exists.
*
*
* You call this action from the management account of your organization in the commercial Region to create a
* standalone Amazon Web Services account in the Amazon Web Services GovCloud (US) Region. After the account is
* created, the management account of an organization in the Amazon Web Services GovCloud (US) Region can invite it
* to that organization. For more information on inviting standalone accounts in the Amazon Web Services GovCloud
* (US) to join an organization, see Organizations in
* the Amazon Web Services GovCloud User Guide.
*
*
* Calling CreateGovCloudAccount
is an asynchronous request that Amazon Web Services performs in the
* background. Because CreateGovCloudAccount
operates asynchronously, it can return a successful
* completion message even though account initialization might still be in progress. You might need to wait a few
* minutes before you can successfully access the account. To check the status of the request, do one of the
* following:
*
*
* -
*
* Use the OperationId
response element from this operation to provide as a parameter to the
* DescribeCreateAccountStatus operation.
*
*
* -
*
* Check the CloudTrail log for the CreateAccountResult
event. For information on using CloudTrail with
* Organizations, see Logging
* and monitoring in Organizations in the Organizations User Guide.
*
*
*
*
*
* When you call the CreateGovCloudAccount
action, you create two accounts: a standalone account in the
* Amazon Web Services GovCloud (US) Region and an associated account in the commercial Region for billing and
* support purposes. The account in the commercial Region is automatically a member of the organization whose
* credentials made the request. Both accounts are associated with the same email address.
*
*
* A role is created in the new account in the commercial Region that allows the management account in the
* organization in the commercial Region to assume it. An Amazon Web Services GovCloud (US) account is then created
* and associated with the commercial account that you just created. A role is also created in the new Amazon Web
* Services GovCloud (US) account that can be assumed by the Amazon Web Services GovCloud (US) account that is
* associated with the management account of the commercial organization. For more information and to view a diagram
* that explains how account access works, see Organizations in
* the Amazon Web Services GovCloud User Guide.
*
*
* For more information about creating accounts, see Creating a
* member account in your organization in the Organizations User Guide.
*
*
*
* -
*
* When you create an account in an organization using the Organizations console, API, or CLI commands, the
* information required for the account to operate as a standalone account is not automatically collected.
* This includes a payment method and signing the end user license agreement (EULA). If you must remove an account
* from your organization later, you can do so only after you provide the missing information. For more information,
* see
* Considerations before removing an account from an organization in the Organizations User Guide.
*
*
* -
*
* If you get an exception that indicates that you exceeded your account limits for the organization, contact Amazon Web Services Support.
*
*
* -
*
* If you get an exception that indicates that the operation failed because your organization is still initializing,
* wait one hour and then try again. If the error persists, contact Amazon Web Services Support.
*
*
* -
*
* Using CreateGovCloudAccount
to create multiple temporary accounts isn't recommended. You can only
* close an account from the Amazon Web Services Billing and Cost Management console, and you must be signed in as
* the root user. For information on the requirements and process for closing an account, see Closing a
* member account in your organization in the Organizations User Guide.
*
*
*
*
*
* When you create a member account with this operation, you can choose whether to create the account with the
* IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that
* have appropriate permissions can view billing information for the account. If you disable it, only the account
* root user can access billing information. For information about how to disable this switch for an account, see Granting access to your
* billing information and tools.
*
*
*
* @param createGovCloudAccountRequest
* @return Result of the CreateGovCloudAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws FinalizingOrganizationException
* Organizations couldn't perform the operation because your organization hasn't finished initializing. This
* can take up to an hour. Try again later. If after one hour you continue to receive this error, contact Amazon Web Services Support.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.CreateGovCloudAccount
* @see AWS API Documentation
*/
@Override
public CreateGovCloudAccountResult createGovCloudAccount(CreateGovCloudAccountRequest request) {
request = beforeClientExecution(request);
return executeCreateGovCloudAccount(request);
}
@SdkInternalApi
final CreateGovCloudAccountResult executeCreateGovCloudAccount(CreateGovCloudAccountRequest createGovCloudAccountRequest) {
ExecutionContext executionContext = createExecutionContext(createGovCloudAccountRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateGovCloudAccountRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createGovCloudAccountRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateGovCloudAccount");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory
.createResponseHandler(new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new CreateGovCloudAccountResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates an Amazon Web Services organization. The account whose user is calling the
* CreateOrganization
operation automatically becomes the management account of the new organization.
*
*
* This operation must be called using credentials from the account that is to become the new organization's
* management account. The principal must also have the relevant IAM permissions.
*
*
* By default (or if you set the FeatureSet
parameter to ALL
), the new organization is
* created with all features enabled and service control policies automatically enabled in the root. If you instead
* choose to create the organization supporting only the consolidated billing features by setting the
* FeatureSet
parameter to CONSOLIDATED_BILLING
, no policy types are enabled by default
* and you can't use organization policies.
*
*
* @param createOrganizationRequest
* @return Result of the CreateOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AlreadyInOrganizationException
* This account is already a member of an organization. An account can belong to only one organization at a
* time.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws AccessDeniedForDependencyException
* The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
for
* organizations.amazonaws.com
permission so that Organizations can create the required
* service-linked role. You don't have that permission.
* @sample AWSOrganizations.CreateOrganization
* @see AWS API Documentation
*/
@Override
public CreateOrganizationResult createOrganization(CreateOrganizationRequest request) {
request = beforeClientExecution(request);
return executeCreateOrganization(request);
}
@SdkInternalApi
final CreateOrganizationResult executeCreateOrganization(CreateOrganizationRequest createOrganizationRequest) {
ExecutionContext executionContext = createExecutionContext(createOrganizationRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateOrganizationRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createOrganizationRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateOrganization");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreateOrganizationResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates an organizational unit (OU) within a root or parent OU. An OU is a container for accounts that enables
* you to organize your accounts to apply policies according to your business requirements. The number of levels
* deep that you can nest OUs is dependent upon the policy types enabled for that root. For service control
* policies, the limit is five.
*
*
* For more information about OUs, see Managing organizational
* units (OUs) in the Organizations User Guide.
*
*
* If the request includes tags, then the requester must have the organizations:TagResource
permission.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param createOrganizationalUnitRequest
* @return Result of the CreateOrganizationalUnit operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws DuplicateOrganizationalUnitException
* An OU with the same name already exists.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId
that you specified.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.CreateOrganizationalUnit
* @see AWS API Documentation
*/
@Override
public CreateOrganizationalUnitResult createOrganizationalUnit(CreateOrganizationalUnitRequest request) {
request = beforeClientExecution(request);
return executeCreateOrganizationalUnit(request);
}
@SdkInternalApi
final CreateOrganizationalUnitResult executeCreateOrganizationalUnit(CreateOrganizationalUnitRequest createOrganizationalUnitRequest) {
ExecutionContext executionContext = createExecutionContext(createOrganizationalUnitRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateOrganizationalUnitRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(createOrganizationalUnitRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateOrganizationalUnit");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new CreateOrganizationalUnitResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual
* Amazon Web Services account.
*
*
* For more information about policies and their use, see Managing
* Organizations policies.
*
*
* If the request includes tags, then the requester must have the organizations:TagResource
permission.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param createPolicyRequest
* @return Result of the CreatePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws DuplicatePolicyException
* A policy with the same name already exists.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws MalformedPolicyDocumentException
* The provided policy document doesn't meet the requirements of the specified policy type. For example, the
* syntax might be incorrect. For details about service control policy syntax, see SCP syntax in the Organizations User Guide.
* @throws PolicyTypeNotAvailableForOrganizationException
* You can't use the specified policy type with the feature set currently enabled for this organization. For
* example, you can enable SCPs only after you enable all features in the organization. For more
* information, see Managing Organizations policiesin the Organizations User Guide.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.CreatePolicy
* @see AWS API
* Documentation
*/
@Override
public CreatePolicyResult createPolicy(CreatePolicyRequest request) {
request = beforeClientExecution(request);
return executeCreatePolicy(request);
}
@SdkInternalApi
final CreatePolicyResult executeCreatePolicy(CreatePolicyRequest createPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(createPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreatePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreatePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreatePolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Declines a handshake request. This sets the handshake state to DECLINED
and effectively deactivates
* the request.
*
*
* This operation can be called only from the account that received the handshake. The originator of the handshake
* can use CancelHandshake instead. The originator can't reactivate a declined request, but can reinitiate
* the process with a new handshake request.
*
*
* After you decline a handshake, it continues to appear in the results of relevant APIs for only 30 days. After
* that, it's deleted.
*
*
* @param declineHandshakeRequest
* @return Result of the DeclineHandshake operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeNotFoundException
* We can't find a handshake with the HandshakeId
that you specified.
