software.amazon.awssdk.services.organizations.OrganizationsClient Maven / Gradle / Ivy
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.organizations;
import java.util.function.Consumer;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.annotations.SdkPublicApi;
import software.amazon.awssdk.annotations.ThreadSafe;
import software.amazon.awssdk.awscore.exception.AwsServiceException;
import software.amazon.awssdk.core.SdkClient;
import software.amazon.awssdk.core.exception.SdkClientException;
import software.amazon.awssdk.regions.ServiceMetadata;
import software.amazon.awssdk.services.organizations.model.AcceptHandshakeRequest;
import software.amazon.awssdk.services.organizations.model.AcceptHandshakeResponse;
import software.amazon.awssdk.services.organizations.model.AccessDeniedException;
import software.amazon.awssdk.services.organizations.model.AccessDeniedForDependencyException;
import software.amazon.awssdk.services.organizations.model.AccountAlreadyRegisteredException;
import software.amazon.awssdk.services.organizations.model.AccountNotFoundException;
import software.amazon.awssdk.services.organizations.model.AccountNotRegisteredException;
import software.amazon.awssdk.services.organizations.model.AccountOwnerNotVerifiedException;
import software.amazon.awssdk.services.organizations.model.AlreadyInOrganizationException;
import software.amazon.awssdk.services.organizations.model.AttachPolicyRequest;
import software.amazon.awssdk.services.organizations.model.AttachPolicyResponse;
import software.amazon.awssdk.services.organizations.model.AwsOrganizationsNotInUseException;
import software.amazon.awssdk.services.organizations.model.CancelHandshakeRequest;
import software.amazon.awssdk.services.organizations.model.CancelHandshakeResponse;
import software.amazon.awssdk.services.organizations.model.ChildNotFoundException;
import software.amazon.awssdk.services.organizations.model.ConcurrentModificationException;
import software.amazon.awssdk.services.organizations.model.ConstraintViolationException;
import software.amazon.awssdk.services.organizations.model.CreateAccountRequest;
import software.amazon.awssdk.services.organizations.model.CreateAccountResponse;
import software.amazon.awssdk.services.organizations.model.CreateAccountStatusNotFoundException;
import software.amazon.awssdk.services.organizations.model.CreateGovCloudAccountRequest;
import software.amazon.awssdk.services.organizations.model.CreateGovCloudAccountResponse;
import software.amazon.awssdk.services.organizations.model.CreateOrganizationRequest;
import software.amazon.awssdk.services.organizations.model.CreateOrganizationResponse;
import software.amazon.awssdk.services.organizations.model.CreateOrganizationalUnitRequest;
import software.amazon.awssdk.services.organizations.model.CreateOrganizationalUnitResponse;
import software.amazon.awssdk.services.organizations.model.CreatePolicyRequest;
import software.amazon.awssdk.services.organizations.model.CreatePolicyResponse;
import software.amazon.awssdk.services.organizations.model.DeclineHandshakeRequest;
import software.amazon.awssdk.services.organizations.model.DeclineHandshakeResponse;
import software.amazon.awssdk.services.organizations.model.DeleteOrganizationRequest;
import software.amazon.awssdk.services.organizations.model.DeleteOrganizationResponse;
import software.amazon.awssdk.services.organizations.model.DeleteOrganizationalUnitRequest;
import software.amazon.awssdk.services.organizations.model.DeleteOrganizationalUnitResponse;
import software.amazon.awssdk.services.organizations.model.DeletePolicyRequest;
import software.amazon.awssdk.services.organizations.model.DeletePolicyResponse;
import software.amazon.awssdk.services.organizations.model.DeregisterDelegatedAdministratorRequest;
import software.amazon.awssdk.services.organizations.model.DeregisterDelegatedAdministratorResponse;
import software.amazon.awssdk.services.organizations.model.DescribeAccountRequest;
import software.amazon.awssdk.services.organizations.model.DescribeAccountResponse;
import software.amazon.awssdk.services.organizations.model.DescribeCreateAccountStatusRequest;
import software.amazon.awssdk.services.organizations.model.DescribeCreateAccountStatusResponse;
import software.amazon.awssdk.services.organizations.model.DescribeEffectivePolicyRequest;
import software.amazon.awssdk.services.organizations.model.DescribeEffectivePolicyResponse;
import software.amazon.awssdk.services.organizations.model.DescribeHandshakeRequest;
import software.amazon.awssdk.services.organizations.model.DescribeHandshakeResponse;
import software.amazon.awssdk.services.organizations.model.DescribeOrganizationRequest;
import software.amazon.awssdk.services.organizations.model.DescribeOrganizationResponse;
import software.amazon.awssdk.services.organizations.model.DescribeOrganizationalUnitRequest;
import software.amazon.awssdk.services.organizations.model.DescribeOrganizationalUnitResponse;
import software.amazon.awssdk.services.organizations.model.DescribePolicyRequest;
import software.amazon.awssdk.services.organizations.model.DescribePolicyResponse;
import software.amazon.awssdk.services.organizations.model.DestinationParentNotFoundException;
import software.amazon.awssdk.services.organizations.model.DetachPolicyRequest;
import software.amazon.awssdk.services.organizations.model.DetachPolicyResponse;
import software.amazon.awssdk.services.organizations.model.DisableAwsServiceAccessRequest;
import software.amazon.awssdk.services.organizations.model.DisableAwsServiceAccessResponse;
import software.amazon.awssdk.services.organizations.model.DisablePolicyTypeRequest;
import software.amazon.awssdk.services.organizations.model.DisablePolicyTypeResponse;
import software.amazon.awssdk.services.organizations.model.DuplicateAccountException;
import software.amazon.awssdk.services.organizations.model.DuplicateHandshakeException;
import software.amazon.awssdk.services.organizations.model.DuplicateOrganizationalUnitException;
import software.amazon.awssdk.services.organizations.model.DuplicatePolicyAttachmentException;
import software.amazon.awssdk.services.organizations.model.DuplicatePolicyException;
import software.amazon.awssdk.services.organizations.model.EffectivePolicyNotFoundException;
import software.amazon.awssdk.services.organizations.model.EnableAllFeaturesRequest;
import software.amazon.awssdk.services.organizations.model.EnableAllFeaturesResponse;
import software.amazon.awssdk.services.organizations.model.EnableAwsServiceAccessRequest;
import software.amazon.awssdk.services.organizations.model.EnableAwsServiceAccessResponse;
import software.amazon.awssdk.services.organizations.model.EnablePolicyTypeRequest;
import software.amazon.awssdk.services.organizations.model.EnablePolicyTypeResponse;
import software.amazon.awssdk.services.organizations.model.FinalizingOrganizationException;
import software.amazon.awssdk.services.organizations.model.HandshakeAlreadyInStateException;
import software.amazon.awssdk.services.organizations.model.HandshakeConstraintViolationException;
import software.amazon.awssdk.services.organizations.model.HandshakeNotFoundException;
import software.amazon.awssdk.services.organizations.model.InvalidHandshakeTransitionException;
import software.amazon.awssdk.services.organizations.model.InvalidInputException;
import software.amazon.awssdk.services.organizations.model.InviteAccountToOrganizationRequest;
import software.amazon.awssdk.services.organizations.model.InviteAccountToOrganizationResponse;
import software.amazon.awssdk.services.organizations.model.LeaveOrganizationRequest;
import software.amazon.awssdk.services.organizations.model.LeaveOrganizationResponse;
import software.amazon.awssdk.services.organizations.model.ListAccountsForParentRequest;
import software.amazon.awssdk.services.organizations.model.ListAccountsForParentResponse;
import software.amazon.awssdk.services.organizations.model.ListAccountsRequest;
import software.amazon.awssdk.services.organizations.model.ListAccountsResponse;
import software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationRequest;
import software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationResponse;
import software.amazon.awssdk.services.organizations.model.ListChildrenRequest;
import software.amazon.awssdk.services.organizations.model.ListChildrenResponse;
import software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest;
import software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusResponse;
import software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsRequest;
import software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsResponse;
import software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountRequest;
import software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountResponse;
import software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest;
import software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountResponse;
import software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest;
import software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationResponse;
import software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentRequest;
import software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentResponse;
import software.amazon.awssdk.services.organizations.model.ListParentsRequest;
import software.amazon.awssdk.services.organizations.model.ListParentsResponse;
import software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetRequest;
import software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetResponse;
import software.amazon.awssdk.services.organizations.model.ListPoliciesRequest;
import software.amazon.awssdk.services.organizations.model.ListPoliciesResponse;
import software.amazon.awssdk.services.organizations.model.ListRootsRequest;
import software.amazon.awssdk.services.organizations.model.ListRootsResponse;
import software.amazon.awssdk.services.organizations.model.ListTagsForResourceRequest;
import software.amazon.awssdk.services.organizations.model.ListTagsForResourceResponse;
import software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyRequest;
import software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyResponse;
import software.amazon.awssdk.services.organizations.model.MalformedPolicyDocumentException;
import software.amazon.awssdk.services.organizations.model.MasterCannotLeaveOrganizationException;
import software.amazon.awssdk.services.organizations.model.MoveAccountRequest;
import software.amazon.awssdk.services.organizations.model.MoveAccountResponse;
import software.amazon.awssdk.services.organizations.model.OrganizationNotEmptyException;
import software.amazon.awssdk.services.organizations.model.OrganizationalUnitNotEmptyException;
import software.amazon.awssdk.services.organizations.model.OrganizationalUnitNotFoundException;
import software.amazon.awssdk.services.organizations.model.OrganizationsException;
import software.amazon.awssdk.services.organizations.model.ParentNotFoundException;
import software.amazon.awssdk.services.organizations.model.PolicyChangesInProgressException;
import software.amazon.awssdk.services.organizations.model.PolicyInUseException;
import software.amazon.awssdk.services.organizations.model.PolicyNotAttachedException;
import software.amazon.awssdk.services.organizations.model.PolicyNotFoundException;
import software.amazon.awssdk.services.organizations.model.PolicyTypeAlreadyEnabledException;
import software.amazon.awssdk.services.organizations.model.PolicyTypeNotAvailableForOrganizationException;
import software.amazon.awssdk.services.organizations.model.PolicyTypeNotEnabledException;
import software.amazon.awssdk.services.organizations.model.RegisterDelegatedAdministratorRequest;
import software.amazon.awssdk.services.organizations.model.RegisterDelegatedAdministratorResponse;
import software.amazon.awssdk.services.organizations.model.RemoveAccountFromOrganizationRequest;
import software.amazon.awssdk.services.organizations.model.RemoveAccountFromOrganizationResponse;
import software.amazon.awssdk.services.organizations.model.RootNotFoundException;
import software.amazon.awssdk.services.organizations.model.ServiceException;
import software.amazon.awssdk.services.organizations.model.SourceParentNotFoundException;
import software.amazon.awssdk.services.organizations.model.TagResourceRequest;
import software.amazon.awssdk.services.organizations.model.TagResourceResponse;
import software.amazon.awssdk.services.organizations.model.TargetNotFoundException;
import software.amazon.awssdk.services.organizations.model.TooManyRequestsException;
import software.amazon.awssdk.services.organizations.model.UnsupportedApiEndpointException;
import software.amazon.awssdk.services.organizations.model.UntagResourceRequest;
import software.amazon.awssdk.services.organizations.model.UntagResourceResponse;
import software.amazon.awssdk.services.organizations.model.UpdateOrganizationalUnitRequest;
import software.amazon.awssdk.services.organizations.model.UpdateOrganizationalUnitResponse;
import software.amazon.awssdk.services.organizations.model.UpdatePolicyRequest;
import software.amazon.awssdk.services.organizations.model.UpdatePolicyResponse;
import software.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable;
import software.amazon.awssdk.services.organizations.paginators.ListAccountsForParentIterable;
import software.amazon.awssdk.services.organizations.paginators.ListAccountsIterable;
import software.amazon.awssdk.services.organizations.paginators.ListChildrenIterable;
import software.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable;
import software.amazon.awssdk.services.organizations.paginators.ListDelegatedAdministratorsIterable;
import software.amazon.awssdk.services.organizations.paginators.ListDelegatedServicesForAccountIterable;
import software.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable;
import software.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable;
import software.amazon.awssdk.services.organizations.paginators.ListOrganizationalUnitsForParentIterable;
import software.amazon.awssdk.services.organizations.paginators.ListParentsIterable;
import software.amazon.awssdk.services.organizations.paginators.ListPoliciesForTargetIterable;
import software.amazon.awssdk.services.organizations.paginators.ListPoliciesIterable;
import software.amazon.awssdk.services.organizations.paginators.ListRootsIterable;
import software.amazon.awssdk.services.organizations.paginators.ListTagsForResourceIterable;
import software.amazon.awssdk.services.organizations.paginators.ListTargetsForPolicyIterable;
/**
* Service client for accessing Organizations. This can be created using the static {@link #builder()} method.
*
*
* AWS Organizations is a web service that enables you to consolidate your multiple AWS accounts into an
* organization and centrally manage your accounts and their resources.
*
*
* This guide provides descriptions of the Organizations operations. For more information about using this service, see
* the AWS Organizations User
* Guide.
*
*
* Support and feedback for AWS Organizations
*
*
* We welcome your feedback. Send your comments to [email protected] or post your feedback and
* questions in the AWS Organizations support forum.
* For more information about the AWS support forums, see Forums
* Help.
*
*
* Endpoint to call When using the AWS CLI or the AWS SDK
*
*
* For the current release of Organizations, specify the us-east-1 region for all AWS API and AWS CLI calls
* made from the commercial AWS Regions outside of China. If calling from one of the AWS Regions in China, then specify
* cn-northwest-1. You can do this in the AWS CLI by using these parameters and commands:
*
*
* -
*
* Use the following parameter with each command to specify both the endpoint and its region:
*
*
* --endpoint-url https://organizations.us-east-1.amazonaws.com (from commercial AWS Regions outside of
* China)
*
*
* or
*
*
* --endpoint-url https://organizations.cn-northwest-1.amazonaws.com.cn (from AWS Regions in China)
*
*
* -
*
* Use the default endpoint, but configure your default region with this command:
*
*
* aws configure set default.region us-east-1 (from commercial AWS Regions outside of China)
*
*
* or
*
*
* aws configure set default.region cn-northwest-1 (from AWS Regions in China)
*
*
* -
*
* Use the following parameter with each command to specify the endpoint:
*
*
* --region us-east-1 (from commercial AWS Regions outside of China)
*
*
* or
*
*
* --region cn-northwest-1 (from AWS Regions in China)
*
*
*
*
* Recording API Requests
*
*
* AWS Organizations supports AWS CloudTrail, a service that records AWS API calls for your AWS account and delivers log
* files to an Amazon S3 bucket. By using information collected by AWS CloudTrail, you can determine which requests the
* Organizations service received, who made the request and when, and so on. For more about AWS Organizations and its
* support for AWS CloudTrail, see Logging AWS Organizations Events with AWS CloudTrail in the AWS Organizations User Guide. To learn more
* about AWS CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail
* User Guide.
*
*/
@Generated("software.amazon.awssdk:codegen")
@SdkPublicApi
@ThreadSafe
public interface OrganizationsClient extends SdkClient {
String SERVICE_NAME = "organizations";
/**
* Value for looking up the service's metadata from the
* {@link software.amazon.awssdk.regions.ServiceMetadataProvider}.
*/
String SERVICE_METADATA_ID = "organizations";
/**
* Create a {@link OrganizationsClient} with the region loaded from the
* {@link software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain} and credentials loaded from the
* {@link software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider}.
*/
static OrganizationsClient create() {
return builder().build();
}
/**
* Create a builder that can be used to configure and create a {@link OrganizationsClient}.
*/
static OrganizationsClientBuilder builder() {
return new DefaultOrganizationsClientBuilder();
}
/**
*
* Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request.
*
*
* This operation can be called only by the following principals when they also have the relevant IAM permissions:
*
*
* -
*
* Invitation to join or Approve all features request handshakes: only a principal from the member
* account.
*
*
* The user who calls the API for an invitation to join must have the organizations:AcceptHandshake
* permission. If you enabled all features in the organization, the user must also have the
* iam:CreateServiceLinkedRole permission so that AWS Organizations can create the required
* service-linked role named AWSServiceRoleForOrganizations. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
*
*
* -
*
* Enable all features final confirmation handshake: only a principal from the management account.
*
*
* For more information about invitations, see Inviting an
* AWS Account to Join Your Organization in the AWS Organizations User Guide. For more information about
* requests to enable all features in the organization, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
*
*
*
*
* After you accept a handshake, it continues to appear in the results of relevant APIs for only 30 days. After
* that, it's deleted.
*
*
* @param acceptHandshakeRequest
* @return Result of the AcceptHandshake operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws HandshakeConstraintViolationException
* The requested operation would violate the constraint identified in the reason code.
*
* Some of the reasons in the following list might not be applicable to this specific API or operation:
*
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. Note that deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception immediately after creating the organization, wait one hour and try again. If
* after an hour it continues to fail with this error, contact AWS Support.
*
*
* -
*
* ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a
* member of an organization.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while
* it's in the process of enabling all features. You can resume inviting accounts after you finalize the
* process when all accounts have agreed to the change.
*
*
* -
*
* ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has
* already enabled all features.
*
*
* -
*
* ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the
* organization has already started the process to enable all features.
*
*
* -
*
* ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different
* marketplace than the accounts in the organization. For example, accounts with India addresses must be
* associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
*
*
* -
*
* ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account
* too quickly after its previous change.