* @throws InvalidHandshakeTransitionException
* You can't perform the operation on the handshake in its current state. For example, you can't cancel a
* handshake that was already accepted or accept a handshake that was already declined.
* @throws HandshakeAlreadyInStateException
* The specified handshake is already in the requested state. For example, you can't accept a handshake that
* was already accepted.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.DeclineHandshake
* @see AWS
* API Documentation
*/
@Override
public DeclineHandshakeResult declineHandshake(DeclineHandshakeRequest request) {
request = beforeClientExecution(request);
return executeDeclineHandshake(request);
}
@SdkInternalApi
final DeclineHandshakeResult executeDeclineHandshake(DeclineHandshakeRequest declineHandshakeRequest) {
ExecutionContext executionContext = createExecutionContext(declineHandshakeRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeclineHandshakeRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(declineHandshakeRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeclineHandshake");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeclineHandshakeResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the organization. You can delete an organization only by using credentials from the management account.
* The organization must be empty of member accounts.
*
*
* @param deleteOrganizationRequest
* @return Result of the DeleteOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws OrganizationNotEmptyException
* The organization isn't empty. To delete an organization, you must first remove all accounts except the
* management account.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.DeleteOrganization
* @see AWS API Documentation
*/
@Override
public DeleteOrganizationResult deleteOrganization(DeleteOrganizationRequest request) {
request = beforeClientExecution(request);
return executeDeleteOrganization(request);
}
@SdkInternalApi
final DeleteOrganizationResult executeDeleteOrganization(DeleteOrganizationRequest deleteOrganizationRequest) {
ExecutionContext executionContext = createExecutionContext(deleteOrganizationRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteOrganizationRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deleteOrganizationRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteOrganization");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeleteOrganizationResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes an organizational unit (OU) from a root or another OU. You must first remove all accounts and child OUs
* from the OU that you want to delete.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param deleteOrganizationalUnitRequest
* @return Result of the DeleteOrganizationalUnit operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws OrganizationalUnitNotEmptyException
* The specified OU is not empty. Move all accounts to another root or to other OUs, remove all child OUs,
* and try the operation again.
* @throws OrganizationalUnitNotFoundException
* We can't find an OU with the OrganizationalUnitId
that you specified.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.DeleteOrganizationalUnit
* @see AWS API Documentation
*/
@Override
public DeleteOrganizationalUnitResult deleteOrganizationalUnit(DeleteOrganizationalUnitRequest request) {
request = beforeClientExecution(request);
return executeDeleteOrganizationalUnit(request);
}
@SdkInternalApi
final DeleteOrganizationalUnitResult executeDeleteOrganizationalUnit(DeleteOrganizationalUnitRequest deleteOrganizationalUnitRequest) {
ExecutionContext executionContext = createExecutionContext(deleteOrganizationalUnitRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteOrganizationalUnitRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(deleteOrganizationalUnitRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteOrganizationalUnit");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new DeleteOrganizationalUnitResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified policy from your organization. Before you perform this operation, you must first detach the
* policy from all organizational units (OUs), roots, and accounts.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param deletePolicyRequest
* @return Result of the DeletePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyInUseException
* The policy is attached to one or more entities. You must detach it from all roots, OUs, and accounts
* before performing this operation.
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId
that you specified.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.DeletePolicy
* @see AWS API
* Documentation
*/
@Override
public DeletePolicyResult deletePolicy(DeletePolicyRequest request) {
request = beforeClientExecution(request);
return executeDeletePolicy(request);
}
@SdkInternalApi
final DeletePolicyResult executeDeletePolicy(DeletePolicyRequest deletePolicyRequest) {
ExecutionContext executionContext = createExecutionContext(deletePolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeletePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deletePolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeletePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeletePolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the resource policy from your organization.
*
*
* You can only call this operation from the organization's management account.
*
*
* @param deleteResourcePolicyRequest
* @return Result of the DeleteResourcePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
*
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ResourcePolicyNotFoundException
* We can't find a resource policy request with the parameter that you specified.
* @sample AWSOrganizations.DeleteResourcePolicy
* @see AWS API Documentation
*/
@Override
public DeleteResourcePolicyResult deleteResourcePolicy(DeleteResourcePolicyRequest request) {
request = beforeClientExecution(request);
return executeDeleteResourcePolicy(request);
}
@SdkInternalApi
final DeleteResourcePolicyResult executeDeleteResourcePolicy(DeleteResourcePolicyRequest deleteResourcePolicyRequest) {
ExecutionContext executionContext = createExecutionContext(deleteResourcePolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteResourcePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deleteResourcePolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteResourcePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeleteResourcePolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Removes the specified member Amazon Web Services account as a delegated administrator for the specified Amazon
* Web Services service.
*
*
*
* Deregistering a delegated administrator can have unintended impacts on the functionality of the enabled Amazon
* Web Services service. See the documentation for the enabled service before you deregister a delegated
* administrator so that you understand any potential impacts.
*
*
*
* You can run this action only for Amazon Web Services services that support this feature. For a current list of
* services that support it, see the column Supports Delegated Administrator in the table at Amazon Web
* Services Services that you can use with Organizations in the Organizations User Guide.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param deregisterDelegatedAdministratorRequest
* @return Result of the DeregisterDelegatedAdministrator operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an Amazon Web Services account with the AccountId
that you specified, or the
* account whose credentials you used to make this request isn't a member of an organization.
* @throws AccountNotRegisteredException
* The specified account is not a delegated administrator for this Amazon Web Services service.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.DeregisterDelegatedAdministrator
* @see AWS API Documentation
*/
@Override
public DeregisterDelegatedAdministratorResult deregisterDelegatedAdministrator(DeregisterDelegatedAdministratorRequest request) {
request = beforeClientExecution(request);
return executeDeregisterDelegatedAdministrator(request);
}
@SdkInternalApi
final DeregisterDelegatedAdministratorResult executeDeregisterDelegatedAdministrator(
DeregisterDelegatedAdministratorRequest deregisterDelegatedAdministratorRequest) {
ExecutionContext executionContext = createExecutionContext(deregisterDelegatedAdministratorRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeregisterDelegatedAdministratorRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(deregisterDelegatedAdministratorRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeregisterDelegatedAdministrator");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new DeregisterDelegatedAdministratorResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves Organizations-related information about the specified account.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param describeAccountRequest
* @return Result of the DescribeAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an Amazon Web Services account with the AccountId
that you specified, or the
* account whose credentials you used to make this request isn't a member of an organization.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.DescribeAccount
* @see AWS
* API Documentation
*/
@Override
public DescribeAccountResult describeAccount(DescribeAccountRequest request) {
request = beforeClientExecution(request);
return executeDescribeAccount(request);
}
@SdkInternalApi
final DescribeAccountResult executeDescribeAccount(DescribeAccountRequest describeAccountRequest) {
ExecutionContext executionContext = createExecutionContext(describeAccountRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DescribeAccountRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(describeAccountRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DescribeAccount");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DescribeAccountResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves the current status of an asynchronous request to create an account.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param describeCreateAccountStatusRequest
* @return Result of the DescribeCreateAccountStatus operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws CreateAccountStatusNotFoundException
* We can't find an create account request with the CreateAccountRequestId
that you specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.DescribeCreateAccountStatus
* @see AWS API Documentation
*/
@Override
public DescribeCreateAccountStatusResult describeCreateAccountStatus(DescribeCreateAccountStatusRequest request) {
request = beforeClientExecution(request);
return executeDescribeCreateAccountStatus(request);
}
@SdkInternalApi
final DescribeCreateAccountStatusResult executeDescribeCreateAccountStatus(DescribeCreateAccountStatusRequest describeCreateAccountStatusRequest) {
ExecutionContext executionContext = createExecutionContext(describeCreateAccountStatusRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DescribeCreateAccountStatusRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(describeCreateAccountStatusRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DescribeCreateAccountStatus");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new DescribeCreateAccountStatusResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Returns the contents of the effective policy for specified policy type and account. The effective policy is the
* aggregation of any policies of the specified type that the account inherits, plus any policy of that type that is
* directly attached to the account.
*
*
* This operation applies only to policy types other than service control policies (SCPs).
*
*
* For more information about policy inheritance, see Understanding management policy inheritance in the Organizations User Guide.
*
*
* This operation can be called from any account in the organization.
*
*
* @param describeEffectivePolicyRequest
* @return Result of the DescribeEffectivePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId
that you specified.
* @throws EffectivePolicyNotFoundException
* If you ran this action on the management account, this policy type is not enabled. If you ran the action
* on a member account, the account doesn't have an effective policy of this type. Contact the administrator
* of your organization about attaching a policy of this type to the account.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
*
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.DescribeEffectivePolicy
* @see AWS API Documentation
*/
@Override
public DescribeEffectivePolicyResult describeEffectivePolicy(DescribeEffectivePolicyRequest request) {
request = beforeClientExecution(request);
return executeDescribeEffectivePolicy(request);
}
@SdkInternalApi
final DescribeEffectivePolicyResult executeDescribeEffectivePolicy(DescribeEffectivePolicyRequest describeEffectivePolicyRequest) {
ExecutionContext executionContext = createExecutionContext(describeEffectivePolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DescribeEffectivePolicyRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(describeEffectivePolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DescribeEffectivePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new DescribeEffectivePolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves information about a previously requested handshake. The handshake ID comes from the response to the
* original InviteAccountToOrganization operation that generated the handshake.
*
*
* You can access handshakes that are ACCEPTED
, DECLINED
, or CANCELED
for
* only 30 days after they change to that state. They're then deleted and no longer accessible.
*
*
* This operation can be called from any account in the organization.
*
*
* @param describeHandshakeRequest
* @return Result of the DescribeHandshake operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeNotFoundException
* We can't find a handshake with the HandshakeId
that you specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.DescribeHandshake
* @see AWS API Documentation
*/
@Override
public DescribeHandshakeResult describeHandshake(DescribeHandshakeRequest request) {
request = beforeClientExecution(request);
return executeDescribeHandshake(request);
}
@SdkInternalApi
final DescribeHandshakeResult executeDescribeHandshake(DescribeHandshakeRequest describeHandshakeRequest) {
ExecutionContext executionContext = createExecutionContext(describeHandshakeRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DescribeHandshakeRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(describeHandshakeRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DescribeHandshake");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DescribeHandshakeResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves information about the organization that the user's account belongs to.
*
*
* This operation can be called from any account in the organization.
*
*
*
* Even if a policy type is shown as available in the organization, you can disable it separately at the root level
* with DisablePolicyType. Use ListRoots to see the status of policy types for a specified root.
*
*
*
* @param describeOrganizationRequest
* @return Result of the DescribeOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.DescribeOrganization
* @see AWS API Documentation
*/
@Override
public DescribeOrganizationResult describeOrganization(DescribeOrganizationRequest request) {
request = beforeClientExecution(request);
return executeDescribeOrganization(request);
}
@SdkInternalApi
final DescribeOrganizationResult executeDescribeOrganization(DescribeOrganizationRequest describeOrganizationRequest) {
ExecutionContext executionContext = createExecutionContext(describeOrganizationRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DescribeOrganizationRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(describeOrganizationRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DescribeOrganization");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DescribeOrganizationResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves information about an organizational unit (OU).
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param describeOrganizationalUnitRequest
* @return Result of the DescribeOrganizationalUnit operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws OrganizationalUnitNotFoundException
* We can't find an OU with the OrganizationalUnitId
that you specified.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.DescribeOrganizationalUnit
* @see AWS API Documentation
*/
@Override
public DescribeOrganizationalUnitResult describeOrganizationalUnit(DescribeOrganizationalUnitRequest request) {
request = beforeClientExecution(request);
return executeDescribeOrganizationalUnit(request);
}
@SdkInternalApi
final DescribeOrganizationalUnitResult executeDescribeOrganizationalUnit(DescribeOrganizationalUnitRequest describeOrganizationalUnitRequest) {
ExecutionContext executionContext = createExecutionContext(describeOrganizationalUnitRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DescribeOrganizationalUnitRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(describeOrganizationalUnitRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DescribeOrganizationalUnit");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new DescribeOrganizationalUnitResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves information about a policy.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param describePolicyRequest
* @return Result of the DescribePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId
that you specified.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.DescribePolicy
* @see AWS
* API Documentation
*/
@Override
public DescribePolicyResult describePolicy(DescribePolicyRequest request) {
request = beforeClientExecution(request);
return executeDescribePolicy(request);
}
@SdkInternalApi
final DescribePolicyResult executeDescribePolicy(DescribePolicyRequest describePolicyRequest) {
ExecutionContext executionContext = createExecutionContext(describePolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DescribePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(describePolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DescribePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DescribePolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves information about a resource policy.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param describeResourcePolicyRequest
* @return Result of the DescribeResourcePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ResourcePolicyNotFoundException
* We can't find a resource policy request with the parameter that you specified.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
*
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @sample AWSOrganizations.DescribeResourcePolicy
* @see AWS API Documentation
*/
@Override
public DescribeResourcePolicyResult describeResourcePolicy(DescribeResourcePolicyRequest request) {
request = beforeClientExecution(request);
return executeDescribeResourcePolicy(request);
}
@SdkInternalApi
final DescribeResourcePolicyResult executeDescribeResourcePolicy(DescribeResourcePolicyRequest describeResourcePolicyRequest) {
ExecutionContext executionContext = createExecutionContext(describeResourcePolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DescribeResourcePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(describeResourcePolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DescribeResourcePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new DescribeResourcePolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Detaches a policy from a target root, organizational unit (OU), or account.
*
*
*
* If the policy being detached is a service control policy (SCP), the changes to permissions for Identity and
* Access Management (IAM) users and roles in affected accounts are immediate.
*
*
*
* Every root, OU, and account must have at least one SCP attached. If you want to replace the default
* FullAWSAccess
policy with an SCP that limits the permissions that can be delegated, you must attach
* the replacement SCP before you can remove the default SCP. This is the authorization strategy of an
* "allow list". If you instead attach a second SCP and leave the FullAWSAccess
SCP still
* attached, and specify "Effect": "Deny"
in the second SCP to override the
* "Effect": "Allow"
in the FullAWSAccess
policy (or any other attached SCP), you're using
* the authorization strategy of a
* "deny list".
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param detachPolicyRequest
* @return Result of the DetachPolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyNotAttachedException
* The policy isn't attached to the specified target in the specified root.
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId
that you specified.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId
that you specified.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @sample AWSOrganizations.DetachPolicy
* @see AWS API
* Documentation
*/
@Override
public DetachPolicyResult detachPolicy(DetachPolicyRequest request) {
request = beforeClientExecution(request);
return executeDetachPolicy(request);
}
@SdkInternalApi
final DetachPolicyResult executeDetachPolicy(DetachPolicyRequest detachPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(detachPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DetachPolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(detachPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DetachPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DetachPolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Disables the integration of an Amazon Web Services service (the service that is specified by
* ServicePrincipal
) with Organizations. When you disable integration, the specified service no longer
* can create a service-linked role
* in new accounts in your organization. This means the service can't perform operations on your behalf on
* any new accounts in your organization. The service can still perform operations in older accounts until the
* service completes its clean-up from Organizations.
*
*
*
* We strongly recommend that you don't use this command to disable integration between
* Organizations and the specified Amazon Web Services service. Instead, use the console or commands that are
* provided by the specified service. This lets the trusted service perform any required initialization when
* enabling trusted access, such as creating any required resources and any required clean up of resources when
* disabling trusted access.
*
*
* For information about how to disable trusted service access to your organization using the trusted service, see
* the Learn more link under the Supports Trusted Access column at Amazon Web
* Services services that you can use with Organizations. on this page.
*
*
* If you disable access by using this command, it causes the following actions to occur:
*
*
* -
*
* The service can no longer create a service-linked role in the accounts in your organization. This means that the
* service can't perform operations on your behalf on any new accounts in your organization. The service can still
* perform operations in older accounts until the service completes its clean-up from Organizations.
*
*
* -
*
* The service can no longer perform tasks in the member accounts in the organization, unless those operations are
* explicitly permitted by the IAM policies that are attached to your roles. This includes any data aggregation from
* the member accounts to the management account, or to a delegated administrator account, where relevant.
*
*
* -
*
* Some services detect this and clean up any remaining data or resources related to the integration, while other
* services stop accessing the organization but leave any historical data and configuration in place to support a
* possible re-enabling of the integration.
*
*
*
*
* Using the other service's console or commands to disable the integration ensures that the other service is aware
* that it can clean up any resources that are required only for the integration. How the service cleans up its
* resources in the organization's accounts depends on that service. For more information, see the documentation for
* the other Amazon Web Services service.