*
*
* -
*
* PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment
* instrument, such as a credit card, associated with it.
*
*
* @throws HandshakeNotFoundException
* We can't find a handshake with the HandshakeId that you specified.
* @throws InvalidHandshakeTransitionException
* You can't perform the operation on the handshake in its current state. For example, you can't cancel a
* handshake that was already accepted or accept a handshake that was already declined.
* @throws HandshakeAlreadyInStateException
* The specified handshake is already in the requested state. For example, you can't accept a handshake that
* was already accepted.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws AccessDeniedForDependencyException
* The operation that you attempted requires you to have the iam:CreateServiceLinkedRole for
* organizations.amazonaws.com permission so that AWS Organizations can create the required
* service-linked role. You don't have that permission.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.AcceptHandshake
* @see AWS
* API Documentation
*/
default AcceptHandshakeResponse acceptHandshake(AcceptHandshakeRequest acceptHandshakeRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, HandshakeConstraintViolationException, HandshakeNotFoundException,
InvalidHandshakeTransitionException, HandshakeAlreadyInStateException, InvalidInputException,
ConcurrentModificationException, ServiceException, TooManyRequestsException, AccessDeniedForDependencyException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request.
*
*
* This operation can be called only by the following principals when they also have the relevant IAM permissions:
*
*
* -
*
* Invitation to join or Approve all features request handshakes: only a principal from the member
* account.
*
*
* The user who calls the API for an invitation to join must have the organizations:AcceptHandshake
* permission. If you enabled all features in the organization, the user must also have the
* iam:CreateServiceLinkedRole permission so that AWS Organizations can create the required
* service-linked role named AWSServiceRoleForOrganizations. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
*
*
* -
*
* Enable all features final confirmation handshake: only a principal from the management account.
*
*
* For more information about invitations, see Inviting an
* AWS Account to Join Your Organization in the AWS Organizations User Guide. For more information about
* requests to enable all features in the organization, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
*
*
*
*
* After you accept a handshake, it continues to appear in the results of relevant APIs for only 30 days. After
* that, it's deleted.
*
*
*
* This is a convenience which creates an instance of the {@link AcceptHandshakeRequest.Builder} avoiding the need
* to create one manually via {@link AcceptHandshakeRequest#builder()}
*
*
* @param acceptHandshakeRequest
* A {@link Consumer} that will call methods on {@link AcceptHandshakeRequest.Builder} to create a request.
* @return Result of the AcceptHandshake operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws HandshakeConstraintViolationException
* The requested operation would violate the constraint identified in the reason code.
*
* Some of the reasons in the following list might not be applicable to this specific API or operation:
*
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. Note that deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception immediately after creating the organization, wait one hour and try again. If
* after an hour it continues to fail with this error, contact AWS Support.
*
*
* -
*
* ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a
* member of an organization.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while
* it's in the process of enabling all features. You can resume inviting accounts after you finalize the
* process when all accounts have agreed to the change.
*
*
* -
*
* ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has
* already enabled all features.
*
*
* -
*
* ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the
* organization has already started the process to enable all features.
*
*
* -
*
* ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different
* marketplace than the accounts in the organization. For example, accounts with India addresses must be
* associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
*
*
* -
*
* ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account
* too quickly after its previous change.
*
*
* -
*
* PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment
* instrument, such as a credit card, associated with it.
*
*
* @throws HandshakeNotFoundException
* We can't find a handshake with the HandshakeId that you specified.
* @throws InvalidHandshakeTransitionException
* You can't perform the operation on the handshake in its current state. For example, you can't cancel a
* handshake that was already accepted or accept a handshake that was already declined.
* @throws HandshakeAlreadyInStateException
* The specified handshake is already in the requested state. For example, you can't accept a handshake that
* was already accepted.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws AccessDeniedForDependencyException
* The operation that you attempted requires you to have the iam:CreateServiceLinkedRole for
* organizations.amazonaws.com permission so that AWS Organizations can create the required
* service-linked role. You don't have that permission.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.AcceptHandshake
* @see AWS
* API Documentation
*/
default AcceptHandshakeResponse acceptHandshake(Consumer acceptHandshakeRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, HandshakeConstraintViolationException,
HandshakeNotFoundException, InvalidHandshakeTransitionException, HandshakeAlreadyInStateException,
InvalidInputException, ConcurrentModificationException, ServiceException, TooManyRequestsException,
AccessDeniedForDependencyException, AwsServiceException, SdkClientException, OrganizationsException {
return acceptHandshake(AcceptHandshakeRequest.builder().applyMutation(acceptHandshakeRequest).build());
}
/**
*
* Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects
* accounts depends on the type of policy. Refer to the AWS Organizations User Guide for information about
* each policy type:
*
*
* -
*
*
* -
*
*
* BACKUP_POLICY
*
*
* -
*
*
* -
*
*
* TAG_POLICY
*
*
*
*
* This operation can be called only from the organization's management account.
*
*
* @param attachPolicyRequest
* @return Result of the AttachPolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws DuplicatePolicyAttachmentException
* The selected policy is already attached to the specified target.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId that you specified.
* @throws PolicyTypeNotEnabledException
* The specified policy type isn't currently enabled in this root. You can't attach policies of the
* specified type to entities in a root until you enable that type in the root. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.AttachPolicy
* @see AWS
* API Documentation
*/
default AttachPolicyResponse attachPolicy(AttachPolicyRequest attachPolicyRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException,
DuplicatePolicyAttachmentException, InvalidInputException, PolicyNotFoundException, PolicyTypeNotEnabledException,
ServiceException, TargetNotFoundException, TooManyRequestsException, UnsupportedApiEndpointException,
PolicyChangesInProgressException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects
* accounts depends on the type of policy. Refer to the AWS Organizations User Guide for information about
* each policy type:
*
*
* -
*
*
* -
*
*
* BACKUP_POLICY
*
*
* -
*
*
* -
*
*
* TAG_POLICY
*
*
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link AttachPolicyRequest.Builder} avoiding the need to
* create one manually via {@link AttachPolicyRequest#builder()}
*
*
* @param attachPolicyRequest
* A {@link Consumer} that will call methods on {@link AttachPolicyRequest.Builder} to create a request.
* @return Result of the AttachPolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws DuplicatePolicyAttachmentException
* The selected policy is already attached to the specified target.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId that you specified.
* @throws PolicyTypeNotEnabledException
* The specified policy type isn't currently enabled in this root. You can't attach policies of the
* specified type to entities in a root until you enable that type in the root. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.AttachPolicy
* @see AWS
* API Documentation
*/
default AttachPolicyResponse attachPolicy(Consumer attachPolicyRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
ConstraintViolationException, DuplicatePolicyAttachmentException, InvalidInputException, PolicyNotFoundException,
PolicyTypeNotEnabledException, ServiceException, TargetNotFoundException, TooManyRequestsException,
UnsupportedApiEndpointException, PolicyChangesInProgressException, AwsServiceException, SdkClientException,
OrganizationsException {
return attachPolicy(AttachPolicyRequest.builder().applyMutation(attachPolicyRequest).build());
}
/**
*
* Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED.
*
*
* This operation can be called only from the account that originated the handshake. The recipient of the handshake
* can't cancel it, but can use DeclineHandshake instead. After a handshake is canceled, the recipient can no
* longer respond to that handshake.
*
*
* After you cancel a handshake, it continues to appear in the results of relevant APIs for only 30 days. After
* that, it's deleted.
*
*
* @param cancelHandshakeRequest
* @return Result of the CancelHandshake operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeNotFoundException
* We can't find a handshake with the HandshakeId that you specified.
* @throws InvalidHandshakeTransitionException
* You can't perform the operation on the handshake in its current state. For example, you can't cancel a
* handshake that was already accepted or accept a handshake that was already declined.
* @throws HandshakeAlreadyInStateException
* The specified handshake is already in the requested state. For example, you can't accept a handshake that
* was already accepted.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.CancelHandshake
* @see AWS
* API Documentation
*/
default CancelHandshakeResponse cancelHandshake(CancelHandshakeRequest cancelHandshakeRequest) throws AccessDeniedException,
ConcurrentModificationException, HandshakeNotFoundException, InvalidHandshakeTransitionException,
HandshakeAlreadyInStateException, InvalidInputException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED.
*
*
* This operation can be called only from the account that originated the handshake. The recipient of the handshake
* can't cancel it, but can use DeclineHandshake instead. After a handshake is canceled, the recipient can no
* longer respond to that handshake.
*
*
* After you cancel a handshake, it continues to appear in the results of relevant APIs for only 30 days. After
* that, it's deleted.
*
*
*
* This is a convenience which creates an instance of the {@link CancelHandshakeRequest.Builder} avoiding the need
* to create one manually via {@link CancelHandshakeRequest#builder()}
*
*
* @param cancelHandshakeRequest
* A {@link Consumer} that will call methods on {@link CancelHandshakeRequest.Builder} to create a request.
* @return Result of the CancelHandshake operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeNotFoundException
* We can't find a handshake with the HandshakeId that you specified.
* @throws InvalidHandshakeTransitionException
* You can't perform the operation on the handshake in its current state. For example, you can't cancel a
* handshake that was already accepted or accept a handshake that was already declined.
* @throws HandshakeAlreadyInStateException
* The specified handshake is already in the requested state. For example, you can't accept a handshake that
* was already accepted.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.CancelHandshake
* @see AWS
* API Documentation
*/
default CancelHandshakeResponse cancelHandshake(Consumer cancelHandshakeRequest)
throws AccessDeniedException, ConcurrentModificationException, HandshakeNotFoundException,
InvalidHandshakeTransitionException, HandshakeAlreadyInStateException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return cancelHandshake(CancelHandshakeRequest.builder().applyMutation(cancelHandshakeRequest).build());
}
/**
*
* Creates an AWS account that is automatically a member of the organization whose credentials made the request.
* This is an asynchronous request that AWS performs in the background. Because CreateAccount operates
* asynchronously, it can return a successful completion message even though account initialization might still be
* in progress. You might need to wait a few minutes before you can successfully access the account. To check the
* status of the request, do one of the following:
*
*
* -
*
* Use the Id member of the CreateAccountStatus response element from this operation to
* provide as a parameter to the DescribeCreateAccountStatus operation.
*
*
* -
*
* Check the AWS CloudTrail log for the CreateAccountResult event. For information on using AWS
* CloudTrail with AWS Organizations, see Logging and monitoring in AWS Organizations in the AWS Organizations User Guide.
*
*
*
*
* The user who calls the API to create an account must have the organizations:CreateAccount
* permission. If you enabled all features in the organization, AWS Organizations creates the required
* service-linked role named AWSServiceRoleForOrganizations. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
*
*
* If the request includes tags, then the requester must have the organizations:TagResource permission.
*
*
* AWS Organizations preconfigures the new member account with a role (named
* OrganizationAccountAccessRole by default) that grants users in the management account administrator
* permissions in the new member account. Principals in the management account can assume the role. AWS
* Organizations clones the company name and address information for the new account from the organization's
* management account.
*
*
* This operation can be called only from the organization's management account.
*
*
* For more information about creating accounts, see Creating an
* AWS Account in Your Organization in the AWS Organizations User Guide.
*
*
*
* -
*
* When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the
* information required for the account to operate as a standalone account, such as a payment method and signing the
* end user license agreement (EULA) is not automatically collected. If you must remove an account from your
* organization later, you can do so only after you provide the missing information. Follow the steps at To leave an organization as a member account in the AWS Organizations User Guide.
*
*
* -
*
* If you get an exception that indicates that you exceeded your account limits for the organization, contact AWS Support.
*
*
* -
*
* If you get an exception that indicates that the operation failed because your organization is still initializing,
* wait one hour and then try again. If the error persists, contact AWS Support.
*
*
* -
*
* Using CreateAccount to create multiple temporary accounts isn't recommended. You can only close an
* account from the Billing and Cost Management Console, and you must be signed in as the root user. For information
* on the requirements and process for closing an account, see Closing an AWS
* Account in the AWS Organizations User Guide.
*
*
*
*
*
* When you create a member account with this operation, you can choose whether to create the account with the
* IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that
* have appropriate permissions can view billing information for the account. If you disable it, only the account
* root user can access billing information. For information about how to disable this switch for an account, see Granting Access to Your
* Billing Information and Tools.
*
*
*
* @param createAccountRequest
* @return Result of the CreateAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws FinalizingOrganizationException
* AWS Organizations couldn't perform the operation because your organization hasn't finished initializing.
* This can take up to an hour. Try again later. If after one hour you continue to receive this error,
* contact AWS Support.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.CreateAccount
* @see AWS
* API Documentation
*/
default CreateAccountResponse createAccount(CreateAccountRequest createAccountRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException,
InvalidInputException, FinalizingOrganizationException, ServiceException, TooManyRequestsException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Creates an AWS account that is automatically a member of the organization whose credentials made the request.
* This is an asynchronous request that AWS performs in the background. Because CreateAccount operates
* asynchronously, it can return a successful completion message even though account initialization might still be
* in progress. You might need to wait a few minutes before you can successfully access the account. To check the
* status of the request, do one of the following:
*
*
* -
*
* Use the Id member of the CreateAccountStatus response element from this operation to
* provide as a parameter to the DescribeCreateAccountStatus operation.
*
*
* -
*
* Check the AWS CloudTrail log for the CreateAccountResult event. For information on using AWS
* CloudTrail with AWS Organizations, see Logging and monitoring in AWS Organizations in the AWS Organizations User Guide.
*
*
*
*
* The user who calls the API to create an account must have the organizations:CreateAccount
* permission. If you enabled all features in the organization, AWS Organizations creates the required
* service-linked role named AWSServiceRoleForOrganizations. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
*
*
* If the request includes tags, then the requester must have the organizations:TagResource permission.
*
*
* AWS Organizations preconfigures the new member account with a role (named
* OrganizationAccountAccessRole by default) that grants users in the management account administrator
* permissions in the new member account. Principals in the management account can assume the role. AWS
* Organizations clones the company name and address information for the new account from the organization's
* management account.
*
*
* This operation can be called only from the organization's management account.
*
*
* For more information about creating accounts, see Creating an
* AWS Account in Your Organization in the AWS Organizations User Guide.
*
*
*
* -
*
* When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the
* information required for the account to operate as a standalone account, such as a payment method and signing the
* end user license agreement (EULA) is not automatically collected. If you must remove an account from your
* organization later, you can do so only after you provide the missing information. Follow the steps at To leave an organization as a member account in the AWS Organizations User Guide.
*
*
* -
*
* If you get an exception that indicates that you exceeded your account limits for the organization, contact AWS Support.
*
*
* -
*
* If you get an exception that indicates that the operation failed because your organization is still initializing,
* wait one hour and then try again. If the error persists, contact AWS Support.
*
*
* -
*
* Using CreateAccount to create multiple temporary accounts isn't recommended. You can only close an
* account from the Billing and Cost Management Console, and you must be signed in as the root user. For information
* on the requirements and process for closing an account, see Closing an AWS
* Account in the AWS Organizations User Guide.
*
*
*
*
*
* When you create a member account with this operation, you can choose whether to create the account with the
* IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that
* have appropriate permissions can view billing information for the account. If you disable it, only the account
* root user can access billing information. For information about how to disable this switch for an account, see Granting Access to Your
* Billing Information and Tools.
*
*
*
* This is a convenience which creates an instance of the {@link CreateAccountRequest.Builder} avoiding the need to
* create one manually via {@link CreateAccountRequest#builder()}
*
*
* @param createAccountRequest
* A {@link Consumer} that will call methods on {@link CreateAccountRequest.Builder} to create a request.
* @return Result of the CreateAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws FinalizingOrganizationException
* AWS Organizations couldn't perform the operation because your organization hasn't finished initializing.
* This can take up to an hour. Try again later. If after one hour you continue to receive this error,
* contact AWS Support.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.CreateAccount
* @see AWS
* API Documentation
*/
default CreateAccountResponse createAccount(Consumer createAccountRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
ConstraintViolationException, InvalidInputException, FinalizingOrganizationException, ServiceException,
TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
return createAccount(CreateAccountRequest.builder().applyMutation(createAccountRequest).build());
}
/**
*
* This action is available if all of the following are true:
*
*
* -
*
* You're authorized to create accounts in the AWS GovCloud (US) Region. For more information on the AWS GovCloud
* (US) Region, see the AWS
* GovCloud User Guide.
*
*
* -
*
* You already have an account in the AWS GovCloud (US) Region that is paired with a management account of an
* organization in the commercial Region.
*
*
* -
*
* You call this action from the management account of your organization in the commercial Region.
*
*
* -
*
* You have the organizations:CreateGovCloudAccount permission.
*
*
*
*
* AWS Organizations automatically creates the required service-linked role named
* AWSServiceRoleForOrganizations. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
*
*
* AWS automatically enables AWS CloudTrail for AWS GovCloud (US) accounts, but you should also do the following:
*
*
* -
*
* Verify that AWS CloudTrail is enabled to store logs.
*
*
* -
*
* Create an S3 bucket for AWS CloudTrail log storage.
*
*
* For more information, see Verifying AWS CloudTrail
* Is Enabled in the AWS GovCloud User Guide.
*
*
*
*
* If the request includes tags, then the requester must have the organizations:TagResource permission.
* The tags are attached to the commercial account associated with the GovCloud account, rather than the GovCloud
* account itself. To add tags to the GovCloud account, call the TagResource operation in the GovCloud Region
* after the new GovCloud account exists.