*
*
*
* After you perform the DisableAWSServiceAccess
operation, the specified service can no longer perform
* operations in your organization's accounts
*
*
* For more information about integrating other services with Organizations, including the list of services that
* work with Organizations, see Using
* Organizations with other Amazon Web Services services in the Organizations User Guide.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param disableAWSServiceAccessRequest
* @return Result of the DisableAWSServiceAccess operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.DisableAWSServiceAccess
* @see AWS API Documentation
*/
@Override
public DisableAWSServiceAccessResult disableAWSServiceAccess(DisableAWSServiceAccessRequest request) {
request = beforeClientExecution(request);
return executeDisableAWSServiceAccess(request);
}
@SdkInternalApi
final DisableAWSServiceAccessResult executeDisableAWSServiceAccess(DisableAWSServiceAccessRequest disableAWSServiceAccessRequest) {
ExecutionContext executionContext = createExecutionContext(disableAWSServiceAccessRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DisableAWSServiceAccessRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(disableAWSServiceAccessRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DisableAWSServiceAccess");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new DisableAWSServiceAccessResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Disables an organizational policy type in a root. A policy of a certain type can be attached to entities in a
* root only if that type is enabled in the root. After you perform this operation, you no longer can attach
* policies of the specified type to that root or to any organizational unit (OU) or account in that root. You can
* undo this by using the EnablePolicyType operation.
*
*
* This is an asynchronous request that Amazon Web Services performs in the background. If you disable a policy type
* for a root, it still appears enabled for the organization if all
* features are enabled for the organization. Amazon Web Services recommends that you first use ListRoots
* to see the status of policy types for a specified root, and then use this operation.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* To view the status of available policy types in the organization, use DescribeOrganization.
*
*
* @param disablePolicyTypeRequest
* @return Result of the DisablePolicyType operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyTypeNotEnabledException
* The specified policy type isn't currently enabled in this root. You can't attach policies of the
* specified type to entities in a root until you enable that type in the root. For more information, see Enabling all features in your organization in the Organizations User Guide.
* @throws RootNotFoundException
* We can't find a root with the RootId
that you specified.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @sample AWSOrganizations.DisablePolicyType
* @see AWS API Documentation
*/
@Override
public DisablePolicyTypeResult disablePolicyType(DisablePolicyTypeRequest request) {
request = beforeClientExecution(request);
return executeDisablePolicyType(request);
}
@SdkInternalApi
final DisablePolicyTypeResult executeDisablePolicyType(DisablePolicyTypeRequest disablePolicyTypeRequest) {
ExecutionContext executionContext = createExecutionContext(disablePolicyTypeRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DisablePolicyTypeRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(disablePolicyTypeRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DisablePolicyType");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DisablePolicyTypeResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Enables the integration of an Amazon Web Services service (the service that is specified by
* ServicePrincipal
) with Organizations. When you enable integration, you allow the specified service
* to create a service-linked role
* in all the accounts in your organization. This allows the service to perform operations on your behalf in your
* organization and its accounts.
*
*
*
* We recommend that you enable integration between Organizations and the specified Amazon Web Services service by
* using the console or commands that are provided by the specified service. Doing so ensures that the service is
* aware that it can create the resources that are required for the integration. How the service creates those
* resources in the organization's accounts depends on that service. For more information, see the documentation for
* the other Amazon Web Services service.
*
*
*
* For more information about enabling services to integrate with Organizations, see Using
* Organizations with other Amazon Web Services services in the Organizations User Guide.
*
*
* You can only call this operation from the organization's management account and only if the organization has enabled
* all features.
*
*
* @param enableAWSServiceAccessRequest
* @return Result of the EnableAWSServiceAccess operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.EnableAWSServiceAccess
* @see AWS API Documentation
*/
@Override
public EnableAWSServiceAccessResult enableAWSServiceAccess(EnableAWSServiceAccessRequest request) {
request = beforeClientExecution(request);
return executeEnableAWSServiceAccess(request);
}
@SdkInternalApi
final EnableAWSServiceAccessResult executeEnableAWSServiceAccess(EnableAWSServiceAccessRequest enableAWSServiceAccessRequest) {
ExecutionContext executionContext = createExecutionContext(enableAWSServiceAccessRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new EnableAWSServiceAccessRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(enableAWSServiceAccessRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "EnableAWSServiceAccess");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new EnableAWSServiceAccessResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Enables all features in an organization. This enables the use of organization policies that can restrict the
* services and actions that can be called in each account. Until you enable all features, you have access only to
* consolidated billing, and you can't use any of the advanced account administration features that Organizations
* supports. For more information, see Enabling all features in your organization in the Organizations User Guide.
*
*
*
* This operation is required only for organizations that were created explicitly with only the consolidated billing
* features enabled. Calling this operation sends a handshake to every invited account in the organization. The
* feature set change can be finalized and the additional features enabled only after all administrators in the
* invited accounts approve the change by accepting the handshake.
*
*
*
* After you enable all features, you can separately enable or disable individual policy types in a root using
* EnablePolicyType and DisablePolicyType. To see the status of policy types in a root, use
* ListRoots.
*
*
* After all invited member accounts accept the handshake, you finalize the feature set change by accepting the
* handshake that contains "Action": "ENABLE_ALL_FEATURES"
. This completes the change.
*
*
* After you enable all features in your organization, the management account in the organization can apply policies
* on all member accounts. These policies can restrict what users and even administrators in those accounts can do.
* The management account can apply policies that prevent accounts from leaving the organization. Ensure that your
* account administrators are aware of this.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param enableAllFeaturesRequest
* @return Result of the EnableAllFeatures operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeConstraintViolationException
* The requested operation would violate the constraint identified in the reason code.
*
* Some of the reasons in the following list might not be applicable to this specific API or operation:
*
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. Note that deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception immediately after creating the organization, wait one hour and try again. If
* after an hour it continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a
* member of an organization.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while
* it's in the process of enabling all features. You can resume inviting accounts after you finalize the
* process when all accounts have agreed to the change.
*
*
* -
*
* ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has
* already enabled all features.
*
*
* -
*
* ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the
* organization has already started the process to enable all features.
*
*
* -
*
* ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different
* marketplace than the accounts in the organization. For example, accounts with India addresses must be
* associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
*
*
* -
*
* ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account
* too quickly after its previous change.
*
*
* -
*
* PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment
* instrument, such as a credit card, associated with it.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.EnableAllFeatures
* @see AWS API Documentation
*/
@Override
public EnableAllFeaturesResult enableAllFeatures(EnableAllFeaturesRequest request) {
request = beforeClientExecution(request);
return executeEnableAllFeatures(request);
}
@SdkInternalApi
final EnableAllFeaturesResult executeEnableAllFeatures(EnableAllFeaturesRequest enableAllFeaturesRequest) {
ExecutionContext executionContext = createExecutionContext(enableAllFeaturesRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new EnableAllFeaturesRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(enableAllFeaturesRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "EnableAllFeatures");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new EnableAllFeaturesResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type
* to the root, any organizational unit (OU), or account in that root. You can undo this by using the
* DisablePolicyType operation.
*
*
* This is an asynchronous request that Amazon Web Services performs in the background. Amazon Web Services
* recommends that you first use ListRoots to see the status of policy types for a specified root, and then
* use this operation.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* You can enable a policy type in a root only if that policy type is available in the organization. To view the
* status of available policy types in the organization, use DescribeOrganization.
*
*
* @param enablePolicyTypeRequest
* @return Result of the EnablePolicyType operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyTypeAlreadyEnabledException
* The specified policy type is already enabled in the specified root.
* @throws RootNotFoundException
* We can't find a root with the RootId
that you specified.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws PolicyTypeNotAvailableForOrganizationException
* You can't use the specified policy type with the feature set currently enabled for this organization. For
* example, you can enable SCPs only after you enable all features in the organization. For more
* information, see Managing Organizations policiesin the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @sample AWSOrganizations.EnablePolicyType
* @see AWS
* API Documentation
*/
@Override
public EnablePolicyTypeResult enablePolicyType(EnablePolicyTypeRequest request) {
request = beforeClientExecution(request);
return executeEnablePolicyType(request);
}
@SdkInternalApi
final EnablePolicyTypeResult executeEnablePolicyType(EnablePolicyTypeRequest enablePolicyTypeRequest) {
ExecutionContext executionContext = createExecutionContext(enablePolicyTypeRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new EnablePolicyTypeRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(enablePolicyTypeRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "EnablePolicyType");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new EnablePolicyTypeResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Sends an invitation to another account to join your organization as a member account. Organizations sends email
* on your behalf to the email address that is associated with the other account's owner. The invitation is
* implemented as a Handshake whose details are in the response.
*
*
*
* -
*
* You can invite Amazon Web Services accounts only from the same seller as the management account. For example, if
* your organization's management account was created by Amazon Internet Services Pvt. Ltd (AISPL), an Amazon Web
* Services seller in India, you can invite only other AISPL accounts to your organization. You can't combine
* accounts from AISPL and Amazon Web Services or from any other Amazon Web Services seller. For more information,
* see
* Consolidated billing in India.
*
*
* -
*
* If you receive an exception that indicates that you exceeded your account limits for the organization or that the
* operation failed because your organization is still initializing, wait one hour and then try again. If the error
* persists after an hour, contact Amazon Web Services
* Support.
*
*
*
*
*
* If the request includes tags, then the requester must have the organizations:TagResource
permission.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param inviteAccountToOrganizationRequest
* @return Result of the InviteAccountToOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws AccountOwnerNotVerifiedException
* You can't invite an existing account to your organization until you verify that you own the email address
* associated with the management account. For more information, see Email address verification in the Organizations User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeConstraintViolationException
* The requested operation would violate the constraint identified in the reason code.
*
* Some of the reasons in the following list might not be applicable to this specific API or operation:
*
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. Note that deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception immediately after creating the organization, wait one hour and try again. If
* after an hour it continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a
* member of an organization.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while
* it's in the process of enabling all features. You can resume inviting accounts after you finalize the
* process when all accounts have agreed to the change.
*
*
* -
*
* ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has
* already enabled all features.
*
*
* -
*
* ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the
* organization has already started the process to enable all features.
*
*
* -
*
* ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different
* marketplace than the accounts in the organization. For example, accounts with India addresses must be
* associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
*
*
* -
*
* ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account
* too quickly after its previous change.
*
*
* -
*
* PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment
* instrument, such as a credit card, associated with it.
*
*
* @throws DuplicateHandshakeException
* A handshake with the same action and target already exists. For example, if you invited an account to
* join your organization, the invited account might already have a pending invitation from this
* organization. If you intend to resend an invitation to an account, ensure that existing handshakes that
* might be considered duplicates are canceled or declined.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws FinalizingOrganizationException
* Organizations couldn't perform the operation because your organization hasn't finished initializing. This
* can take up to an hour. Try again later. If after one hour you continue to receive this error, contact Amazon Web Services Support.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.InviteAccountToOrganization
* @see AWS API Documentation
*/
@Override
public InviteAccountToOrganizationResult inviteAccountToOrganization(InviteAccountToOrganizationRequest request) {
request = beforeClientExecution(request);
return executeInviteAccountToOrganization(request);
}
@SdkInternalApi
final InviteAccountToOrganizationResult executeInviteAccountToOrganization(InviteAccountToOrganizationRequest inviteAccountToOrganizationRequest) {
ExecutionContext executionContext = createExecutionContext(inviteAccountToOrganizationRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new InviteAccountToOrganizationRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(inviteAccountToOrganizationRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "InviteAccountToOrganization");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new InviteAccountToOrganizationResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Removes a member account from its parent organization. This version of the operation is performed by the account
* that wants to leave. To remove a member account as a user in the management account, use
* RemoveAccountFromOrganization instead.
*
*
* This operation can be called only from a member account in the organization.
*
*
*
* -
*
* The management account in an organization with all features enabled can set service control policies (SCPs) that
* can restrict what administrators of member accounts can do. This includes preventing them from successfully
* calling LeaveOrganization
and leaving the organization.
*
*
* -
*
* You can leave an organization as a member account only if the account is configured with the information required
* to operate as a standalone account. When you create an account in an organization using the Organizations
* console, API, or CLI commands, the information required of standalone accounts is not automatically
* collected. For each account that you want to make standalone, you must perform the following steps. If any of the
* steps are already completed for this account, that step doesn't appear.
*
*
* -
*
* Choose a support plan
*
*
* -
*
* Provide and verify the required contact information
*
*
* -
*
* Provide a current payment method
*
*
*
*
* Amazon Web Services uses the payment method to charge for any billable (not free tier) Amazon Web Services
* activity that occurs while the account isn't attached to an organization. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
*
*
* -
*
* The account that you want to leave must not be a delegated administrator account for any Amazon Web Services
* service enabled for your organization. If the account is a delegated administrator, you must first change the
* delegated administrator account to another account that is remaining in the organization.
*
*
* -
*
* You can leave an organization only after you enable IAM user access to billing in your account. For more
* information, see About IAM access to the Billing and Cost Management console in the Amazon Web Services Billing and Cost
* Management User Guide.
*
*
* -
*
* After the account leaves the organization, all tags that were attached to the account object in the organization
* are deleted. Amazon Web Services accounts outside of an organization do not support tags.
*
*
* -
*
* A newly created account has a waiting period before it can be removed from its organization. If you get an error
* that indicates that a wait period is required, then try again in a few days.
*
*
* -
*
* If you are using an organization principal to call LeaveOrganization
across multiple accounts, you
* can only do this up to 5 accounts per second in a single organization.
*
*
*
*
*
* @param leaveOrganizationRequest
* @return Result of the LeaveOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an Amazon Web Services account with the AccountId
that you specified, or the
* account whose credentials you used to make this request isn't a member of an organization.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws MasterCannotLeaveOrganizationException
* You can't remove a management account from an organization. If you want the management account to become
* a member account in another organization, you must first delete the current organization of the
* management account.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.LeaveOrganization
* @see AWS API Documentation
*/
@Override
public LeaveOrganizationResult leaveOrganization(LeaveOrganizationRequest request) {
request = beforeClientExecution(request);
return executeLeaveOrganization(request);
}
@SdkInternalApi
final LeaveOrganizationResult executeLeaveOrganization(LeaveOrganizationRequest leaveOrganizationRequest) {
ExecutionContext executionContext = createExecutionContext(leaveOrganizationRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new LeaveOrganizationRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(leaveOrganizationRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "LeaveOrganization");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new LeaveOrganizationResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Returns a list of the Amazon Web Services services that you enabled to integrate with your organization. After a
* service on this list creates the resources that it requires for the integration, it can perform operations on
* your organization and its accounts.
*
*
* For more information about integrating other services with Organizations, including the list of services that
* currently work with Organizations, see Using
* Organizations with other Amazon Web Services services in the Organizations User Guide.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param listAWSServiceAccessForOrganizationRequest
* @return Result of the ListAWSServiceAccessForOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.ListAWSServiceAccessForOrganization
* @see AWS API Documentation
*/
@Override
public ListAWSServiceAccessForOrganizationResult listAWSServiceAccessForOrganization(ListAWSServiceAccessForOrganizationRequest request) {
request = beforeClientExecution(request);
return executeListAWSServiceAccessForOrganization(request);
}
@SdkInternalApi
final ListAWSServiceAccessForOrganizationResult executeListAWSServiceAccessForOrganization(
ListAWSServiceAccessForOrganizationRequest listAWSServiceAccessForOrganizationRequest) {
ExecutionContext executionContext = createExecutionContext(listAWSServiceAccessForOrganizationRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListAWSServiceAccessForOrganizationRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(listAWSServiceAccessForOrganizationRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListAWSServiceAccessForOrganization");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new ListAWSServiceAccessForOrganizationResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists all the accounts in the organization. To request only the accounts in a specified root or organizational
* unit (OU), use the ListAccountsForParent operation instead.
*
*
*
* Always check the NextToken
response parameter for a null
value when calling a
* List*
operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken
response parameter value is null
only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param listAccountsRequest
* @return Result of the ListAccounts operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.ListAccounts
* @see AWS API
* Documentation
*/
@Override
public ListAccountsResult listAccounts(ListAccountsRequest request) {
request = beforeClientExecution(request);
return executeListAccounts(request);
}
@SdkInternalApi
final ListAccountsResult executeListAccounts(ListAccountsRequest listAccountsRequest) {
ExecutionContext executionContext = createExecutionContext(listAccountsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListAccountsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listAccountsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListAccounts");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListAccountsResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists the accounts in an organization that are contained by the specified target root or organizational unit
* (OU). If you specify the root, you get a list of all the accounts that aren't in any OU. If you specify an OU,
* you get a list of all the accounts in only that OU and not in any child OUs. To get a list of all accounts in the
* organization, use the ListAccounts operation.
*
*
*
* Always check the NextToken
response parameter for a null
value when calling a
* List*
operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken
response parameter value is null
only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param listAccountsForParentRequest
* @return Result of the ListAccountsForParent operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId
that you specified.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.ListAccountsForParent
* @see AWS API Documentation
*/
@Override
public ListAccountsForParentResult listAccountsForParent(ListAccountsForParentRequest request) {
request = beforeClientExecution(request);
return executeListAccountsForParent(request);
}
@SdkInternalApi
final ListAccountsForParentResult executeListAccountsForParent(ListAccountsForParentRequest listAccountsForParentRequest) {
ExecutionContext executionContext = createExecutionContext(listAccountsForParentRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListAccountsForParentRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listAccountsForParentRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListAccountsForParent");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory
.createResponseHandler(new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new ListAccountsForParentResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root.