*
*
* You call this action from the management account of your organization in the commercial Region to create a
* standalone AWS account in the AWS GovCloud (US) Region. After the account is created, the management account of
* an organization in the AWS GovCloud (US) Region can invite it to that organization. For more information on
* inviting standalone accounts in the AWS GovCloud (US) to join an organization, see AWS Organizations
* in the AWS GovCloud User Guide.
*
*
* Calling CreateGovCloudAccount is an asynchronous request that AWS performs in the background.
* Because CreateGovCloudAccount operates asynchronously, it can return a successful completion message
* even though account initialization might still be in progress. You might need to wait a few minutes before you
* can successfully access the account. To check the status of the request, do one of the following:
*
*
* -
*
* Use the OperationId response element from this operation to provide as a parameter to the
* DescribeCreateAccountStatus operation.
*
*
* -
*
* Check the AWS CloudTrail log for the CreateAccountResult event. For information on using AWS
* CloudTrail with Organizations, see Monitoring the Activity in
* Your Organization in the AWS Organizations User Guide.
*
*
*
*
*
* When you call the CreateGovCloudAccount action, you create two accounts: a standalone account in the
* AWS GovCloud (US) Region and an associated account in the commercial Region for billing and support purposes. The
* account in the commercial Region is automatically a member of the organization whose credentials made the
* request. Both accounts are associated with the same email address.
*
*
* A role is created in the new account in the commercial Region that allows the management account in the
* organization in the commercial Region to assume it. An AWS GovCloud (US) account is then created and associated
* with the commercial account that you just created. A role is also created in the new AWS GovCloud (US) account
* that can be assumed by the AWS GovCloud (US) account that is associated with the management account of the
* commercial organization. For more information and to view a diagram that explains how account access works, see
* AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* For more information about creating accounts, see Creating an
* AWS Account in Your Organization in the AWS Organizations User Guide.
*
*
*
* -
*
* When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the
* information required for the account to operate as a standalone account is not automatically collected.
* This includes a payment method and signing the end user license agreement (EULA). If you must remove an account
* from your organization later, you can do so only after you provide the missing information. Follow the steps at
* To leave an organization as a member account in the AWS Organizations User Guide.
*
*
* -
*
* If you get an exception that indicates that you exceeded your account limits for the organization, contact AWS Support.
*
*
* -
*
* If you get an exception that indicates that the operation failed because your organization is still initializing,
* wait one hour and then try again. If the error persists, contact AWS Support.
*
*
* -
*
* Using CreateGovCloudAccount to create multiple temporary accounts isn't recommended. You can only
* close an account from the AWS Billing and Cost Management console, and you must be signed in as the root user.
* For information on the requirements and process for closing an account, see Closing an AWS
* Account in the AWS Organizations User Guide.
*
*
*
*
*
* When you create a member account with this operation, you can choose whether to create the account with the
* IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that
* have appropriate permissions can view billing information for the account. If you disable it, only the account
* root user can access billing information. For information about how to disable this switch for an account, see Granting Access to Your
* Billing Information and Tools.
*
*
*
* @param createGovCloudAccountRequest
* @return Result of the CreateGovCloudAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws FinalizingOrganizationException
* AWS Organizations couldn't perform the operation because your organization hasn't finished initializing.
* This can take up to an hour. Try again later. If after one hour you continue to receive this error,
* contact AWS Support.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.CreateGovCloudAccount
* @see AWS API Documentation
*/
default CreateGovCloudAccountResponse createGovCloudAccount(CreateGovCloudAccountRequest createGovCloudAccountRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
ConstraintViolationException, InvalidInputException, FinalizingOrganizationException, ServiceException,
TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* This action is available if all of the following are true:
*
*
* -
*
* You're authorized to create accounts in the AWS GovCloud (US) Region. For more information on the AWS GovCloud
* (US) Region, see the AWS
* GovCloud User Guide.
*
*
* -
*
* You already have an account in the AWS GovCloud (US) Region that is paired with a management account of an
* organization in the commercial Region.
*
*
* -
*
* You call this action from the management account of your organization in the commercial Region.
*
*
* -
*
* You have the organizations:CreateGovCloudAccount permission.
*
*
*
*
* AWS Organizations automatically creates the required service-linked role named
* AWSServiceRoleForOrganizations. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
*
*
* AWS automatically enables AWS CloudTrail for AWS GovCloud (US) accounts, but you should also do the following:
*
*
* -
*
* Verify that AWS CloudTrail is enabled to store logs.
*
*
* -
*
* Create an S3 bucket for AWS CloudTrail log storage.
*
*
* For more information, see Verifying AWS CloudTrail
* Is Enabled in the AWS GovCloud User Guide.
*
*
*
*
* If the request includes tags, then the requester must have the organizations:TagResource permission.
* The tags are attached to the commercial account associated with the GovCloud account, rather than the GovCloud
* account itself. To add tags to the GovCloud account, call the TagResource operation in the GovCloud Region
* after the new GovCloud account exists.
*
*
* You call this action from the management account of your organization in the commercial Region to create a
* standalone AWS account in the AWS GovCloud (US) Region. After the account is created, the management account of
* an organization in the AWS GovCloud (US) Region can invite it to that organization. For more information on
* inviting standalone accounts in the AWS GovCloud (US) to join an organization, see AWS Organizations
* in the AWS GovCloud User Guide.
*
*
* Calling CreateGovCloudAccount is an asynchronous request that AWS performs in the background.
* Because CreateGovCloudAccount operates asynchronously, it can return a successful completion message
* even though account initialization might still be in progress. You might need to wait a few minutes before you
* can successfully access the account. To check the status of the request, do one of the following:
*
*
* -
*
* Use the OperationId response element from this operation to provide as a parameter to the
* DescribeCreateAccountStatus operation.
*
*
* -
*
* Check the AWS CloudTrail log for the CreateAccountResult event. For information on using AWS
* CloudTrail with Organizations, see Monitoring the Activity in
* Your Organization in the AWS Organizations User Guide.
*
*
*
*
*
* When you call the CreateGovCloudAccount action, you create two accounts: a standalone account in the
* AWS GovCloud (US) Region and an associated account in the commercial Region for billing and support purposes. The
* account in the commercial Region is automatically a member of the organization whose credentials made the
* request. Both accounts are associated with the same email address.
*
*
* A role is created in the new account in the commercial Region that allows the management account in the
* organization in the commercial Region to assume it. An AWS GovCloud (US) account is then created and associated
* with the commercial account that you just created. A role is also created in the new AWS GovCloud (US) account
* that can be assumed by the AWS GovCloud (US) account that is associated with the management account of the
* commercial organization. For more information and to view a diagram that explains how account access works, see
* AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* For more information about creating accounts, see Creating an
* AWS Account in Your Organization in the AWS Organizations User Guide.
*
*
*
* -
*
* When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the
* information required for the account to operate as a standalone account is not automatically collected.
* This includes a payment method and signing the end user license agreement (EULA). If you must remove an account
* from your organization later, you can do so only after you provide the missing information. Follow the steps at
* To leave an organization as a member account in the AWS Organizations User Guide.
*
*
* -
*
* If you get an exception that indicates that you exceeded your account limits for the organization, contact AWS Support.
*
*
* -
*
* If you get an exception that indicates that the operation failed because your organization is still initializing,
* wait one hour and then try again. If the error persists, contact AWS Support.
*
*
* -
*
* Using CreateGovCloudAccount to create multiple temporary accounts isn't recommended. You can only
* close an account from the AWS Billing and Cost Management console, and you must be signed in as the root user.
* For information on the requirements and process for closing an account, see Closing an AWS
* Account in the AWS Organizations User Guide.
*
*
*
*
*
* When you create a member account with this operation, you can choose whether to create the account with the
* IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that
* have appropriate permissions can view billing information for the account. If you disable it, only the account
* root user can access billing information. For information about how to disable this switch for an account, see Granting Access to Your
* Billing Information and Tools.
*
*
*
* This is a convenience which creates an instance of the {@link CreateGovCloudAccountRequest.Builder} avoiding the
* need to create one manually via {@link CreateGovCloudAccountRequest#builder()}
*
*
* @param createGovCloudAccountRequest
* A {@link Consumer} that will call methods on {@link CreateGovCloudAccountRequest.Builder} to create a
* request.
* @return Result of the CreateGovCloudAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws FinalizingOrganizationException
* AWS Organizations couldn't perform the operation because your organization hasn't finished initializing.
* This can take up to an hour. Try again later. If after one hour you continue to receive this error,
* contact AWS Support.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.CreateGovCloudAccount
* @see AWS API Documentation
*/
default CreateGovCloudAccountResponse createGovCloudAccount(
Consumer createGovCloudAccountRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException,
InvalidInputException, FinalizingOrganizationException, ServiceException, TooManyRequestsException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
return createGovCloudAccount(CreateGovCloudAccountRequest.builder().applyMutation(createGovCloudAccountRequest).build());
}
/**
*
* Creates an AWS organization. The account whose user is calling the CreateOrganization operation
* automatically becomes the management account of the new organization.
*
*
* This operation must be called using credentials from the account that is to become the new organization's
* management account. The principal must also have the relevant IAM permissions.
*
*
* By default (or if you set the FeatureSet parameter to ALL), the new organization is
* created with all features enabled and service control policies automatically enabled in the root. If you instead
* choose to create the organization supporting only the consolidated billing features by setting the
* FeatureSet parameter to CONSOLIDATED_BILLING", no policy types are enabled by default,
* and you can't use organization policies
*
*
* @return Result of the CreateOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AlreadyInOrganizationException
* This account is already a member of an organization. An account can belong to only one organization at a
* time.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws AccessDeniedForDependencyException
* The operation that you attempted requires you to have the iam:CreateServiceLinkedRole for
* organizations.amazonaws.com permission so that AWS Organizations can create the required
* service-linked role. You don't have that permission.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.CreateOrganization
* @see #createOrganization(CreateOrganizationRequest)
* @see AWS API Documentation
*/
default CreateOrganizationResponse createOrganization() throws AccessDeniedException, AlreadyInOrganizationException,
ConcurrentModificationException, ConstraintViolationException, InvalidInputException, ServiceException,
TooManyRequestsException, AccessDeniedForDependencyException, AwsServiceException, SdkClientException,
OrganizationsException {
return createOrganization(CreateOrganizationRequest.builder().build());
}
/**
*
* Creates an AWS organization. The account whose user is calling the CreateOrganization operation
* automatically becomes the management account of the new organization.
*
*
* This operation must be called using credentials from the account that is to become the new organization's
* management account. The principal must also have the relevant IAM permissions.
*
*
* By default (or if you set the FeatureSet parameter to ALL), the new organization is
* created with all features enabled and service control policies automatically enabled in the root. If you instead
* choose to create the organization supporting only the consolidated billing features by setting the
* FeatureSet parameter to CONSOLIDATED_BILLING", no policy types are enabled by default,
* and you can't use organization policies
*
*
* @param createOrganizationRequest
* @return Result of the CreateOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AlreadyInOrganizationException
* This account is already a member of an organization. An account can belong to only one organization at a
* time.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws AccessDeniedForDependencyException
* The operation that you attempted requires you to have the iam:CreateServiceLinkedRole for
* organizations.amazonaws.com permission so that AWS Organizations can create the required
* service-linked role. You don't have that permission.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.CreateOrganization
* @see AWS API Documentation
*/
default CreateOrganizationResponse createOrganization(CreateOrganizationRequest createOrganizationRequest)
throws AccessDeniedException, AlreadyInOrganizationException, ConcurrentModificationException,
ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException,
AccessDeniedForDependencyException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Creates an AWS organization. The account whose user is calling the CreateOrganization operation
* automatically becomes the management account of the new organization.
*
*
* This operation must be called using credentials from the account that is to become the new organization's
* management account. The principal must also have the relevant IAM permissions.
*
*
* By default (or if you set the FeatureSet parameter to ALL), the new organization is
* created with all features enabled and service control policies automatically enabled in the root. If you instead
* choose to create the organization supporting only the consolidated billing features by setting the
* FeatureSet parameter to CONSOLIDATED_BILLING", no policy types are enabled by default,
* and you can't use organization policies
*
*
*
* This is a convenience which creates an instance of the {@link CreateOrganizationRequest.Builder} avoiding the
* need to create one manually via {@link CreateOrganizationRequest#builder()}
*
*
* @param createOrganizationRequest
* A {@link Consumer} that will call methods on {@link CreateOrganizationRequest.Builder} to create a
* request.
* @return Result of the CreateOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AlreadyInOrganizationException
* This account is already a member of an organization. An account can belong to only one organization at a
* time.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws AccessDeniedForDependencyException
* The operation that you attempted requires you to have the iam:CreateServiceLinkedRole for
* organizations.amazonaws.com permission so that AWS Organizations can create the required
* service-linked role. You don't have that permission.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.CreateOrganization
* @see AWS API Documentation
*/
default CreateOrganizationResponse createOrganization(Consumer createOrganizationRequest)
throws AccessDeniedException, AlreadyInOrganizationException, ConcurrentModificationException,
ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException,
AccessDeniedForDependencyException, AwsServiceException, SdkClientException, OrganizationsException {
return createOrganization(CreateOrganizationRequest.builder().applyMutation(createOrganizationRequest).build());
}
/**
*
* Creates an organizational unit (OU) within a root or parent OU. An OU is a container for accounts that enables
* you to organize your accounts to apply policies according to your business requirements. The number of levels
* deep that you can nest OUs is dependent upon the policy types enabled for that root. For service control
* policies, the limit is five.
*
*
* For more information about OUs, see Managing Organizational
* Units in the AWS Organizations User Guide.
*
*
* If the request includes tags, then the requester must have the organizations:TagResource permission.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param createOrganizationalUnitRequest
* @return Result of the CreateOrganizationalUnit operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws DuplicateOrganizationalUnitException
* An OU with the same name already exists.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.CreateOrganizationalUnit
* @see AWS API Documentation
*/
default CreateOrganizationalUnitResponse createOrganizationalUnit(
CreateOrganizationalUnitRequest createOrganizationalUnitRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException,
DuplicateOrganizationalUnitException, InvalidInputException, ParentNotFoundException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Creates an organizational unit (OU) within a root or parent OU. An OU is a container for accounts that enables
* you to organize your accounts to apply policies according to your business requirements. The number of levels
* deep that you can nest OUs is dependent upon the policy types enabled for that root. For service control
* policies, the limit is five.
*
*
* For more information about OUs, see Managing Organizational
* Units in the AWS Organizations User Guide.
*
*
* If the request includes tags, then the requester must have the organizations:TagResource permission.
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link CreateOrganizationalUnitRequest.Builder} avoiding
* the need to create one manually via {@link CreateOrganizationalUnitRequest#builder()}
*
*
* @param createOrganizationalUnitRequest
* A {@link Consumer} that will call methods on {@link CreateOrganizationalUnitRequest.Builder} to create a
* request.
* @return Result of the CreateOrganizationalUnit operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws DuplicateOrganizationalUnitException
* An OU with the same name already exists.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.CreateOrganizationalUnit
* @see AWS API Documentation
*/
default CreateOrganizationalUnitResponse createOrganizationalUnit(
Consumer createOrganizationalUnitRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException,
DuplicateOrganizationalUnitException, InvalidInputException, ParentNotFoundException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return createOrganizationalUnit(CreateOrganizationalUnitRequest.builder().applyMutation(createOrganizationalUnitRequest)
.build());
}
/**
*
* Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual
* AWS account.
*
*
* For more information about policies and their use, see Managing Organization
* Policies.
*
*
* If the request includes tags, then the requester must have the organizations:TagResource permission.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param createPolicyRequest
* @return Result of the CreatePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws DuplicatePolicyException
* A policy with the same name already exists.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws MalformedPolicyDocumentException
* The provided policy document doesn't meet the requirements of the specified policy type. For example, the
* syntax might be incorrect. For details about service control policy syntax, see Service
* Control Policy Syntax in the AWS Organizations User Guide.
* @throws PolicyTypeNotAvailableForOrganizationException
* You can't use the specified policy type with the feature set currently enabled for this organization. For
* example, you can enable SCPs only after you enable all features in the organization. For more
* information, see Managing AWS Organizations Policiesin the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.CreatePolicy
* @see AWS
* API Documentation
*/
default CreatePolicyResponse createPolicy(CreatePolicyRequest createPolicyRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException,
DuplicatePolicyException, InvalidInputException, MalformedPolicyDocumentException,
PolicyTypeNotAvailableForOrganizationException, ServiceException, TooManyRequestsException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual
* AWS account.
*
*
* For more information about policies and their use, see Managing Organization
* Policies.
*
*
* If the request includes tags, then the requester must have the organizations:TagResource permission.
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link CreatePolicyRequest.Builder} avoiding the need to
* create one manually via {@link CreatePolicyRequest#builder()}
*
*
* @param createPolicyRequest
* A {@link Consumer} that will call methods on {@link CreatePolicyRequest.Builder} to create a request.
* @return Result of the CreatePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws DuplicatePolicyException
* A policy with the same name already exists.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws MalformedPolicyDocumentException
* The provided policy document doesn't meet the requirements of the specified policy type. For example, the
* syntax might be incorrect. For details about service control policy syntax, see Service
* Control Policy Syntax in the AWS Organizations User Guide.