* This operation, along with ListParents enables you to traverse the tree structure that makes up this root.
*
*
*
* Always check the NextToken
response parameter for a null
value when calling a
* List*
operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken
response parameter value is null
only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param listChildrenRequest
* @return Result of the ListChildren operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId
that you specified.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.ListChildren
* @see AWS API
* Documentation
*/
@Override
public ListChildrenResult listChildren(ListChildrenRequest request) {
request = beforeClientExecution(request);
return executeListChildren(request);
}
@SdkInternalApi
final ListChildrenResult executeListChildren(ListChildrenRequest listChildrenRequest) {
ExecutionContext executionContext = createExecutionContext(listChildrenRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListChildrenRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listChildrenRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListChildren");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListChildrenResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists the account creation requests that match the specified status that is currently being tracked for the
* organization.
*
*
*
* Always check the NextToken
response parameter for a null
value when calling a
* List*
operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken
response parameter value is null
only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param listCreateAccountStatusRequest
* @return Result of the ListCreateAccountStatus operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.ListCreateAccountStatus
* @see AWS API Documentation
*/
@Override
public ListCreateAccountStatusResult listCreateAccountStatus(ListCreateAccountStatusRequest request) {
request = beforeClientExecution(request);
return executeListCreateAccountStatus(request);
}
@SdkInternalApi
final ListCreateAccountStatusResult executeListCreateAccountStatus(ListCreateAccountStatusRequest listCreateAccountStatusRequest) {
ExecutionContext executionContext = createExecutionContext(listCreateAccountStatusRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListCreateAccountStatusRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(listCreateAccountStatusRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListCreateAccountStatus");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new ListCreateAccountStatusResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists the Amazon Web Services accounts that are designated as delegated administrators in this organization.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param listDelegatedAdministratorsRequest
* @return Result of the ListDelegatedAdministrators operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.ListDelegatedAdministrators
* @see AWS API Documentation
*/
@Override
public ListDelegatedAdministratorsResult listDelegatedAdministrators(ListDelegatedAdministratorsRequest request) {
request = beforeClientExecution(request);
return executeListDelegatedAdministrators(request);
}
@SdkInternalApi
final ListDelegatedAdministratorsResult executeListDelegatedAdministrators(ListDelegatedAdministratorsRequest listDelegatedAdministratorsRequest) {
ExecutionContext executionContext = createExecutionContext(listDelegatedAdministratorsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListDelegatedAdministratorsRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(listDelegatedAdministratorsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListDelegatedAdministrators");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new ListDelegatedAdministratorsResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* List the Amazon Web Services services for which the specified account is a delegated administrator.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param listDelegatedServicesForAccountRequest
* @return Result of the ListDelegatedServicesForAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an Amazon Web Services account with the AccountId
that you specified, or the
* account whose credentials you used to make this request isn't a member of an organization.
* @throws AccountNotRegisteredException
* The specified account is not a delegated administrator for this Amazon Web Services service.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.ListDelegatedServicesForAccount
* @see AWS API Documentation
*/
@Override
public ListDelegatedServicesForAccountResult listDelegatedServicesForAccount(ListDelegatedServicesForAccountRequest request) {
request = beforeClientExecution(request);
return executeListDelegatedServicesForAccount(request);
}
@SdkInternalApi
final ListDelegatedServicesForAccountResult executeListDelegatedServicesForAccount(
ListDelegatedServicesForAccountRequest listDelegatedServicesForAccountRequest) {
ExecutionContext executionContext = createExecutionContext(listDelegatedServicesForAccountRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListDelegatedServicesForAccountRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(listDelegatedServicesForAccountRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListDelegatedServicesForAccount");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new ListDelegatedServicesForAccountResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists the current handshakes that are associated with the account of the requesting user.
*
*
* Handshakes that are ACCEPTED
, DECLINED
, CANCELED
, or EXPIRED
* appear in the results of this API for only 30 days after changing to that state. After that, they're deleted and
* no longer accessible.
*
*
*
* Always check the NextToken
response parameter for a null
value when calling a
* List*
operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken
response parameter value is null
only
* when there are no more results to display.
*
*
*
* This operation can be called from any account in the organization.
*
*
* @param listHandshakesForAccountRequest
* @return Result of the ListHandshakesForAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.ListHandshakesForAccount
* @see AWS API Documentation
*/
@Override
public ListHandshakesForAccountResult listHandshakesForAccount(ListHandshakesForAccountRequest request) {
request = beforeClientExecution(request);
return executeListHandshakesForAccount(request);
}
@SdkInternalApi
final ListHandshakesForAccountResult executeListHandshakesForAccount(ListHandshakesForAccountRequest listHandshakesForAccountRequest) {
ExecutionContext executionContext = createExecutionContext(listHandshakesForAccountRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListHandshakesForAccountRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(listHandshakesForAccountRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListHandshakesForAccount");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new ListHandshakesForAccountResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists the handshakes that are associated with the organization that the requesting user is part of. The
* ListHandshakesForOrganization
operation returns a list of handshake structures. Each structure
* contains details and status about a handshake.
*
*
* Handshakes that are ACCEPTED
, DECLINED
, CANCELED
, or EXPIRED
* appear in the results of this API for only 30 days after changing to that state. After that, they're deleted and
* no longer accessible.
*
*
*
* Always check the NextToken
response parameter for a null
value when calling a
* List*
operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken
response parameter value is null
only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param listHandshakesForOrganizationRequest
* @return Result of the ListHandshakesForOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.ListHandshakesForOrganization
* @see AWS API Documentation
*/
@Override
public ListHandshakesForOrganizationResult listHandshakesForOrganization(ListHandshakesForOrganizationRequest request) {
request = beforeClientExecution(request);
return executeListHandshakesForOrganization(request);
}
@SdkInternalApi
final ListHandshakesForOrganizationResult executeListHandshakesForOrganization(ListHandshakesForOrganizationRequest listHandshakesForOrganizationRequest) {
ExecutionContext executionContext = createExecutionContext(listHandshakesForOrganizationRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListHandshakesForOrganizationRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(listHandshakesForOrganizationRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListHandshakesForOrganization");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new ListHandshakesForOrganizationResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists the organizational units (OUs) in a parent organizational unit or root.
*
*
*
* Always check the NextToken
response parameter for a null
value when calling a
* List*
operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken
response parameter value is null
only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param listOrganizationalUnitsForParentRequest
* @return Result of the ListOrganizationalUnitsForParent operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId
that you specified.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.ListOrganizationalUnitsForParent
* @see AWS API Documentation
*/
@Override
public ListOrganizationalUnitsForParentResult listOrganizationalUnitsForParent(ListOrganizationalUnitsForParentRequest request) {
request = beforeClientExecution(request);
return executeListOrganizationalUnitsForParent(request);
}
@SdkInternalApi
final ListOrganizationalUnitsForParentResult executeListOrganizationalUnitsForParent(
ListOrganizationalUnitsForParentRequest listOrganizationalUnitsForParentRequest) {
ExecutionContext executionContext = createExecutionContext(listOrganizationalUnitsForParentRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListOrganizationalUnitsForParentRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(listOrganizationalUnitsForParentRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListOrganizationalUnitsForParent");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new ListOrganizationalUnitsForParentResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or
* account. This operation, along with ListChildren enables you to traverse the tree structure that makes up
* this root.
*
*
*
* Always check the NextToken
response parameter for a null
value when calling a
* List*
operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken
response parameter value is null
only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
*
* In the current release, a child can have only a single parent.
*
*
*
* @param listParentsRequest
* @return Result of the ListParents operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ChildNotFoundException
* We can't find an organizational unit (OU) or Amazon Web Services account with the ChildId
* that you specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.ListParents
* @see AWS API
* Documentation
*/
@Override
public ListParentsResult listParents(ListParentsRequest request) {
request = beforeClientExecution(request);
return executeListParents(request);
}
@SdkInternalApi
final ListParentsResult executeListParents(ListParentsRequest listParentsRequest) {
ExecutionContext executionContext = createExecutionContext(listParentsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListParentsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listParentsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListParents");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListParentsResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves the list of all policies in an organization of a specified type.
*
*
*
* Always check the NextToken
response parameter for a null
value when calling a
* List*
operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken
response parameter value is null
only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param listPoliciesRequest
* @return Result of the ListPolicies operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.ListPolicies
* @see AWS API
* Documentation
*/
@Override
public ListPoliciesResult listPolicies(ListPoliciesRequest request) {
request = beforeClientExecution(request);
return executeListPolicies(request);
}
@SdkInternalApi
final ListPoliciesResult executeListPolicies(ListPoliciesRequest listPoliciesRequest) {
ExecutionContext executionContext = createExecutionContext(listPoliciesRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListPoliciesRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listPoliciesRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListPolicies");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListPoliciesResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account.