* @throws PolicyTypeNotAvailableForOrganizationException
* You can't use the specified policy type with the feature set currently enabled for this organization. For
* example, you can enable SCPs only after you enable all features in the organization. For more
* information, see Managing AWS Organizations Policiesin the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.CreatePolicy
* @see AWS
* API Documentation
*/
default CreatePolicyResponse createPolicy(Consumer createPolicyRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
ConstraintViolationException, DuplicatePolicyException, InvalidInputException, MalformedPolicyDocumentException,
PolicyTypeNotAvailableForOrganizationException, ServiceException, TooManyRequestsException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
return createPolicy(CreatePolicyRequest.builder().applyMutation(createPolicyRequest).build());
}
/**
*
* Declines a handshake request. This sets the handshake state to DECLINED and effectively deactivates
* the request.
*
*
* This operation can be called only from the account that received the handshake. The originator of the handshake
* can use CancelHandshake instead. The originator can't reactivate a declined request, but can reinitiate
* the process with a new handshake request.
*
*
* After you decline a handshake, it continues to appear in the results of relevant APIs for only 30 days. After
* that, it's deleted.
*
*
* @param declineHandshakeRequest
* @return Result of the DeclineHandshake operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeNotFoundException
* We can't find a handshake with the HandshakeId that you specified.
* @throws InvalidHandshakeTransitionException
* You can't perform the operation on the handshake in its current state. For example, you can't cancel a
* handshake that was already accepted or accept a handshake that was already declined.
* @throws HandshakeAlreadyInStateException
* The specified handshake is already in the requested state. For example, you can't accept a handshake that
* was already accepted.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DeclineHandshake
* @see AWS API Documentation
*/
default DeclineHandshakeResponse declineHandshake(DeclineHandshakeRequest declineHandshakeRequest)
throws AccessDeniedException, ConcurrentModificationException, HandshakeNotFoundException,
InvalidHandshakeTransitionException, HandshakeAlreadyInStateException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Declines a handshake request. This sets the handshake state to DECLINED and effectively deactivates
* the request.
*
*
* This operation can be called only from the account that received the handshake. The originator of the handshake
* can use CancelHandshake instead. The originator can't reactivate a declined request, but can reinitiate
* the process with a new handshake request.
*
*
* After you decline a handshake, it continues to appear in the results of relevant APIs for only 30 days. After
* that, it's deleted.
*
*
*
* This is a convenience which creates an instance of the {@link DeclineHandshakeRequest.Builder} avoiding the need
* to create one manually via {@link DeclineHandshakeRequest#builder()}
*
*
* @param declineHandshakeRequest
* A {@link Consumer} that will call methods on {@link DeclineHandshakeRequest.Builder} to create a request.
* @return Result of the DeclineHandshake operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeNotFoundException
* We can't find a handshake with the HandshakeId that you specified.
* @throws InvalidHandshakeTransitionException
* You can't perform the operation on the handshake in its current state. For example, you can't cancel a
* handshake that was already accepted or accept a handshake that was already declined.
* @throws HandshakeAlreadyInStateException
* The specified handshake is already in the requested state. For example, you can't accept a handshake that
* was already accepted.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DeclineHandshake
* @see AWS API Documentation
*/
default DeclineHandshakeResponse declineHandshake(Consumer declineHandshakeRequest)
throws AccessDeniedException, ConcurrentModificationException, HandshakeNotFoundException,
InvalidHandshakeTransitionException, HandshakeAlreadyInStateException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return declineHandshake(DeclineHandshakeRequest.builder().applyMutation(declineHandshakeRequest).build());
}
/**
*
* Deletes the organization. You can delete an organization only by using credentials from the management account.
* The organization must be empty of member accounts.
*
*
* @return Result of the DeleteOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws OrganizationNotEmptyException
* The organization isn't empty. To delete an organization, you must first remove all accounts except the
* management account, delete all OUs, and delete all policies.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DeleteOrganization
* @see #deleteOrganization(DeleteOrganizationRequest)
* @see AWS API Documentation
*/
default DeleteOrganizationResponse deleteOrganization() throws AccessDeniedException, AwsOrganizationsNotInUseException,
ConcurrentModificationException, InvalidInputException, OrganizationNotEmptyException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return deleteOrganization(DeleteOrganizationRequest.builder().build());
}
/**
*
* Deletes the organization. You can delete an organization only by using credentials from the management account.
* The organization must be empty of member accounts.
*
*
* @param deleteOrganizationRequest
* @return Result of the DeleteOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws OrganizationNotEmptyException
* The organization isn't empty. To delete an organization, you must first remove all accounts except the
* management account, delete all OUs, and delete all policies.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DeleteOrganization
* @see AWS API Documentation
*/
default DeleteOrganizationResponse deleteOrganization(DeleteOrganizationRequest deleteOrganizationRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
InvalidInputException, OrganizationNotEmptyException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Deletes the organization. You can delete an organization only by using credentials from the management account.
* The organization must be empty of member accounts.
*
*
*
* This is a convenience which creates an instance of the {@link DeleteOrganizationRequest.Builder} avoiding the
* need to create one manually via {@link DeleteOrganizationRequest#builder()}
*
*
* @param deleteOrganizationRequest
* A {@link Consumer} that will call methods on {@link DeleteOrganizationRequest.Builder} to create a
* request.
* @return Result of the DeleteOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws OrganizationNotEmptyException
* The organization isn't empty. To delete an organization, you must first remove all accounts except the
* management account, delete all OUs, and delete all policies.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DeleteOrganization
* @see AWS API Documentation
*/
default DeleteOrganizationResponse deleteOrganization(Consumer deleteOrganizationRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
InvalidInputException, OrganizationNotEmptyException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
return deleteOrganization(DeleteOrganizationRequest.builder().applyMutation(deleteOrganizationRequest).build());
}
/**
*
* Deletes an organizational unit (OU) from a root or another OU. You must first remove all accounts and child OUs
* from the OU that you want to delete.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param deleteOrganizationalUnitRequest
* @return Result of the DeleteOrganizationalUnit operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws OrganizationalUnitNotEmptyException
* The specified OU is not empty. Move all accounts to another root or to other OUs, remove all child OUs,
* and try the operation again.
* @throws OrganizationalUnitNotFoundException
* We can't find an OU with the OrganizationalUnitId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DeleteOrganizationalUnit
* @see AWS API Documentation
*/
default DeleteOrganizationalUnitResponse deleteOrganizationalUnit(
DeleteOrganizationalUnitRequest deleteOrganizationalUnitRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException,
OrganizationalUnitNotEmptyException, OrganizationalUnitNotFoundException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Deletes an organizational unit (OU) from a root or another OU. You must first remove all accounts and child OUs
* from the OU that you want to delete.
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link DeleteOrganizationalUnitRequest.Builder} avoiding
* the need to create one manually via {@link DeleteOrganizationalUnitRequest#builder()}
*
*
* @param deleteOrganizationalUnitRequest
* A {@link Consumer} that will call methods on {@link DeleteOrganizationalUnitRequest.Builder} to create a
* request.
* @return Result of the DeleteOrganizationalUnit operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws OrganizationalUnitNotEmptyException
* The specified OU is not empty. Move all accounts to another root or to other OUs, remove all child OUs,
* and try the operation again.
* @throws OrganizationalUnitNotFoundException
* We can't find an OU with the OrganizationalUnitId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DeleteOrganizationalUnit
* @see AWS API Documentation
*/
default DeleteOrganizationalUnitResponse deleteOrganizationalUnit(
Consumer deleteOrganizationalUnitRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException,
OrganizationalUnitNotEmptyException, OrganizationalUnitNotFoundException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
return deleteOrganizationalUnit(DeleteOrganizationalUnitRequest.builder().applyMutation(deleteOrganizationalUnitRequest)
.build());
}
/**
*
* Deletes the specified policy from your organization. Before you perform this operation, you must first detach the
* policy from all organizational units (OUs), roots, and accounts.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param deletePolicyRequest
* @return Result of the DeletePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyInUseException
* The policy is attached to one or more entities. You must detach it from all roots, OUs, and accounts
* before performing this operation.
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DeletePolicy
* @see AWS
* API Documentation
*/
default DeletePolicyResponse deletePolicy(DeletePolicyRequest deletePolicyRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, PolicyInUseException,
PolicyNotFoundException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Deletes the specified policy from your organization. Before you perform this operation, you must first detach the
* policy from all organizational units (OUs), roots, and accounts.
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link DeletePolicyRequest.Builder} avoiding the need to
* create one manually via {@link DeletePolicyRequest#builder()}
*
*
* @param deletePolicyRequest
* A {@link Consumer} that will call methods on {@link DeletePolicyRequest.Builder} to create a request.
* @return Result of the DeletePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyInUseException
* The policy is attached to one or more entities. You must detach it from all roots, OUs, and accounts
* before performing this operation.
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DeletePolicy
* @see AWS
* API Documentation
*/
default DeletePolicyResponse deletePolicy(Consumer deletePolicyRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
InvalidInputException, PolicyInUseException, PolicyNotFoundException, ServiceException, TooManyRequestsException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
return deletePolicy(DeletePolicyRequest.builder().applyMutation(deletePolicyRequest).build());
}
/**
*
* Removes the specified member AWS account as a delegated administrator for the specified AWS service.
*
*
*
* Deregistering a delegated administrator can have unintended impacts on the functionality of the enabled AWS
* service. See the documentation for the enabled service before you deregister a delegated administrator so that
* you understand any potential impacts.
*
*
*
* You can run this action only for AWS services that support this feature. For a current list of services that
* support it, see the column Supports Delegated Administrator in the table at AWS Services
* that you can use with AWS Organizations in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param deregisterDelegatedAdministratorRequest
* @return Result of the DeregisterDelegatedAdministrator operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AccountNotRegisteredException
* The specified account is not a delegated administrator for this AWS service.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DeregisterDelegatedAdministrator
* @see AWS API Documentation
*/
default DeregisterDelegatedAdministratorResponse deregisterDelegatedAdministrator(
DeregisterDelegatedAdministratorRequest deregisterDelegatedAdministratorRequest) throws AccessDeniedException,
AccountNotFoundException, AccountNotRegisteredException, AwsOrganizationsNotInUseException,
ConcurrentModificationException, ConstraintViolationException, InvalidInputException, TooManyRequestsException,
ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Removes the specified member AWS account as a delegated administrator for the specified AWS service.
*
*
*
* Deregistering a delegated administrator can have unintended impacts on the functionality of the enabled AWS
* service. See the documentation for the enabled service before you deregister a delegated administrator so that
* you understand any potential impacts.
*
*
*
* You can run this action only for AWS services that support this feature. For a current list of services that
* support it, see the column Supports Delegated Administrator in the table at AWS Services
* that you can use with AWS Organizations in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link DeregisterDelegatedAdministratorRequest.Builder}
* avoiding the need to create one manually via {@link DeregisterDelegatedAdministratorRequest#builder()}
*
*
* @param deregisterDelegatedAdministratorRequest
* A {@link Consumer} that will call methods on {@link DeregisterDelegatedAdministratorRequest.Builder} to
* create a request.
* @return Result of the DeregisterDelegatedAdministrator operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AccountNotRegisteredException
* The specified account is not a delegated administrator for this AWS service.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DeregisterDelegatedAdministrator
* @see AWS API Documentation
*/
default DeregisterDelegatedAdministratorResponse deregisterDelegatedAdministrator(
Consumer deregisterDelegatedAdministratorRequest)
throws AccessDeniedException, AccountNotFoundException, AccountNotRegisteredException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException,
InvalidInputException, TooManyRequestsException, ServiceException, UnsupportedApiEndpointException,
AwsServiceException, SdkClientException, OrganizationsException {
return deregisterDelegatedAdministrator(DeregisterDelegatedAdministratorRequest.builder()
.applyMutation(deregisterDelegatedAdministratorRequest).build());
}
/**
*
* Retrieves AWS Organizations-related information about the specified account.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param describeAccountRequest
* @return Result of the DescribeAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribeAccount
* @see AWS
* API Documentation
*/
default DescribeAccountResponse describeAccount(DescribeAccountRequest describeAccountRequest) throws AccessDeniedException,
AccountNotFoundException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Retrieves AWS Organizations-related information about the specified account.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link DescribeAccountRequest.Builder} avoiding the need
* to create one manually via {@link DescribeAccountRequest#builder()}
*
*
* @param describeAccountRequest
* A {@link Consumer} that will call methods on {@link DescribeAccountRequest.Builder} to create a request.
* @return Result of the DescribeAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribeAccount
* @see AWS
* API Documentation
*/
default DescribeAccountResponse describeAccount(Consumer describeAccountRequest)
throws AccessDeniedException, AccountNotFoundException, AwsOrganizationsNotInUseException, InvalidInputException,
ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return describeAccount(DescribeAccountRequest.builder().applyMutation(describeAccountRequest).build());
}
/**
*
* Retrieves the current status of an asynchronous request to create an account.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param describeCreateAccountStatusRequest
* @return Result of the DescribeCreateAccountStatus operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws CreateAccountStatusNotFoundException
* We can't find an create account request with the CreateAccountRequestId that you specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribeCreateAccountStatus
* @see AWS API Documentation
*/
default DescribeCreateAccountStatusResponse describeCreateAccountStatus(
DescribeCreateAccountStatusRequest describeCreateAccountStatusRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, CreateAccountStatusNotFoundException, InvalidInputException, ServiceException,
TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Retrieves the current status of an asynchronous request to create an account.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link DescribeCreateAccountStatusRequest.Builder}
* avoiding the need to create one manually via {@link DescribeCreateAccountStatusRequest#builder()}
*
*
* @param describeCreateAccountStatusRequest
* A {@link Consumer} that will call methods on {@link DescribeCreateAccountStatusRequest.Builder} to create
* a request.
* @return Result of the DescribeCreateAccountStatus operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws CreateAccountStatusNotFoundException
* We can't find an create account request with the CreateAccountRequestId that you specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribeCreateAccountStatus
* @see AWS API Documentation
*/
default DescribeCreateAccountStatusResponse describeCreateAccountStatus(
Consumer describeCreateAccountStatusRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, CreateAccountStatusNotFoundException,
InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException,
AwsServiceException, SdkClientException, OrganizationsException {
return describeCreateAccountStatus(DescribeCreateAccountStatusRequest.builder()
.applyMutation(describeCreateAccountStatusRequest).build());
}
/**
*
* Returns the contents of the effective policy for specified policy type and account. The effective policy is the
* aggregation of any policies of the specified type that the account inherits, plus any policy of that type that is
* directly attached to the account.
*
*
* This operation applies only to policy types other than service control policies (SCPs).
*
*
* For more information about policy inheritance, see How Policy
* Inheritance Works in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param describeEffectivePolicyRequest
* @return Result of the DescribeEffectivePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws EffectivePolicyNotFoundException
* If you ran this action on the management account, this policy type is not enabled. If you ran the action
* on a member account, the account doesn't have an effective policy of this type. Contact the administrator
* of your organization about attaching a policy of this type to the account.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
*
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribeEffectivePolicy
* @see AWS API Documentation
*/
default DescribeEffectivePolicyResponse describeEffectivePolicy(DescribeEffectivePolicyRequest describeEffectivePolicyRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, ServiceException,
TooManyRequestsException, TargetNotFoundException, EffectivePolicyNotFoundException, InvalidInputException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Returns the contents of the effective policy for specified policy type and account. The effective policy is the
* aggregation of any policies of the specified type that the account inherits, plus any policy of that type that is
* directly attached to the account.
*
*
* This operation applies only to policy types other than service control policies (SCPs).
*
*
* For more information about policy inheritance, see How Policy
* Inheritance Works in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link DescribeEffectivePolicyRequest.Builder} avoiding
* the need to create one manually via {@link DescribeEffectivePolicyRequest#builder()}
*
*
* @param describeEffectivePolicyRequest
* A {@link Consumer} that will call methods on {@link DescribeEffectivePolicyRequest.Builder} to create a
* request.
* @return Result of the DescribeEffectivePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws EffectivePolicyNotFoundException
* If you ran this action on the management account, this policy type is not enabled. If you ran the action
* on a member account, the account doesn't have an effective policy of this type. Contact the administrator
* of your organization about attaching a policy of this type to the account.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
*
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribeEffectivePolicy
* @see AWS API Documentation
*/
default DescribeEffectivePolicyResponse describeEffectivePolicy(
Consumer describeEffectivePolicyRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConstraintViolationException, ServiceException, TooManyRequestsException,
TargetNotFoundException, EffectivePolicyNotFoundException, InvalidInputException, UnsupportedApiEndpointException,
AwsServiceException, SdkClientException, OrganizationsException {
return describeEffectivePolicy(DescribeEffectivePolicyRequest.builder().applyMutation(describeEffectivePolicyRequest)
.build());
}
/**
*
* Retrieves information about a previously requested handshake. The handshake ID comes from the response to the
* original InviteAccountToOrganization operation that generated the handshake.
*
*
* You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for
* only 30 days after they change to that state. They're then deleted and no longer accessible.
*
*
* This operation can be called from any account in the organization.
*
*
* @param describeHandshakeRequest
* @return Result of the DescribeHandshake operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeNotFoundException
* We can't find a handshake with the HandshakeId that you specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribeHandshake
* @see AWS API Documentation
*/
default DescribeHandshakeResponse describeHandshake(DescribeHandshakeRequest describeHandshakeRequest)
throws AccessDeniedException, ConcurrentModificationException, HandshakeNotFoundException, InvalidInputException,
ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Retrieves information about a previously requested handshake. The handshake ID comes from the response to the
* original InviteAccountToOrganization operation that generated the handshake.