* You must specify the policy type that you want included in the returned list.
*
*
*
* Always check the NextToken
response parameter for a null
value when calling a
* List*
operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken
response parameter value is null
only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param listPoliciesForTargetRequest
* @return Result of the ListPoliciesForTarget operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId
that you specified.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.ListPoliciesForTarget
* @see AWS API Documentation
*/
@Override
public ListPoliciesForTargetResult listPoliciesForTarget(ListPoliciesForTargetRequest request) {
request = beforeClientExecution(request);
return executeListPoliciesForTarget(request);
}
@SdkInternalApi
final ListPoliciesForTargetResult executeListPoliciesForTarget(ListPoliciesForTargetRequest listPoliciesForTargetRequest) {
ExecutionContext executionContext = createExecutionContext(listPoliciesForTargetRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListPoliciesForTargetRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listPoliciesForTargetRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListPoliciesForTarget");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory
.createResponseHandler(new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new ListPoliciesForTargetResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists the roots that are defined in the current organization.
*
*
*
* Always check the NextToken
response parameter for a null
value when calling a
* List*
operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken
response parameter value is null
only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
*
* Policy types can be enabled and disabled in roots. This is distinct from whether they're available in the
* organization. When you enable all features, you make policy types available for use in that organization.
* Individual policy types can then be enabled and disabled in a root. To see the availability of a policy type in
* an organization, use DescribeOrganization.
*
*
*
* @param listRootsRequest
* @return Result of the ListRoots operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.ListRoots
* @see AWS API
* Documentation
*/
@Override
public ListRootsResult listRoots(ListRootsRequest request) {
request = beforeClientExecution(request);
return executeListRoots(request);
}
@SdkInternalApi
final ListRootsResult executeListRoots(ListRootsRequest listRootsRequest) {
ExecutionContext executionContext = createExecutionContext(listRootsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListRootsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listRootsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListRoots");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListRootsResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists tags that are attached to the specified resource.
*
*
* You can attach tags to the following resources in Organizations.
*
*
* -
*
* Amazon Web Services account
*
*
* -
*
* Organization root
*
*
* -
*
* Organizational unit (OU)
*
*
* -
*
* Policy (any type)
*
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param listTagsForResourceRequest
* @return Result of the ListTagsForResource operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId
that you specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.ListTagsForResource
* @see AWS API Documentation
*/
@Override
public ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest request) {
request = beforeClientExecution(request);
return executeListTagsForResource(request);
}
@SdkInternalApi
final ListTagsForResourceResult executeListTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest) {
ExecutionContext executionContext = createExecutionContext(listTagsForResourceRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListTagsForResourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listTagsForResourceRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListTagsForResource");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListTagsForResourceResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to.
*
*
*
* Always check the NextToken
response parameter for a null
value when calling a
* List*
operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken
response parameter value is null
only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param listTargetsForPolicyRequest
* @return Result of the ListTargetsForPolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId
that you specified.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.ListTargetsForPolicy
* @see AWS API Documentation
*/
@Override
public ListTargetsForPolicyResult listTargetsForPolicy(ListTargetsForPolicyRequest request) {
request = beforeClientExecution(request);
return executeListTargetsForPolicy(request);
}
@SdkInternalApi
final ListTargetsForPolicyResult executeListTargetsForPolicy(ListTargetsForPolicyRequest listTargetsForPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(listTargetsForPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListTargetsForPolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listTargetsForPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListTargetsForPolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListTargetsForPolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Moves an account from its current source parent root or organizational unit (OU) to the specified destination
* parent root or OU.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param moveAccountRequest
* @return Result of the MoveAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws SourceParentNotFoundException
* We can't find a source root or OU with the ParentId
that you specified.
* @throws DestinationParentNotFoundException
* We can't find the destination container (a root or OU) with the ParentId
that you specified.
* @throws DuplicateAccountException
* That account is already present in the specified destination.
* @throws AccountNotFoundException
* We can't find an Amazon Web Services account with the AccountId
that you specified, or the
* account whose credentials you used to make this request isn't a member of an organization.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @sample AWSOrganizations.MoveAccount
* @see AWS API
* Documentation
*/
@Override
public MoveAccountResult moveAccount(MoveAccountRequest request) {
request = beforeClientExecution(request);
return executeMoveAccount(request);
}
@SdkInternalApi
final MoveAccountResult executeMoveAccount(MoveAccountRequest moveAccountRequest) {
ExecutionContext executionContext = createExecutionContext(moveAccountRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new MoveAccountRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(moveAccountRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "MoveAccount");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new MoveAccountResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates or updates a resource policy.
*
*
* You can only call this operation from the organization's management account.
*
*
* @param putResourcePolicyRequest
* @return Result of the PutResourcePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
*
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @sample AWSOrganizations.PutResourcePolicy
* @see AWS API Documentation
*/
@Override
public PutResourcePolicyResult putResourcePolicy(PutResourcePolicyRequest request) {
request = beforeClientExecution(request);
return executePutResourcePolicy(request);
}
@SdkInternalApi
final PutResourcePolicyResult executePutResourcePolicy(PutResourcePolicyRequest putResourcePolicyRequest) {
ExecutionContext executionContext = createExecutionContext(putResourcePolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new PutResourcePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(putResourcePolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "PutResourcePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new PutResourcePolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Enables the specified member account to administer the Organizations features of the specified Amazon Web
* Services service. It grants read-only access to Organizations service data. The account still requires IAM
* permissions to access and administer the Amazon Web Services service.
*
*
* You can run this action only for Amazon Web Services services that support this feature. For a current list of
* services that support it, see the column Supports Delegated Administrator in the table at Amazon Web
* Services Services that you can use with Organizations in the Organizations User Guide.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param registerDelegatedAdministratorRequest
* @return Result of the RegisterDelegatedAdministrator operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountAlreadyRegisteredException
* The specified account is already a delegated administrator for this Amazon Web Services service.
* @throws AccountNotFoundException
* We can't find an Amazon Web Services account with the AccountId
that you specified, or the
* account whose credentials you used to make this request isn't a member of an organization.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @sample AWSOrganizations.RegisterDelegatedAdministrator
* @see AWS API Documentation
*/
@Override
public RegisterDelegatedAdministratorResult registerDelegatedAdministrator(RegisterDelegatedAdministratorRequest request) {
request = beforeClientExecution(request);
return executeRegisterDelegatedAdministrator(request);
}
@SdkInternalApi
final RegisterDelegatedAdministratorResult executeRegisterDelegatedAdministrator(RegisterDelegatedAdministratorRequest registerDelegatedAdministratorRequest) {
ExecutionContext executionContext = createExecutionContext(registerDelegatedAdministratorRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new RegisterDelegatedAdministratorRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(registerDelegatedAdministratorRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "RegisterDelegatedAdministrator");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new RegisterDelegatedAdministratorResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Removes the specified account from the organization.
*
*
* The removed account becomes a standalone account that isn't a member of any organization. It's no longer subject
* to any policies and is responsible for its own bill payments. The organization's management account is no longer
* charged for any expenses accrued by the member account after it's removed from the organization.
*
*
* This operation can be called only from the organization's management account. Member accounts can remove
* themselves with LeaveOrganization instead.
*
*
*
* -
*
* You can remove an account from your organization only if the account is configured with the information required
* to operate as a standalone account. When you create an account in an organization using the Organizations
* console, API, or CLI commands, the information required of standalone accounts is not automatically
* collected. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
*
*
* -
*
* The account that you want to leave must not be a delegated administrator account for any Amazon Web Services
* service enabled for your organization. If the account is a delegated administrator, you must first change the
* delegated administrator account to another account that is remaining in the organization.
*
*
* -
*
* After the account leaves the organization, all tags that were attached to the account object in the organization
* are deleted. Amazon Web Services accounts outside of an organization do not support tags.