*
*
* You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for
* only 30 days after they change to that state. They're then deleted and no longer accessible.
*
*
* This operation can be called from any account in the organization.
*
*
*
* This is a convenience which creates an instance of the {@link DescribeHandshakeRequest.Builder} avoiding the need
* to create one manually via {@link DescribeHandshakeRequest#builder()}
*
*
* @param describeHandshakeRequest
* A {@link Consumer} that will call methods on {@link DescribeHandshakeRequest.Builder} to create a request.
* @return Result of the DescribeHandshake operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeNotFoundException
* We can't find a handshake with the HandshakeId that you specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribeHandshake
* @see AWS API Documentation
*/
default DescribeHandshakeResponse describeHandshake(Consumer describeHandshakeRequest)
throws AccessDeniedException, ConcurrentModificationException, HandshakeNotFoundException, InvalidInputException,
ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return describeHandshake(DescribeHandshakeRequest.builder().applyMutation(describeHandshakeRequest).build());
}
/**
*
* Retrieves information about the organization that the user's account belongs to.
*
*
* This operation can be called from any account in the organization.
*
*
*
* Even if a policy type is shown as available in the organization, you can disable it separately at the root level
* with DisablePolicyType. Use ListRoots to see the status of policy types for a specified root.
*
*
*
* @return Result of the DescribeOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribeOrganization
* @see #describeOrganization(DescribeOrganizationRequest)
* @see AWS API Documentation
*/
default DescribeOrganizationResponse describeOrganization() throws AccessDeniedException, AwsOrganizationsNotInUseException,
ConcurrentModificationException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException,
OrganizationsException {
return describeOrganization(DescribeOrganizationRequest.builder().build());
}
/**
*
* Retrieves information about the organization that the user's account belongs to.
*
*
* This operation can be called from any account in the organization.
*
*
*
* Even if a policy type is shown as available in the organization, you can disable it separately at the root level
* with DisablePolicyType. Use ListRoots to see the status of policy types for a specified root.
*
*
*
* @param describeOrganizationRequest
* @return Result of the DescribeOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribeOrganization
* @see AWS API Documentation
*/
default DescribeOrganizationResponse describeOrganization(DescribeOrganizationRequest describeOrganizationRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Retrieves information about the organization that the user's account belongs to.
*
*
* This operation can be called from any account in the organization.
*
*
*
* Even if a policy type is shown as available in the organization, you can disable it separately at the root level
* with DisablePolicyType. Use ListRoots to see the status of policy types for a specified root.
*
*
*
* This is a convenience which creates an instance of the {@link DescribeOrganizationRequest.Builder} avoiding the
* need to create one manually via {@link DescribeOrganizationRequest#builder()}
*
*
* @param describeOrganizationRequest
* A {@link Consumer} that will call methods on {@link DescribeOrganizationRequest.Builder} to create a
* request.
* @return Result of the DescribeOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribeOrganization
* @see AWS API Documentation
*/
default DescribeOrganizationResponse describeOrganization(
Consumer describeOrganizationRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
return describeOrganization(DescribeOrganizationRequest.builder().applyMutation(describeOrganizationRequest).build());
}
/**
*
* Retrieves information about an organizational unit (OU).
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param describeOrganizationalUnitRequest
* @return Result of the DescribeOrganizationalUnit operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws OrganizationalUnitNotFoundException
* We can't find an OU with the OrganizationalUnitId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribeOrganizationalUnit
* @see AWS API Documentation
*/
default DescribeOrganizationalUnitResponse describeOrganizationalUnit(
DescribeOrganizationalUnitRequest describeOrganizationalUnitRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, OrganizationalUnitNotFoundException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Retrieves information about an organizational unit (OU).
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link DescribeOrganizationalUnitRequest.Builder} avoiding
* the need to create one manually via {@link DescribeOrganizationalUnitRequest#builder()}
*
*
* @param describeOrganizationalUnitRequest
* A {@link Consumer} that will call methods on {@link DescribeOrganizationalUnitRequest.Builder} to create a
* request.
* @return Result of the DescribeOrganizationalUnit operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws OrganizationalUnitNotFoundException
* We can't find an OU with the OrganizationalUnitId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribeOrganizationalUnit
* @see AWS API Documentation
*/
default DescribeOrganizationalUnitResponse describeOrganizationalUnit(
Consumer describeOrganizationalUnitRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, OrganizationalUnitNotFoundException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return describeOrganizationalUnit(DescribeOrganizationalUnitRequest.builder()
.applyMutation(describeOrganizationalUnitRequest).build());
}
/**
*
* Retrieves information about a policy.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param describePolicyRequest
* @return Result of the DescribePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribePolicy
* @see AWS
* API Documentation
*/
default DescribePolicyResponse describePolicy(DescribePolicyRequest describePolicyRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, PolicyNotFoundException, ServiceException,
TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Retrieves information about a policy.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link DescribePolicyRequest.Builder} avoiding the need to
* create one manually via {@link DescribePolicyRequest#builder()}
*
*
* @param describePolicyRequest
* A {@link Consumer} that will call methods on {@link DescribePolicyRequest.Builder} to create a request.
* @return Result of the DescribePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DescribePolicy
* @see AWS
* API Documentation
*/
default DescribePolicyResponse describePolicy(Consumer describePolicyRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, PolicyNotFoundException,
ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
return describePolicy(DescribePolicyRequest.builder().applyMutation(describePolicyRequest).build());
}
/**
*
* Detaches a policy from a target root, organizational unit (OU), or account.
*
*
*
* If the policy being detached is a service control policy (SCP), the changes to permissions for AWS Identity and
* Access Management (IAM) users and roles in affected accounts are immediate.
*
*
*
* Every root, OU, and account must have at least one SCP attached. If you want to replace the default
* FullAWSAccess policy with an SCP that limits the permissions that can be delegated, you must attach
* the replacement SCP before you can remove the default SCP. This is the authorization strategy of an
* "allow list". If you instead attach a second SCP and leave the FullAWSAccess SCP still
* attached, and specify "Effect": "Deny" in the second SCP to override the
* "Effect": "Allow" in the FullAWSAccess policy (or any other attached SCP), you're using
* the authorization strategy of a
* "deny list".
*
*
* This operation can be called only from the organization's management account.
*
*
* @param detachPolicyRequest
* @return Result of the DetachPolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyNotAttachedException
* The policy isn't attached to the specified target in the specified root.
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DetachPolicy
* @see AWS
* API Documentation
*/
default DetachPolicyResponse detachPolicy(DetachPolicyRequest detachPolicyRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException,
InvalidInputException, PolicyNotAttachedException, PolicyNotFoundException, ServiceException,
TargetNotFoundException, TooManyRequestsException, UnsupportedApiEndpointException, PolicyChangesInProgressException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Detaches a policy from a target root, organizational unit (OU), or account.
*
*
*
* If the policy being detached is a service control policy (SCP), the changes to permissions for AWS Identity and
* Access Management (IAM) users and roles in affected accounts are immediate.
*
*
*
* Every root, OU, and account must have at least one SCP attached. If you want to replace the default
* FullAWSAccess policy with an SCP that limits the permissions that can be delegated, you must attach
* the replacement SCP before you can remove the default SCP. This is the authorization strategy of an
* "allow list". If you instead attach a second SCP and leave the FullAWSAccess SCP still
* attached, and specify "Effect": "Deny" in the second SCP to override the
* "Effect": "Allow" in the FullAWSAccess policy (or any other attached SCP), you're using
* the authorization strategy of a
* "deny list".
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link DetachPolicyRequest.Builder} avoiding the need to
* create one manually via {@link DetachPolicyRequest#builder()}
*
*
* @param detachPolicyRequest
* A {@link Consumer} that will call methods on {@link DetachPolicyRequest.Builder} to create a request.
* @return Result of the DetachPolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyNotAttachedException
* The policy isn't attached to the specified target in the specified root.
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DetachPolicy
* @see AWS
* API Documentation
*/
default DetachPolicyResponse detachPolicy(Consumer detachPolicyRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
ConstraintViolationException, InvalidInputException, PolicyNotAttachedException, PolicyNotFoundException,
ServiceException, TargetNotFoundException, TooManyRequestsException, UnsupportedApiEndpointException,
PolicyChangesInProgressException, AwsServiceException, SdkClientException, OrganizationsException {
return detachPolicy(DetachPolicyRequest.builder().applyMutation(detachPolicyRequest).build());
}
/**
*
* Disables the integration of an AWS service (the service that is specified by ServicePrincipal) with
* AWS Organizations. When you disable integration, the specified service no longer can create a service-linked role in
* new accounts in your organization. This means the service can't perform operations on your behalf on any
* new accounts in your organization. The service can still perform operations in older accounts until the service
* completes its clean-up from AWS Organizations.
*
*
*
* We strongly recommend that you don't use this command to disable integration between AWS
* Organizations and the specified AWS service. Instead, use the console or commands that are provided by the
* specified service. This lets the trusted service perform any required initialization when enabling trusted
* access, such as creating any required resources and any required clean up of resources when disabling trusted
* access.
*
*
* For information about how to disable trusted service access to your organization using the trusted service, see
* the Learn more link under the Supports Trusted Access column at AWS services
* that you can use with AWS Organizations. on this page.
*
*
* If you disable access by using this command, it causes the following actions to occur:
*
*
* -
*
* The service can no longer create a service-linked role in the accounts in your organization. This means that the
* service can't perform operations on your behalf on any new accounts in your organization. The service can still
* perform operations in older accounts until the service completes its clean-up from AWS Organizations.
*
*
* -
*
* The service can no longer perform tasks in the member accounts in the organization, unless those operations are
* explicitly permitted by the IAM policies that are attached to your roles. This includes any data aggregation from
* the member accounts to the management account, or to a delegated administrator account, where relevant.
*
*
* -
*
* Some services detect this and clean up any remaining data or resources related to the integration, while other
* services stop accessing the organization but leave any historical data and configuration in place to support a
* possible re-enabling of the integration.
*
*
*
*
* Using the other service's console or commands to disable the integration ensures that the other service is aware
* that it can clean up any resources that are required only for the integration. How the service cleans up its
* resources in the organization's accounts depends on that service. For more information, see the documentation for
* the other AWS service.
*
*
*
* After you perform the DisableAWSServiceAccess operation, the specified service can no longer perform
* operations in your organization's accounts
*
*
* For more information about integrating other services with AWS Organizations, including the list of services that
* work with Organizations, see Integrating AWS
* Organizations with Other AWS Services in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param disableAwsServiceAccessRequest
* @return Result of the DisableAWSServiceAccess operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DisableAWSServiceAccess
* @see AWS API Documentation
*/
default DisableAwsServiceAccessResponse disableAWSServiceAccess(DisableAwsServiceAccessRequest disableAwsServiceAccessRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Disables the integration of an AWS service (the service that is specified by ServicePrincipal) with
* AWS Organizations. When you disable integration, the specified service no longer can create a service-linked role in
* new accounts in your organization. This means the service can't perform operations on your behalf on any
* new accounts in your organization. The service can still perform operations in older accounts until the service
* completes its clean-up from AWS Organizations.
*
*
*
* We strongly recommend that you don't use this command to disable integration between AWS
* Organizations and the specified AWS service. Instead, use the console or commands that are provided by the
* specified service. This lets the trusted service perform any required initialization when enabling trusted
* access, such as creating any required resources and any required clean up of resources when disabling trusted
* access.
*
*
* For information about how to disable trusted service access to your organization using the trusted service, see
* the Learn more link under the Supports Trusted Access column at AWS services
* that you can use with AWS Organizations. on this page.
*
*
* If you disable access by using this command, it causes the following actions to occur:
*
*
* -
*
* The service can no longer create a service-linked role in the accounts in your organization. This means that the
* service can't perform operations on your behalf on any new accounts in your organization. The service can still
* perform operations in older accounts until the service completes its clean-up from AWS Organizations.
*
*
* -
*
* The service can no longer perform tasks in the member accounts in the organization, unless those operations are
* explicitly permitted by the IAM policies that are attached to your roles. This includes any data aggregation from
* the member accounts to the management account, or to a delegated administrator account, where relevant.
*
*
* -
*
* Some services detect this and clean up any remaining data or resources related to the integration, while other
* services stop accessing the organization but leave any historical data and configuration in place to support a
* possible re-enabling of the integration.
*
*
*
*
* Using the other service's console or commands to disable the integration ensures that the other service is aware
* that it can clean up any resources that are required only for the integration. How the service cleans up its
* resources in the organization's accounts depends on that service. For more information, see the documentation for
* the other AWS service.
*
*
*
* After you perform the DisableAWSServiceAccess operation, the specified service can no longer perform
* operations in your organization's accounts
*
*
* For more information about integrating other services with AWS Organizations, including the list of services that
* work with Organizations, see Integrating AWS
* Organizations with Other AWS Services in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link DisableAwsServiceAccessRequest.Builder} avoiding
* the need to create one manually via {@link DisableAwsServiceAccessRequest#builder()}
*
*
* @param disableAwsServiceAccessRequest
* A {@link Consumer} that will call methods on {@link DisableAWSServiceAccessRequest.Builder} to create a
* request.
* @return Result of the DisableAWSServiceAccess operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DisableAWSServiceAccess
* @see AWS API Documentation
*/
default DisableAwsServiceAccessResponse disableAWSServiceAccess(
Consumer disableAwsServiceAccessRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException,
InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException,
AwsServiceException, SdkClientException, OrganizationsException {
return disableAWSServiceAccess(DisableAwsServiceAccessRequest.builder().applyMutation(disableAwsServiceAccessRequest)
.build());
}
/**
*
* Disables an organizational policy type in a root. A policy of a certain type can be attached to entities in a
* root only if that type is enabled in the root. After you perform this operation, you no longer can attach
* policies of the specified type to that root or to any organizational unit (OU) or account in that root. You can
* undo this by using the EnablePolicyType operation.
*
*
* This is an asynchronous request that AWS performs in the background. If you disable a policy type for a root, it
* still appears enabled for the organization if all
* features are enabled for the organization. AWS recommends that you first use ListRoots to see the
* status of policy types for a specified root, and then use this operation.
*
*
* This operation can be called only from the organization's management account.
*
*
* To view the status of available policy types in the organization, use DescribeOrganization.
*
*
* @param disablePolicyTypeRequest
* @return Result of the DisablePolicyType operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyTypeNotEnabledException
* The specified policy type isn't currently enabled in this root. You can't attach policies of the
* specified type to entities in a root until you enable that type in the root. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
* @throws RootNotFoundException
* We can't find a root with the RootId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DisablePolicyType
* @see AWS API Documentation
*/
default DisablePolicyTypeResponse disablePolicyType(DisablePolicyTypeRequest disablePolicyTypeRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
ConstraintViolationException, InvalidInputException, PolicyTypeNotEnabledException, RootNotFoundException,
ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, PolicyChangesInProgressException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Disables an organizational policy type in a root. A policy of a certain type can be attached to entities in a
* root only if that type is enabled in the root. After you perform this operation, you no longer can attach
* policies of the specified type to that root or to any organizational unit (OU) or account in that root. You can
* undo this by using the EnablePolicyType operation.
*
*
* This is an asynchronous request that AWS performs in the background. If you disable a policy type for a root, it
* still appears enabled for the organization if all
* features are enabled for the organization. AWS recommends that you first use ListRoots to see the
* status of policy types for a specified root, and then use this operation.
*
*
* This operation can be called only from the organization's management account.
*
*
* To view the status of available policy types in the organization, use DescribeOrganization.
*
*
*
* This is a convenience which creates an instance of the {@link DisablePolicyTypeRequest.Builder} avoiding the need
* to create one manually via {@link DisablePolicyTypeRequest#builder()}
*
*
* @param disablePolicyTypeRequest
* A {@link Consumer} that will call methods on {@link DisablePolicyTypeRequest.Builder} to create a request.
* @return Result of the DisablePolicyType operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyTypeNotEnabledException
* The specified policy type isn't currently enabled in this root. You can't attach policies of the
* specified type to entities in a root until you enable that type in the root. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
* @throws RootNotFoundException
* We can't find a root with the RootId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.DisablePolicyType
* @see AWS API Documentation
*/
default DisablePolicyTypeResponse disablePolicyType(Consumer disablePolicyTypeRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
ConstraintViolationException, InvalidInputException, PolicyTypeNotEnabledException, RootNotFoundException,
ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, PolicyChangesInProgressException,
AwsServiceException, SdkClientException, OrganizationsException {
return disablePolicyType(DisablePolicyTypeRequest.builder().applyMutation(disablePolicyTypeRequest).build());
}
/**
*
* Enables the integration of an AWS service (the service that is specified by ServicePrincipal) with
* AWS Organizations. When you enable integration, you allow the specified service to create a service-linked role in
* all the accounts in your organization. This allows the service to perform operations on your behalf in your
* organization and its accounts.
*
*
*
* We recommend that you enable integration between AWS Organizations and the specified AWS service by using the
* console or commands that are provided by the specified service. Doing so ensures that the service is aware that
* it can create the resources that are required for the integration. How the service creates those resources in the
* organization's accounts depends on that service. For more information, see the documentation for the other AWS
* service.
*
*
*
* For more information about enabling services to integrate with AWS Organizations, see Integrating AWS
* Organizations with Other AWS Services in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account and only if the organization has enabled
* all features.
*
*
* @param enableAwsServiceAccessRequest
* @return Result of the EnableAWSServiceAccess operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.EnableAWSServiceAccess
* @see AWS API Documentation
*/
default EnableAwsServiceAccessResponse enableAWSServiceAccess(EnableAwsServiceAccessRequest enableAwsServiceAccessRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Enables the integration of an AWS service (the service that is specified by ServicePrincipal) with
* AWS Organizations. When you enable integration, you allow the specified service to create a service-linked role in
* all the accounts in your organization. This allows the service to perform operations on your behalf in your
* organization and its accounts.
*
*
*
* We recommend that you enable integration between AWS Organizations and the specified AWS service by using the
* console or commands that are provided by the specified service. Doing so ensures that the service is aware that
* it can create the resources that are required for the integration. How the service creates those resources in the
* organization's accounts depends on that service. For more information, see the documentation for the other AWS
* service.
*
*
*
* For more information about enabling services to integrate with AWS Organizations, see Integrating AWS
* Organizations with Other AWS Services in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account and only if the organization has enabled
* all features.
*
*
*
* This is a convenience which creates an instance of the {@link EnableAwsServiceAccessRequest.Builder} avoiding the
* need to create one manually via {@link EnableAwsServiceAccessRequest#builder()}
*
*
* @param enableAwsServiceAccessRequest
* A {@link Consumer} that will call methods on {@link EnableAWSServiceAccessRequest.Builder} to create a
* request.
* @return Result of the EnableAWSServiceAccess operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.EnableAWSServiceAccess
* @see AWS API Documentation
*/
default EnableAwsServiceAccessResponse enableAWSServiceAccess(
Consumer enableAwsServiceAccessRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException,
InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException,
AwsServiceException, SdkClientException, OrganizationsException {
return enableAWSServiceAccess(EnableAwsServiceAccessRequest.builder().applyMutation(enableAwsServiceAccessRequest)
.build());
}
/**
*
* Enables all features in an organization. This enables the use of organization policies that can restrict the
* services and actions that can be called in each account. Until you enable all features, you have access only to
* consolidated billing, and you can't use any of the advanced account administration features that AWS
* Organizations supports. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
*
*
*
* This operation is required only for organizations that were created explicitly with only the consolidated billing
* features enabled. Calling this operation sends a handshake to every invited account in the organization. The
* feature set change can be finalized and the additional features enabled only after all administrators in the
* invited accounts approve the change by accepting the handshake.
*
*
*
* After you enable all features, you can separately enable or disable individual policy types in a root using
* EnablePolicyType and DisablePolicyType. To see the status of policy types in a root, use
* ListRoots.
*
*
* After all invited member accounts accept the handshake, you finalize the feature set change by accepting the
* handshake that contains "Action": "ENABLE_ALL_FEATURES". This completes the change.
*
*
* After you enable all features in your organization, the management account in the organization can apply policies
* on all member accounts. These policies can restrict what users and even administrators in those accounts can do.
* The management account can apply policies that prevent accounts from leaving the organization. Ensure that your
* account administrators are aware of this.
*
*
* This operation can be called only from the organization's management account.
*
*
* @return Result of the EnableAllFeatures operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeConstraintViolationException
* The requested operation would violate the constraint identified in the reason code.
*
* Some of the reasons in the following list might not be applicable to this specific API or operation:
*
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. Note that deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception immediately after creating the organization, wait one hour and try again. If
* after an hour it continues to fail with this error, contact AWS Support.
*
*
* -
*
* ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a
* member of an organization.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while
* it's in the process of enabling all features. You can resume inviting accounts after you finalize the
* process when all accounts have agreed to the change.
*
*
* -
*
* ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has
* already enabled all features.
*
*
* -
*
* ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the
* organization has already started the process to enable all features.
*
*
* -
*
* ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different
* marketplace than the accounts in the organization. For example, accounts with India addresses must be
* associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
*
*
* -
*
* ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account
* too quickly after its previous change.
*
*
* -
*
* PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment
* instrument, such as a credit card, associated with it.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.EnableAllFeatures
* @see #enableAllFeatures(EnableAllFeaturesRequest)
* @see AWS API Documentation
*/
default EnableAllFeaturesResponse enableAllFeatures() throws AccessDeniedException, AwsOrganizationsNotInUseException,
ConcurrentModificationException, HandshakeConstraintViolationException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return enableAllFeatures(EnableAllFeaturesRequest.builder().build());
}
/**
*
* Enables all features in an organization. This enables the use of organization policies that can restrict the
* services and actions that can be called in each account. Until you enable all features, you have access only to
* consolidated billing, and you can't use any of the advanced account administration features that AWS
* Organizations supports. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
*
*
*
* This operation is required only for organizations that were created explicitly with only the consolidated billing
* features enabled. Calling this operation sends a handshake to every invited account in the organization. The
* feature set change can be finalized and the additional features enabled only after all administrators in the
* invited accounts approve the change by accepting the handshake.
*
*
*
* After you enable all features, you can separately enable or disable individual policy types in a root using
* EnablePolicyType and DisablePolicyType. To see the status of policy types in a root, use
* ListRoots.
*
*
* After all invited member accounts accept the handshake, you finalize the feature set change by accepting the
* handshake that contains "Action": "ENABLE_ALL_FEATURES". This completes the change.
*
*
* After you enable all features in your organization, the management account in the organization can apply policies
* on all member accounts. These policies can restrict what users and even administrators in those accounts can do.
* The management account can apply policies that prevent accounts from leaving the organization. Ensure that your
* account administrators are aware of this.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param enableAllFeaturesRequest
* @return Result of the EnableAllFeatures operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeConstraintViolationException
* The requested operation would violate the constraint identified in the reason code.
*
* Some of the reasons in the following list might not be applicable to this specific API or operation:
*
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. Note that deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception immediately after creating the organization, wait one hour and try again. If
* after an hour it continues to fail with this error, contact AWS Support.
*
*
* -
*
* ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a
* member of an organization.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while
* it's in the process of enabling all features. You can resume inviting accounts after you finalize the
* process when all accounts have agreed to the change.
*
*
* -
*
* ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has
* already enabled all features.
*
*
* -
*
* ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the
* organization has already started the process to enable all features.
*
*
* -
*
* ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different
* marketplace than the accounts in the organization. For example, accounts with India addresses must be
* associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
*
*
* -
*
* ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account
* too quickly after its previous change.
*
*
* -
*
* PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment
* instrument, such as a credit card, associated with it.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.EnableAllFeatures
* @see AWS API Documentation
*/
default EnableAllFeaturesResponse enableAllFeatures(EnableAllFeaturesRequest enableAllFeaturesRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
HandshakeConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Enables all features in an organization. This enables the use of organization policies that can restrict the
* services and actions that can be called in each account. Until you enable all features, you have access only to
* consolidated billing, and you can't use any of the advanced account administration features that AWS
* Organizations supports. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
*
*
*
* This operation is required only for organizations that were created explicitly with only the consolidated billing
* features enabled. Calling this operation sends a handshake to every invited account in the organization. The
* feature set change can be finalized and the additional features enabled only after all administrators in the
* invited accounts approve the change by accepting the handshake.
*
*
*
* After you enable all features, you can separately enable or disable individual policy types in a root using
* EnablePolicyType and DisablePolicyType. To see the status of policy types in a root, use
* ListRoots.
*
*
* After all invited member accounts accept the handshake, you finalize the feature set change by accepting the
* handshake that contains "Action": "ENABLE_ALL_FEATURES". This completes the change.
*
*
* After you enable all features in your organization, the management account in the organization can apply policies
* on all member accounts. These policies can restrict what users and even administrators in those accounts can do.
* The management account can apply policies that prevent accounts from leaving the organization. Ensure that your
* account administrators are aware of this.
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link EnableAllFeaturesRequest.Builder} avoiding the need
* to create one manually via {@link EnableAllFeaturesRequest#builder()}
*
*
* @param enableAllFeaturesRequest
* A {@link Consumer} that will call methods on {@link EnableAllFeaturesRequest.Builder} to create a request.
* @return Result of the EnableAllFeatures operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeConstraintViolationException
* The requested operation would violate the constraint identified in the reason code.
*
* Some of the reasons in the following list might not be applicable to this specific API or operation:
*
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. Note that deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception immediately after creating the organization, wait one hour and try again. If
* after an hour it continues to fail with this error, contact AWS Support.
*
*
* -
*
* ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a
* member of an organization.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while
* it's in the process of enabling all features. You can resume inviting accounts after you finalize the
* process when all accounts have agreed to the change.
*
*
* -
*
* ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has
* already enabled all features.
*
*
* -
*
* ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the
* organization has already started the process to enable all features.
*
*
* -
*
* ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different
* marketplace than the accounts in the organization. For example, accounts with India addresses must be
* associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
*
*
* -
*
* ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account
* too quickly after its previous change.
*
*
* -
*
* PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment
* instrument, such as a credit card, associated with it.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.EnableAllFeatures
* @see AWS API Documentation
*/
default EnableAllFeaturesResponse enableAllFeatures(Consumer enableAllFeaturesRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
HandshakeConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
return enableAllFeatures(EnableAllFeaturesRequest.builder().applyMutation(enableAllFeaturesRequest).build());
}
/**
*
* Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type
* to the root, any organizational unit (OU), or account in that root. You can undo this by using the
* DisablePolicyType operation.
*
*
* This is an asynchronous request that AWS performs in the background. AWS recommends that you first use
* ListRoots to see the status of policy types for a specified root, and then use this operation.
*
*
* This operation can be called only from the organization's management account.
*
*
* You can enable a policy type in a root only if that policy type is available in the organization. To view the
* status of available policy types in the organization, use DescribeOrganization.
*
*
* @param enablePolicyTypeRequest
* @return Result of the EnablePolicyType operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyTypeAlreadyEnabledException
* The specified policy type is already enabled in the specified root.
* @throws RootNotFoundException
* We can't find a root with the RootId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws PolicyTypeNotAvailableForOrganizationException
* You can't use the specified policy type with the feature set currently enabled for this organization. For
* example, you can enable SCPs only after you enable all features in the organization. For more
* information, see Managing AWS Organizations Policiesin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.EnablePolicyType
* @see AWS API Documentation
*/
default EnablePolicyTypeResponse enablePolicyType(EnablePolicyTypeRequest enablePolicyTypeRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
ConstraintViolationException, InvalidInputException, PolicyTypeAlreadyEnabledException, RootNotFoundException,
ServiceException, TooManyRequestsException, PolicyTypeNotAvailableForOrganizationException,
UnsupportedApiEndpointException, PolicyChangesInProgressException, AwsServiceException, SdkClientException,
OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type
* to the root, any organizational unit (OU), or account in that root. You can undo this by using the
* DisablePolicyType operation.
*
*
* This is an asynchronous request that AWS performs in the background. AWS recommends that you first use
* ListRoots to see the status of policy types for a specified root, and then use this operation.
*
*
* This operation can be called only from the organization's management account.
*
*
* You can enable a policy type in a root only if that policy type is available in the organization. To view the
* status of available policy types in the organization, use DescribeOrganization.
*
*
*
* This is a convenience which creates an instance of the {@link EnablePolicyTypeRequest.Builder} avoiding the need
* to create one manually via {@link EnablePolicyTypeRequest#builder()}
*
*
* @param enablePolicyTypeRequest
* A {@link Consumer} that will call methods on {@link EnablePolicyTypeRequest.Builder} to create a request.
* @return Result of the EnablePolicyType operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyTypeAlreadyEnabledException
* The specified policy type is already enabled in the specified root.
* @throws RootNotFoundException
* We can't find a root with the RootId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws PolicyTypeNotAvailableForOrganizationException
* You can't use the specified policy type with the feature set currently enabled for this organization. For
* example, you can enable SCPs only after you enable all features in the organization. For more
* information, see Managing AWS Organizations Policiesin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.EnablePolicyType
* @see AWS API Documentation
*/
default EnablePolicyTypeResponse enablePolicyType(Consumer enablePolicyTypeRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
ConstraintViolationException, InvalidInputException, PolicyTypeAlreadyEnabledException, RootNotFoundException,
ServiceException, TooManyRequestsException, PolicyTypeNotAvailableForOrganizationException,
UnsupportedApiEndpointException, PolicyChangesInProgressException, AwsServiceException, SdkClientException,
OrganizationsException {
return enablePolicyType(EnablePolicyTypeRequest.builder().applyMutation(enablePolicyTypeRequest).build());
}
/**
*
* Sends an invitation to another account to join your organization as a member account. AWS Organizations sends
* email on your behalf to the email address that is associated with the other account's owner. The invitation is
* implemented as a Handshake whose details are in the response.
*
*
*
* -
*
* You can invite AWS accounts only from the same seller as the management account. For example, if your
* organization's management account was created by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller in
* India, you can invite only other AISPL accounts to your organization. You can't combine accounts from AISPL and
* AWS or from any other AWS seller. For more information, see Consolidated Billing in India.
*
*
* -
*
* If you receive an exception that indicates that you exceeded your account limits for the organization or that the
* operation failed because your organization is still initializing, wait one hour and then try again. If the error
* persists after an hour, contact AWS Support.
*
*
*
*
*
* If the request includes tags, then the requester must have the organizations:TagResource permission.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param inviteAccountToOrganizationRequest
* @return Result of the InviteAccountToOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws AccountOwnerNotVerifiedException
* You can't invite an existing account to your organization until you verify that you own the email address
* associated with the management account. For more information, see Email Address Verification in the AWS Organizations User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeConstraintViolationException
* The requested operation would violate the constraint identified in the reason code.
*
* Some of the reasons in the following list might not be applicable to this specific API or operation:
*
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. Note that deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception immediately after creating the organization, wait one hour and try again. If
* after an hour it continues to fail with this error, contact AWS Support.
*
*
* -
*
* ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a
* member of an organization.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while
* it's in the process of enabling all features. You can resume inviting accounts after you finalize the
* process when all accounts have agreed to the change.
*
*
* -
*
* ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has
* already enabled all features.
*
*
* -
*
* ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the
* organization has already started the process to enable all features.
*
*
* -
*
* ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different
* marketplace than the accounts in the organization. For example, accounts with India addresses must be
* associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
*
*
* -
*
* ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account
* too quickly after its previous change.
*
*
* -
*
* PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment
* instrument, such as a credit card, associated with it.
*
*
* @throws DuplicateHandshakeException
* A handshake with the same action and target already exists. For example, if you invited an account to
* join your organization, the invited account might already have a pending invitation from this
* organization. If you intend to resend an invitation to an account, ensure that existing handshakes that
* might be considered duplicates are canceled or declined.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws FinalizingOrganizationException
* AWS Organizations couldn't perform the operation because your organization hasn't finished initializing.
* This can take up to an hour. Try again later. If after one hour you continue to receive this error,
* contact AWS Support.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.InviteAccountToOrganization
* @see AWS API Documentation
*/
default InviteAccountToOrganizationResponse inviteAccountToOrganization(
InviteAccountToOrganizationRequest inviteAccountToOrganizationRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, AccountOwnerNotVerifiedException, ConcurrentModificationException,
HandshakeConstraintViolationException, DuplicateHandshakeException, ConstraintViolationException,
InvalidInputException, FinalizingOrganizationException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Sends an invitation to another account to join your organization as a member account. AWS Organizations sends
* email on your behalf to the email address that is associated with the other account's owner. The invitation is
* implemented as a Handshake whose details are in the response.
*
*
*
* -
*
* You can invite AWS accounts only from the same seller as the management account. For example, if your
* organization's management account was created by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller in
* India, you can invite only other AISPL accounts to your organization. You can't combine accounts from AISPL and
* AWS or from any other AWS seller. For more information, see Consolidated Billing in India.
*
*
* -
*
* If you receive an exception that indicates that you exceeded your account limits for the organization or that the
* operation failed because your organization is still initializing, wait one hour and then try again. If the error
* persists after an hour, contact AWS Support.
*
*
*
*
*
* If the request includes tags, then the requester must have the organizations:TagResource permission.
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link InviteAccountToOrganizationRequest.Builder}
* avoiding the need to create one manually via {@link InviteAccountToOrganizationRequest#builder()}
*
*
* @param inviteAccountToOrganizationRequest
* A {@link Consumer} that will call methods on {@link InviteAccountToOrganizationRequest.Builder} to create
* a request.
* @return Result of the InviteAccountToOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws AccountOwnerNotVerifiedException
* You can't invite an existing account to your organization until you verify that you own the email address
* associated with the management account. For more information, see Email Address Verification in the AWS Organizations User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws HandshakeConstraintViolationException
* The requested operation would violate the constraint identified in the reason code.
*
* Some of the reasons in the following list might not be applicable to this specific API or operation:
*
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. Note that deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception immediately after creating the organization, wait one hour and try again. If
* after an hour it continues to fail with this error, contact AWS Support.
*
*
* -
*
* ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a
* member of an organization.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while
* it's in the process of enabling all features. You can resume inviting accounts after you finalize the
* process when all accounts have agreed to the change.
*
*
* -
*
* ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has
* already enabled all features.
*
*
* -
*
* ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the
* organization has already started the process to enable all features.
*
*
* -
*
* ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different
* marketplace than the accounts in the organization. For example, accounts with India addresses must be
* associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
*
*
* -
*
* ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account
* too quickly after its previous change.
*
*
* -
*
* PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment
* instrument, such as a credit card, associated with it.