*
*
*
*
*
* @param removeAccountFromOrganizationRequest
* @return Result of the RemoveAccountFromOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an Amazon Web Services account with the AccountId
that you specified, or the
* account whose credentials you used to make this request isn't a member of an organization.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws MasterCannotLeaveOrganizationException
* You can't remove a management account from an organization. If you want the management account to become
* a member account in another organization, you must first delete the current organization of the
* management account.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.RemoveAccountFromOrganization
* @see AWS API Documentation
*/
@Override
public RemoveAccountFromOrganizationResult removeAccountFromOrganization(RemoveAccountFromOrganizationRequest request) {
request = beforeClientExecution(request);
return executeRemoveAccountFromOrganization(request);
}
@SdkInternalApi
final RemoveAccountFromOrganizationResult executeRemoveAccountFromOrganization(RemoveAccountFromOrganizationRequest removeAccountFromOrganizationRequest) {
ExecutionContext executionContext = createExecutionContext(removeAccountFromOrganizationRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new RemoveAccountFromOrganizationRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(removeAccountFromOrganizationRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "RemoveAccountFromOrganization");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new RemoveAccountFromOrganizationResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Adds one or more tags to the specified resource.
*
*
* Currently, you can attach tags to the following resources in Organizations.
*
*
* -
*
* Amazon Web Services account
*
*
* -
*
* Organization root
*
*
* -
*
* Organizational unit (OU)
*
*
* -
*
* Policy (any type)
*
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param tagResourceRequest
* @return Result of the TagResource operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId
that you specified.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.TagResource
* @see AWS API
* Documentation
*/
@Override
public TagResourceResult tagResource(TagResourceRequest request) {
request = beforeClientExecution(request);
return executeTagResource(request);
}
@SdkInternalApi
final TagResourceResult executeTagResource(TagResourceRequest tagResourceRequest) {
ExecutionContext executionContext = createExecutionContext(tagResourceRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new TagResourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(tagResourceRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "TagResource");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new TagResourceResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Removes any tags with the specified keys from the specified resource.
*
*
* You can attach tags to the following resources in Organizations.
*
*
* -
*
* Amazon Web Services account
*
*
* -
*
* Organization root
*
*
* -
*
* Organizational unit (OU)
*
*
* -
*
* Policy (any type)
*
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param untagResourceRequest
* @return Result of the UntagResource operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId
that you specified.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.UntagResource
* @see AWS
* API Documentation
*/
@Override
public UntagResourceResult untagResource(UntagResourceRequest request) {
request = beforeClientExecution(request);
return executeUntagResource(request);
}
@SdkInternalApi
final UntagResourceResult executeUntagResource(UntagResourceRequest untagResourceRequest) {
ExecutionContext executionContext = createExecutionContext(untagResourceRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new UntagResourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(untagResourceRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "UntagResource");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UntagResourceResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Renames the specified organizational unit (OU). The ID and ARN don't change. The child OUs and accounts remain in
* place, and any attached policies of the OU remain attached.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param updateOrganizationalUnitRequest
* @return Result of the UpdateOrganizationalUnit operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws DuplicateOrganizationalUnitException
* An OU with the same name already exists.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws OrganizationalUnitNotFoundException
* We can't find an OU with the OrganizationalUnitId
that you specified.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @sample AWSOrganizations.UpdateOrganizationalUnit
* @see AWS API Documentation
*/
@Override
public UpdateOrganizationalUnitResult updateOrganizationalUnit(UpdateOrganizationalUnitRequest request) {
request = beforeClientExecution(request);
return executeUpdateOrganizationalUnit(request);
}
@SdkInternalApi
final UpdateOrganizationalUnitResult executeUpdateOrganizationalUnit(UpdateOrganizationalUnitRequest updateOrganizationalUnitRequest) {
ExecutionContext executionContext = createExecutionContext(updateOrganizationalUnitRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new UpdateOrganizationalUnitRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(updateOrganizationalUnitRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "UpdateOrganizationalUnit");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new UpdateOrganizationalUnitResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Updates an existing policy with a new name, description, or content. If you don't supply any parameter, that
* value remains unchanged. You can't change a policy's type.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an Amazon Web Services service.
*
*
* @param updatePolicyRequest
* @return Result of the UpdatePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AWSOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You
* must complete the account setup before you create an organization.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact Amazon Web Services Support to request an
* increase in your limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase
* in the number of accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
*
*
* -
*
* CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as
* a delegated administrator.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an Amazon Web Services service integrated with
* Organizations. You can designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management
* account for the organization, you must first either remove or close all member accounts in the
* organization. Follow standard account closure process using root credentials.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
*
*
* -
*
* CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close
* at a time.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account
* as a delegated administrator for an Amazon Web Services service that already has a delegated
* administrator. To complete this operation, you must first deregister any existing delegated
* administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is
* associated with the account. Amazon Web Services does not support cards issued by financial institutions
* in Russia or Belarus. For more information, see Managing your
* Amazon Web Services payments.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To
* create an organization, the master must have a valid business license. For more information, contact
* customer support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations
* in the Amazon Web Services GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. For more
* information, see Considerations before removing an account from an organization in the Organizations User
* Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated administrator before you enabled
* service access. Call the EnableAWSServiceAccess
API first.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* -
*
* WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you
* can remove it from the organization. If you get an error that indicates that a wait period is required,
* try again in a few days.
*
*
* @throws DuplicatePolicyException
* A policy with the same name already exists.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken
parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor
.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count
* against your tags per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws MalformedPolicyDocumentException
* The provided policy document doesn't meet the requirements of the specified policy type. For example, the
* syntax might be incorrect. For details about service control policy syntax, see SCP syntax in the Organizations User Guide.
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId
that you specified.
* @throws ServiceException
* Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect Organizations, see Quotas for
* Organizations in the Organizations User Guide.
* @throws UnsupportedAPIEndpointException
* This action isn't available in the current Amazon Web Services Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @sample AWSOrganizations.UpdatePolicy
* @see AWS API
* Documentation
*/
@Override
public UpdatePolicyResult updatePolicy(UpdatePolicyRequest request) {
request = beforeClientExecution(request);
return executeUpdatePolicy(request);
}
@SdkInternalApi
final UpdatePolicyResult executeUpdatePolicy(UpdatePolicyRequest updatePolicyRequest) {
ExecutionContext executionContext = createExecutionContext(updatePolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new UpdatePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(updatePolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint);
request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden());
request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion());
request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Organizations");
request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "UpdatePolicy");
request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UpdatePolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* Returns additional metadata for a previously executed successful, request, typically used for debugging issues
* where a service isn't acting as expected. This data isn't considered part of the result data returned by an
* operation, so it's available through this separate, diagnostic interface.
*
* Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic
* information for an executed request, you should use this method to retrieve it as soon as possible after
* executing the request.
*
* @param request
* The originally executed request
*
* @return The response metadata for the specified request, or null if none is available.
*/
public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request) {
return client.getResponseMetadataForRequest(request);
}
/**
* Normal invoke with authentication. Credentials are required and may be overriden at the request level.
**/
private Response invoke(Request request, HttpResponseHandler> responseHandler,
ExecutionContext executionContext) {
return invoke(request, responseHandler, executionContext, null, null);
}
/**
* Normal invoke with authentication. Credentials are required and may be overriden at the request level.
**/
private Response invoke(Request request, HttpResponseHandler> responseHandler,
ExecutionContext executionContext, URI cachedEndpoint, URI uriFromEndpointTrait) {
executionContext.setCredentialsProvider(CredentialUtils.getCredentialsProvider(request.getOriginalRequest(), awsCredentialsProvider));
return doInvoke(request, responseHandler, executionContext, cachedEndpoint, uriFromEndpointTrait);
}
/**
* Invoke with no authentication. Credentials are not required and any credentials set on the client or request will
* be ignored for this operation.
**/
private Response anonymousInvoke(Request request,
HttpResponseHandler> responseHandler, ExecutionContext executionContext) {
return doInvoke(request, responseHandler, executionContext, null, null);
}
/**
* Invoke the request using the http client. Assumes credentials (or lack thereof) have been configured in the
* ExecutionContext beforehand.
**/
private Response doInvoke(Request request, HttpResponseHandler> responseHandler,
ExecutionContext executionContext, URI discoveredEndpoint, URI uriFromEndpointTrait) {
if (discoveredEndpoint != null) {
request.setEndpoint(discoveredEndpoint);
request.getOriginalRequest().getRequestClientOptions().appendUserAgent("endpoint-discovery");
} else if (uriFromEndpointTrait != null) {
request.setEndpoint(uriFromEndpointTrait);
} else {
request.setEndpoint(endpoint);
}
request.setTimeOffset(timeOffset);
HttpResponseHandler errorResponseHandler = protocolFactory.createErrorResponseHandler(new JsonErrorResponseMetadata());
return client.execute(request, responseHandler, errorResponseHandler, executionContext);
}
@com.amazonaws.annotation.SdkInternalApi
static com.amazonaws.protocol.json.SdkJsonProtocolFactory getProtocolFactory() {
return protocolFactory;
}
@Override
public void shutdown() {
super.shutdown();
}
}