*
*
* @throws DuplicateHandshakeException
* A handshake with the same action and target already exists. For example, if you invited an account to
* join your organization, the invited account might already have a pending invitation from this
* organization. If you intend to resend an invitation to an account, ensure that existing handshakes that
* might be considered duplicates are canceled or declined.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws FinalizingOrganizationException
* AWS Organizations couldn't perform the operation because your organization hasn't finished initializing.
* This can take up to an hour. Try again later. If after one hour you continue to receive this error,
* contact AWS Support.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.InviteAccountToOrganization
* @see AWS API Documentation
*/
default InviteAccountToOrganizationResponse inviteAccountToOrganization(
Consumer inviteAccountToOrganizationRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, AccountOwnerNotVerifiedException,
ConcurrentModificationException, HandshakeConstraintViolationException, DuplicateHandshakeException,
ConstraintViolationException, InvalidInputException, FinalizingOrganizationException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return inviteAccountToOrganization(InviteAccountToOrganizationRequest.builder()
.applyMutation(inviteAccountToOrganizationRequest).build());
}
/**
*
* Removes a member account from its parent organization. This version of the operation is performed by the account
* that wants to leave. To remove a member account as a user in the management account, use
* RemoveAccountFromOrganization instead.
*
*
* This operation can be called only from a member account in the organization.
*
*
*
* -
*
* The management account in an organization with all features enabled can set service control policies (SCPs) that
* can restrict what administrators of member accounts can do. This includes preventing them from successfully
* calling LeaveOrganization and leaving the organization.
*
*
* -
*
* You can leave an organization as a member account only if the account is configured with the information required
* to operate as a standalone account. When you create an account in an organization using the AWS Organizations
* console, API, or CLI commands, the information required of standalone accounts is not automatically
* collected. For each account that you want to make standalone, you must perform the following steps. If any of the
* steps are already completed for this account, that step doesn't appear.
*
*
* -
*
* Choose a support plan
*
*
* -
*
* Provide and verify the required contact information
*
*
* -
*
* Provide a current payment method
*
*
*
*
* AWS uses the payment method to charge for any billable (not free tier) AWS activity that occurs while the account
* isn't attached to an organization. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS
* Organizations User Guide.
*
*
* -
*
* The account that you want to leave must not be a delegated administrator account for any AWS service enabled for
* your organization. If the account is a delegated administrator, you must first change the delegated administrator
* account to another account that is remaining in the organization.
*
*
* -
*
* You can leave an organization only after you enable IAM user access to billing in your account. For more
* information, see Activating Access to the Billing and Cost Management Console in the AWS Billing and Cost Management User
* Guide.
*
*
* -
*
* After the account leaves the organization, all tags that were attached to the account object in the organization
* are deleted. AWS accounts outside of an organization do not support tags.
*
*
* -
*
* A newly created account has a waiting period before it can be removed from its organization. If you get an error
* that indicates that a wait period is required, then try again in a few days.
*
*
*
*
*
* @return Result of the LeaveOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws MasterCannotLeaveOrganizationException
* You can't remove a management account from an organization. If you want the management account to become
* a member account in another organization, you must first delete the current organization of the
* management account.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.LeaveOrganization
* @see #leaveOrganization(LeaveOrganizationRequest)
* @see AWS API Documentation
*/
default LeaveOrganizationResponse leaveOrganization() throws AccessDeniedException, AccountNotFoundException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException,
InvalidInputException, MasterCannotLeaveOrganizationException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
return leaveOrganization(LeaveOrganizationRequest.builder().build());
}
/**
*
* Removes a member account from its parent organization. This version of the operation is performed by the account
* that wants to leave. To remove a member account as a user in the management account, use
* RemoveAccountFromOrganization instead.
*
*
* This operation can be called only from a member account in the organization.
*
*
*
* -
*
* The management account in an organization with all features enabled can set service control policies (SCPs) that
* can restrict what administrators of member accounts can do. This includes preventing them from successfully
* calling LeaveOrganization and leaving the organization.
*
*
* -
*
* You can leave an organization as a member account only if the account is configured with the information required
* to operate as a standalone account. When you create an account in an organization using the AWS Organizations
* console, API, or CLI commands, the information required of standalone accounts is not automatically
* collected. For each account that you want to make standalone, you must perform the following steps. If any of the
* steps are already completed for this account, that step doesn't appear.
*
*
* -
*
* Choose a support plan
*
*
* -
*
* Provide and verify the required contact information
*
*
* -
*
* Provide a current payment method
*
*
*
*
* AWS uses the payment method to charge for any billable (not free tier) AWS activity that occurs while the account
* isn't attached to an organization. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS
* Organizations User Guide.
*
*
* -
*
* The account that you want to leave must not be a delegated administrator account for any AWS service enabled for
* your organization. If the account is a delegated administrator, you must first change the delegated administrator
* account to another account that is remaining in the organization.
*
*
* -
*
* You can leave an organization only after you enable IAM user access to billing in your account. For more
* information, see Activating Access to the Billing and Cost Management Console in the AWS Billing and Cost Management User
* Guide.
*
*
* -
*
* After the account leaves the organization, all tags that were attached to the account object in the organization
* are deleted. AWS accounts outside of an organization do not support tags.
*
*
* -
*
* A newly created account has a waiting period before it can be removed from its organization. If you get an error
* that indicates that a wait period is required, then try again in a few days.
*
*
*
*
*
* @param leaveOrganizationRequest
* @return Result of the LeaveOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws MasterCannotLeaveOrganizationException
* You can't remove a management account from an organization. If you want the management account to become
* a member account in another organization, you must first delete the current organization of the
* management account.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.LeaveOrganization
* @see AWS API Documentation
*/
default LeaveOrganizationResponse leaveOrganization(LeaveOrganizationRequest leaveOrganizationRequest)
throws AccessDeniedException, AccountNotFoundException, AwsOrganizationsNotInUseException,
ConcurrentModificationException, ConstraintViolationException, InvalidInputException,
MasterCannotLeaveOrganizationException, ServiceException, TooManyRequestsException, AwsServiceException,
SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Removes a member account from its parent organization. This version of the operation is performed by the account
* that wants to leave. To remove a member account as a user in the management account, use
* RemoveAccountFromOrganization instead.
*
*
* This operation can be called only from a member account in the organization.
*
*
*
* -
*
* The management account in an organization with all features enabled can set service control policies (SCPs) that
* can restrict what administrators of member accounts can do. This includes preventing them from successfully
* calling LeaveOrganization and leaving the organization.
*
*
* -
*
* You can leave an organization as a member account only if the account is configured with the information required
* to operate as a standalone account. When you create an account in an organization using the AWS Organizations
* console, API, or CLI commands, the information required of standalone accounts is not automatically
* collected. For each account that you want to make standalone, you must perform the following steps. If any of the
* steps are already completed for this account, that step doesn't appear.
*
*
* -
*
* Choose a support plan
*
*
* -
*
* Provide and verify the required contact information
*
*
* -
*
* Provide a current payment method
*
*
*
*
* AWS uses the payment method to charge for any billable (not free tier) AWS activity that occurs while the account
* isn't attached to an organization. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS
* Organizations User Guide.
*
*
* -
*
* The account that you want to leave must not be a delegated administrator account for any AWS service enabled for
* your organization. If the account is a delegated administrator, you must first change the delegated administrator
* account to another account that is remaining in the organization.
*
*
* -
*
* You can leave an organization only after you enable IAM user access to billing in your account. For more
* information, see Activating Access to the Billing and Cost Management Console in the AWS Billing and Cost Management User
* Guide.
*
*
* -
*
* After the account leaves the organization, all tags that were attached to the account object in the organization
* are deleted. AWS accounts outside of an organization do not support tags.
*
*
* -
*
* A newly created account has a waiting period before it can be removed from its organization. If you get an error
* that indicates that a wait period is required, then try again in a few days.
*
*
*
*
*
* This is a convenience which creates an instance of the {@link LeaveOrganizationRequest.Builder} avoiding the need
* to create one manually via {@link LeaveOrganizationRequest#builder()}
*
*
* @param leaveOrganizationRequest
* A {@link Consumer} that will call methods on {@link LeaveOrganizationRequest.Builder} to create a request.
* @return Result of the LeaveOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws MasterCannotLeaveOrganizationException
* You can't remove a management account from an organization. If you want the management account to become
* a member account in another organization, you must first delete the current organization of the
* management account.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.LeaveOrganization
* @see AWS API Documentation
*/
default LeaveOrganizationResponse leaveOrganization(Consumer leaveOrganizationRequest)
throws AccessDeniedException, AccountNotFoundException, AwsOrganizationsNotInUseException,
ConcurrentModificationException, ConstraintViolationException, InvalidInputException,
MasterCannotLeaveOrganizationException, ServiceException, TooManyRequestsException, AwsServiceException,
SdkClientException, OrganizationsException {
return leaveOrganization(LeaveOrganizationRequest.builder().applyMutation(leaveOrganizationRequest).build());
}
/**
*
* Returns a list of the AWS services that you enabled to integrate with your organization. After a service on this
* list creates the resources that it requires for the integration, it can perform operations on your organization
* and its accounts.
*
*
* For more information about integrating other services with AWS Organizations, including the list of services that
* currently work with Organizations, see Integrating AWS
* Organizations with Other AWS Services in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @return Result of the ListAWSServiceAccessForOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAWSServiceAccessForOrganization
* @see #listAWSServiceAccessForOrganization(ListAwsServiceAccessForOrganizationRequest)
* @see AWS API Documentation
*/
default ListAwsServiceAccessForOrganizationResponse listAWSServiceAccessForOrganization() throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, ServiceException,
TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
return listAWSServiceAccessForOrganization(ListAwsServiceAccessForOrganizationRequest.builder().build());
}
/**
*
* Returns a list of the AWS services that you enabled to integrate with your organization. After a service on this
* list creates the resources that it requires for the integration, it can perform operations on your organization
* and its accounts.
*
*
* For more information about integrating other services with AWS Organizations, including the list of services that
* currently work with Organizations, see Integrating AWS
* Organizations with Other AWS Services in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param listAwsServiceAccessForOrganizationRequest
* @return Result of the ListAWSServiceAccessForOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAWSServiceAccessForOrganization
* @see AWS API Documentation
*/
default ListAwsServiceAccessForOrganizationResponse listAWSServiceAccessForOrganization(
ListAwsServiceAccessForOrganizationRequest listAwsServiceAccessForOrganizationRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, ServiceException,
TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Returns a list of the AWS services that you enabled to integrate with your organization. After a service on this
* list creates the resources that it requires for the integration, it can perform operations on your organization
* and its accounts.
*
*
* For more information about integrating other services with AWS Organizations, including the list of services that
* currently work with Organizations, see Integrating AWS
* Organizations with Other AWS Services in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link ListAwsServiceAccessForOrganizationRequest.Builder}
* avoiding the need to create one manually via {@link ListAwsServiceAccessForOrganizationRequest#builder()}
*
*
* @param listAwsServiceAccessForOrganizationRequest
* A {@link Consumer} that will call methods on {@link ListAWSServiceAccessForOrganizationRequest.Builder} to
* create a request.
* @return Result of the ListAWSServiceAccessForOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAWSServiceAccessForOrganization
* @see AWS API Documentation
*/
default ListAwsServiceAccessForOrganizationResponse listAWSServiceAccessForOrganization(
Consumer listAwsServiceAccessForOrganizationRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException,
ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
return listAWSServiceAccessForOrganization(ListAwsServiceAccessForOrganizationRequest.builder()
.applyMutation(listAwsServiceAccessForOrganizationRequest).build());
}
/**
*
* Returns a list of the AWS services that you enabled to integrate with your organization. After a service on this
* list creates the resources that it requires for the integration, it can perform operations on your organization
* and its accounts.
*
*
* For more information about integrating other services with AWS Organizations, including the list of services that
* currently work with Organizations, see Integrating AWS
* Organizations with Other AWS Services in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listAWSServiceAccessForOrganization(software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client.listAWSServiceAccessForOrganizationPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client
* .listAWSServiceAccessForOrganizationPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client.listAWSServiceAccessForOrganizationPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listAWSServiceAccessForOrganization(software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationRequest)}
* operation.
*
*
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAWSServiceAccessForOrganization
* @see #listAWSServiceAccessForOrganizationPaginator(ListAwsServiceAccessForOrganizationRequest)
* @see AWS API Documentation
*/
default ListAWSServiceAccessForOrganizationIterable listAWSServiceAccessForOrganizationPaginator()
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException,
ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
return listAWSServiceAccessForOrganizationPaginator(ListAwsServiceAccessForOrganizationRequest.builder().build());
}
/**
*
* Returns a list of the AWS services that you enabled to integrate with your organization. After a service on this
* list creates the resources that it requires for the integration, it can perform operations on your organization
* and its accounts.
*
*
* For more information about integrating other services with AWS Organizations, including the list of services that
* currently work with Organizations, see Integrating AWS
* Organizations with Other AWS Services in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listAWSServiceAccessForOrganization(software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client.listAWSServiceAccessForOrganizationPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client
* .listAWSServiceAccessForOrganizationPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client.listAWSServiceAccessForOrganizationPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listAWSServiceAccessForOrganization(software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationRequest)}
* operation.
*
*
* @param listAwsServiceAccessForOrganizationRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAWSServiceAccessForOrganization
* @see AWS API Documentation
*/
default ListAWSServiceAccessForOrganizationIterable listAWSServiceAccessForOrganizationPaginator(
ListAwsServiceAccessForOrganizationRequest listAwsServiceAccessForOrganizationRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, ServiceException,
TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Returns a list of the AWS services that you enabled to integrate with your organization. After a service on this
* list creates the resources that it requires for the integration, it can perform operations on your organization
* and its accounts.
*
*
* For more information about integrating other services with AWS Organizations, including the list of services that
* currently work with Organizations, see Integrating AWS
* Organizations with Other AWS Services in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listAWSServiceAccessForOrganization(software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client.listAWSServiceAccessForOrganizationPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client
* .listAWSServiceAccessForOrganizationPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client.listAWSServiceAccessForOrganizationPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listAWSServiceAccessForOrganization(software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationRequest)}
* operation.
*
*
* This is a convenience which creates an instance of the {@link ListAwsServiceAccessForOrganizationRequest.Builder}
* avoiding the need to create one manually via {@link ListAwsServiceAccessForOrganizationRequest#builder()}
*
*
* @param listAwsServiceAccessForOrganizationRequest
* A {@link Consumer} that will call methods on {@link ListAWSServiceAccessForOrganizationRequest.Builder} to
* create a request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAWSServiceAccessForOrganization
* @see AWS API Documentation
*/
default ListAWSServiceAccessForOrganizationIterable listAWSServiceAccessForOrganizationPaginator(
Consumer listAwsServiceAccessForOrganizationRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException,
ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
return listAWSServiceAccessForOrganizationPaginator(ListAwsServiceAccessForOrganizationRequest.builder()
.applyMutation(listAwsServiceAccessForOrganizationRequest).build());
}
/**
*
* Lists all the accounts in the organization. To request only the accounts in a specified root or organizational
* unit (OU), use the ListAccountsForParent operation instead.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @return Result of the ListAccounts operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAccounts
* @see #listAccounts(ListAccountsRequest)
* @see AWS
* API Documentation
*/
default ListAccountsResponse listAccounts() throws AccessDeniedException, AwsOrganizationsNotInUseException,
InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException,
OrganizationsException {
return listAccounts(ListAccountsRequest.builder().build());
}
/**
*
* Lists all the accounts in the organization. To request only the accounts in a specified root or organizational
* unit (OU), use the ListAccountsForParent operation instead.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param listAccountsRequest
* @return Result of the ListAccounts operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAccounts
* @see AWS
* API Documentation
*/
default ListAccountsResponse listAccounts(ListAccountsRequest listAccountsRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists all the accounts in the organization. To request only the accounts in a specified root or organizational
* unit (OU), use the ListAccountsForParent operation instead.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link ListAccountsRequest.Builder} avoiding the need to
* create one manually via {@link ListAccountsRequest#builder()}
*
*
* @param listAccountsRequest
* A {@link Consumer} that will call methods on {@link ListAccountsRequest.Builder} to create a request.
* @return Result of the ListAccounts operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAccounts
* @see AWS
* API Documentation
*/
default ListAccountsResponse listAccounts(Consumer listAccountsRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listAccounts(ListAccountsRequest.builder().applyMutation(listAccountsRequest).build());
}
/**
*
* Lists all the accounts in the organization. To request only the accounts in a specified root or organizational
* unit (OU), use the ListAccountsForParent operation instead.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)} operation. The
* return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle
* making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client
* .listAccountsPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListAccountsResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)} operation.
*
*
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAccounts
* @see #listAccountsPaginator(ListAccountsRequest)
* @see AWS
* API Documentation
*/
default ListAccountsIterable listAccountsPaginator() throws AccessDeniedException, AwsOrganizationsNotInUseException,
InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException,
OrganizationsException {
return listAccountsPaginator(ListAccountsRequest.builder().build());
}
/**
*
* Lists all the accounts in the organization. To request only the accounts in a specified root or organizational
* unit (OU), use the ListAccountsForParent operation instead.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)} operation. The
* return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle
* making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client
* .listAccountsPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListAccountsResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)} operation.
*
*
* @param listAccountsRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAccounts
* @see AWS
* API Documentation
*/
default ListAccountsIterable listAccountsPaginator(ListAccountsRequest listAccountsRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists all the accounts in the organization. To request only the accounts in a specified root or organizational
* unit (OU), use the ListAccountsForParent operation instead.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)} operation. The
* return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle
* making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client
* .listAccountsPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListAccountsResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)} operation.
*
*
* This is a convenience which creates an instance of the {@link ListAccountsRequest.Builder} avoiding the need to
* create one manually via {@link ListAccountsRequest#builder()}
*
*
* @param listAccountsRequest
* A {@link Consumer} that will call methods on {@link ListAccountsRequest.Builder} to create a request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAccounts
* @see AWS
* API Documentation
*/
default ListAccountsIterable listAccountsPaginator(Consumer listAccountsRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listAccountsPaginator(ListAccountsRequest.builder().applyMutation(listAccountsRequest).build());
}
/**
*
* Lists the accounts in an organization that are contained by the specified target root or organizational unit
* (OU). If you specify the root, you get a list of all the accounts that aren't in any OU. If you specify an OU,
* you get a list of all the accounts in only that OU and not in any child OUs. To get a list of all accounts in the
* organization, use the ListAccounts operation.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param listAccountsForParentRequest
* @return Result of the ListAccountsForParent operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAccountsForParent
* @see AWS API Documentation
*/
default ListAccountsForParentResponse listAccountsForParent(ListAccountsForParentRequest listAccountsForParentRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException,
ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the accounts in an organization that are contained by the specified target root or organizational unit
* (OU). If you specify the root, you get a list of all the accounts that aren't in any OU. If you specify an OU,
* you get a list of all the accounts in only that OU and not in any child OUs. To get a list of all accounts in the
* organization, use the ListAccounts operation.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link ListAccountsForParentRequest.Builder} avoiding the
* need to create one manually via {@link ListAccountsForParentRequest#builder()}
*
*
* @param listAccountsForParentRequest
* A {@link Consumer} that will call methods on {@link ListAccountsForParentRequest.Builder} to create a
* request.
* @return Result of the ListAccountsForParent operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAccountsForParent
* @see AWS API Documentation
*/
default ListAccountsForParentResponse listAccountsForParent(
Consumer listAccountsForParentRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listAccountsForParent(ListAccountsForParentRequest.builder().applyMutation(listAccountsForParentRequest).build());
}
/**
*
* Lists the accounts in an organization that are contained by the specified target root or organizational unit
* (OU). If you specify the root, you get a list of all the accounts that aren't in any OU. If you specify an OU,
* you get a list of all the accounts in only that OU and not in any child OUs. To get a list of all accounts in the
* organization, use the ListAccounts operation.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listAccountsForParent(software.amazon.awssdk.services.organizations.model.ListAccountsForParentRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsForParentIterable responses = client.listAccountsForParentPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsForParentIterable responses = client
* .listAccountsForParentPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListAccountsForParentResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsForParentIterable responses = client.listAccountsForParentPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listAccountsForParent(software.amazon.awssdk.services.organizations.model.ListAccountsForParentRequest)}
* operation.
*
*
* @param listAccountsForParentRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAccountsForParent
* @see AWS API Documentation
*/
default ListAccountsForParentIterable listAccountsForParentPaginator(ListAccountsForParentRequest listAccountsForParentRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException,
ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the accounts in an organization that are contained by the specified target root or organizational unit
* (OU). If you specify the root, you get a list of all the accounts that aren't in any OU. If you specify an OU,
* you get a list of all the accounts in only that OU and not in any child OUs. To get a list of all accounts in the
* organization, use the ListAccounts operation.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listAccountsForParent(software.amazon.awssdk.services.organizations.model.ListAccountsForParentRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsForParentIterable responses = client.listAccountsForParentPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsForParentIterable responses = client
* .listAccountsForParentPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListAccountsForParentResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListAccountsForParentIterable responses = client.listAccountsForParentPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listAccountsForParent(software.amazon.awssdk.services.organizations.model.ListAccountsForParentRequest)}
* operation.
*
*
* This is a convenience which creates an instance of the {@link ListAccountsForParentRequest.Builder} avoiding the
* need to create one manually via {@link ListAccountsForParentRequest#builder()}
*
*
* @param listAccountsForParentRequest
* A {@link Consumer} that will call methods on {@link ListAccountsForParentRequest.Builder} to create a
* request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListAccountsForParent
* @see AWS API Documentation
*/
default ListAccountsForParentIterable listAccountsForParentPaginator(
Consumer listAccountsForParentRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listAccountsForParentPaginator(ListAccountsForParentRequest.builder().applyMutation(listAccountsForParentRequest)
.build());
}
/**
*
* Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root.
* This operation, along with ListParents enables you to traverse the tree structure that makes up this root.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param listChildrenRequest
* @return Result of the ListChildren operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListChildren
* @see AWS
* API Documentation
*/
default ListChildrenResponse listChildren(ListChildrenRequest listChildrenRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root.
* This operation, along with ListParents enables you to traverse the tree structure that makes up this root.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link ListChildrenRequest.Builder} avoiding the need to
* create one manually via {@link ListChildrenRequest#builder()}
*
*
* @param listChildrenRequest
* A {@link Consumer} that will call methods on {@link ListChildrenRequest.Builder} to create a request.
* @return Result of the ListChildren operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListChildren
* @see AWS
* API Documentation
*/
default ListChildrenResponse listChildren(Consumer listChildrenRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException,
ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listChildren(ListChildrenRequest.builder().applyMutation(listChildrenRequest).build());
}
/**
*
* Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root.
* This operation, along with ListParents enables you to traverse the tree structure that makes up this root.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listChildren(software.amazon.awssdk.services.organizations.model.ListChildrenRequest)} operation. The
* return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle
* making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListChildrenIterable responses = client.listChildrenPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListChildrenIterable responses = client
* .listChildrenPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListChildrenResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListChildrenIterable responses = client.listChildrenPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listChildren(software.amazon.awssdk.services.organizations.model.ListChildrenRequest)} operation.
*
*
* @param listChildrenRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListChildren
* @see AWS
* API Documentation
*/
default ListChildrenIterable listChildrenPaginator(ListChildrenRequest listChildrenRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root.
* This operation, along with ListParents enables you to traverse the tree structure that makes up this root.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listChildren(software.amazon.awssdk.services.organizations.model.ListChildrenRequest)} operation. The
* return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle
* making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListChildrenIterable responses = client.listChildrenPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListChildrenIterable responses = client
* .listChildrenPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListChildrenResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListChildrenIterable responses = client.listChildrenPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listChildren(software.amazon.awssdk.services.organizations.model.ListChildrenRequest)} operation.
*
*
* This is a convenience which creates an instance of the {@link ListChildrenRequest.Builder} avoiding the need to
* create one manually via {@link ListChildrenRequest#builder()}
*
*
* @param listChildrenRequest
* A {@link Consumer} that will call methods on {@link ListChildrenRequest.Builder} to create a request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListChildren
* @see AWS
* API Documentation
*/
default ListChildrenIterable listChildrenPaginator(Consumer listChildrenRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException,
ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listChildrenPaginator(ListChildrenRequest.builder().applyMutation(listChildrenRequest).build());
}
/**
*
* Lists the account creation requests that match the specified status that is currently being tracked for the
* organization.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @return Result of the ListCreateAccountStatus operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListCreateAccountStatus
* @see #listCreateAccountStatus(ListCreateAccountStatusRequest)
* @see AWS API Documentation
*/
default ListCreateAccountStatusResponse listCreateAccountStatus() throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
return listCreateAccountStatus(ListCreateAccountStatusRequest.builder().build());
}
/**
*
* Lists the account creation requests that match the specified status that is currently being tracked for the
* organization.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param listCreateAccountStatusRequest
* @return Result of the ListCreateAccountStatus operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListCreateAccountStatus
* @see AWS API Documentation
*/
default ListCreateAccountStatusResponse listCreateAccountStatus(ListCreateAccountStatusRequest listCreateAccountStatusRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException,
TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the account creation requests that match the specified status that is currently being tracked for the
* organization.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link ListCreateAccountStatusRequest.Builder} avoiding
* the need to create one manually via {@link ListCreateAccountStatusRequest#builder()}
*
*
* @param listCreateAccountStatusRequest
* A {@link Consumer} that will call methods on {@link ListCreateAccountStatusRequest.Builder} to create a
* request.
* @return Result of the ListCreateAccountStatus operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListCreateAccountStatus
* @see AWS API Documentation
*/
default ListCreateAccountStatusResponse listCreateAccountStatus(
Consumer listCreateAccountStatusRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
return listCreateAccountStatus(ListCreateAccountStatusRequest.builder().applyMutation(listCreateAccountStatusRequest)
.build());
}
/**
*
* Lists the account creation requests that match the specified status that is currently being tracked for the
* organization.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client.listCreateAccountStatusPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client
* .listCreateAccountStatusPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client.listCreateAccountStatusPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)}
* operation.
*
*
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListCreateAccountStatus
* @see #listCreateAccountStatusPaginator(ListCreateAccountStatusRequest)
* @see AWS API Documentation
*/
default ListCreateAccountStatusIterable listCreateAccountStatusPaginator() throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
return listCreateAccountStatusPaginator(ListCreateAccountStatusRequest.builder().build());
}
/**
*
* Lists the account creation requests that match the specified status that is currently being tracked for the
* organization.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client.listCreateAccountStatusPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client
* .listCreateAccountStatusPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client.listCreateAccountStatusPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)}
* operation.
*
*
* @param listCreateAccountStatusRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListCreateAccountStatus
* @see AWS API Documentation
*/
default ListCreateAccountStatusIterable listCreateAccountStatusPaginator(
ListCreateAccountStatusRequest listCreateAccountStatusRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the account creation requests that match the specified status that is currently being tracked for the
* organization.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client.listCreateAccountStatusPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client
* .listCreateAccountStatusPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client.listCreateAccountStatusPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)}
* operation.
*
*
* This is a convenience which creates an instance of the {@link ListCreateAccountStatusRequest.Builder} avoiding
* the need to create one manually via {@link ListCreateAccountStatusRequest#builder()}
*
*
* @param listCreateAccountStatusRequest
* A {@link Consumer} that will call methods on {@link ListCreateAccountStatusRequest.Builder} to create a
* request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListCreateAccountStatus
* @see AWS API Documentation
*/
default ListCreateAccountStatusIterable listCreateAccountStatusPaginator(
Consumer listCreateAccountStatusRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
return listCreateAccountStatusPaginator(ListCreateAccountStatusRequest.builder()
.applyMutation(listCreateAccountStatusRequest).build());
}
/**
*
* Lists the AWS accounts that are designated as delegated administrators in this organization.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param listDelegatedAdministratorsRequest
* @return Result of the ListDelegatedAdministrators operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListDelegatedAdministrators
* @see AWS API Documentation
*/
default ListDelegatedAdministratorsResponse listDelegatedAdministrators(
ListDelegatedAdministratorsRequest listDelegatedAdministratorsRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, TooManyRequestsException,
ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the AWS accounts that are designated as delegated administrators in this organization.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link ListDelegatedAdministratorsRequest.Builder}
* avoiding the need to create one manually via {@link ListDelegatedAdministratorsRequest#builder()}
*
*
* @param listDelegatedAdministratorsRequest
* A {@link Consumer} that will call methods on {@link ListDelegatedAdministratorsRequest.Builder} to create
* a request.
* @return Result of the ListDelegatedAdministrators operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListDelegatedAdministrators
* @see AWS API Documentation
*/
default ListDelegatedAdministratorsResponse listDelegatedAdministrators(
Consumer listDelegatedAdministratorsRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException,
TooManyRequestsException, ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
return listDelegatedAdministrators(ListDelegatedAdministratorsRequest.builder()
.applyMutation(listDelegatedAdministratorsRequest).build());
}
/**
*
* Lists the AWS accounts that are designated as delegated administrators in this organization.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listDelegatedAdministrators(software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListDelegatedAdministratorsIterable responses = client.listDelegatedAdministratorsPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListDelegatedAdministratorsIterable responses = client
* .listDelegatedAdministratorsPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListDelegatedAdministratorsIterable responses = client.listDelegatedAdministratorsPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listDelegatedAdministrators(software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsRequest)}
* operation.
*
*
* @param listDelegatedAdministratorsRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListDelegatedAdministrators
* @see AWS API Documentation
*/
default ListDelegatedAdministratorsIterable listDelegatedAdministratorsPaginator(
ListDelegatedAdministratorsRequest listDelegatedAdministratorsRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, TooManyRequestsException,
ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the AWS accounts that are designated as delegated administrators in this organization.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listDelegatedAdministrators(software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListDelegatedAdministratorsIterable responses = client.listDelegatedAdministratorsPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListDelegatedAdministratorsIterable responses = client
* .listDelegatedAdministratorsPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListDelegatedAdministratorsIterable responses = client.listDelegatedAdministratorsPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listDelegatedAdministrators(software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsRequest)}
* operation.
*
*
* This is a convenience which creates an instance of the {@link ListDelegatedAdministratorsRequest.Builder}
* avoiding the need to create one manually via {@link ListDelegatedAdministratorsRequest#builder()}
*
*
* @param listDelegatedAdministratorsRequest
* A {@link Consumer} that will call methods on {@link ListDelegatedAdministratorsRequest.Builder} to create
* a request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListDelegatedAdministrators
* @see AWS API Documentation
*/
default ListDelegatedAdministratorsIterable listDelegatedAdministratorsPaginator(
Consumer listDelegatedAdministratorsRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException,
TooManyRequestsException, ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
return listDelegatedAdministratorsPaginator(ListDelegatedAdministratorsRequest.builder()
.applyMutation(listDelegatedAdministratorsRequest).build());
}
/**
*
* List the AWS services for which the specified account is a delegated administrator.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param listDelegatedServicesForAccountRequest
* @return Result of the ListDelegatedServicesForAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AccountNotRegisteredException
* The specified account is not a delegated administrator for this AWS service.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListDelegatedServicesForAccount
* @see AWS API Documentation
*/
default ListDelegatedServicesForAccountResponse listDelegatedServicesForAccount(
ListDelegatedServicesForAccountRequest listDelegatedServicesForAccountRequest) throws AccessDeniedException,
AccountNotFoundException, AccountNotRegisteredException, AwsOrganizationsNotInUseException,
ConstraintViolationException, InvalidInputException, TooManyRequestsException, ServiceException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* List the AWS services for which the specified account is a delegated administrator.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link ListDelegatedServicesForAccountRequest.Builder}
* avoiding the need to create one manually via {@link ListDelegatedServicesForAccountRequest#builder()}
*
*
* @param listDelegatedServicesForAccountRequest
* A {@link Consumer} that will call methods on {@link ListDelegatedServicesForAccountRequest.Builder} to
* create a request.
* @return Result of the ListDelegatedServicesForAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AccountNotRegisteredException
* The specified account is not a delegated administrator for this AWS service.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListDelegatedServicesForAccount
* @see AWS API Documentation
*/
default ListDelegatedServicesForAccountResponse listDelegatedServicesForAccount(
Consumer listDelegatedServicesForAccountRequest)
throws AccessDeniedException, AccountNotFoundException, AccountNotRegisteredException,
AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, TooManyRequestsException,
ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
return listDelegatedServicesForAccount(ListDelegatedServicesForAccountRequest.builder()
.applyMutation(listDelegatedServicesForAccountRequest).build());
}
/**
*
* List the AWS services for which the specified account is a delegated administrator.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listDelegatedServicesForAccount(software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListDelegatedServicesForAccountIterable responses = client.listDelegatedServicesForAccountPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListDelegatedServicesForAccountIterable responses = client
* .listDelegatedServicesForAccountPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListDelegatedServicesForAccountIterable responses = client.listDelegatedServicesForAccountPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listDelegatedServicesForAccount(software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountRequest)}
* operation.
*
*
* @param listDelegatedServicesForAccountRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AccountNotRegisteredException
* The specified account is not a delegated administrator for this AWS service.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListDelegatedServicesForAccount
* @see AWS API Documentation
*/
default ListDelegatedServicesForAccountIterable listDelegatedServicesForAccountPaginator(
ListDelegatedServicesForAccountRequest listDelegatedServicesForAccountRequest) throws AccessDeniedException,
AccountNotFoundException, AccountNotRegisteredException, AwsOrganizationsNotInUseException,
ConstraintViolationException, InvalidInputException, TooManyRequestsException, ServiceException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* List the AWS services for which the specified account is a delegated administrator.
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listDelegatedServicesForAccount(software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListDelegatedServicesForAccountIterable responses = client.listDelegatedServicesForAccountPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListDelegatedServicesForAccountIterable responses = client
* .listDelegatedServicesForAccountPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListDelegatedServicesForAccountIterable responses = client.listDelegatedServicesForAccountPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listDelegatedServicesForAccount(software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountRequest)}
* operation.
*
*
* This is a convenience which creates an instance of the {@link ListDelegatedServicesForAccountRequest.Builder}
* avoiding the need to create one manually via {@link ListDelegatedServicesForAccountRequest#builder()}
*
*
* @param listDelegatedServicesForAccountRequest
* A {@link Consumer} that will call methods on {@link ListDelegatedServicesForAccountRequest.Builder} to
* create a request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AccountNotRegisteredException
* The specified account is not a delegated administrator for this AWS service.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListDelegatedServicesForAccount
* @see AWS API Documentation
*/
default ListDelegatedServicesForAccountIterable listDelegatedServicesForAccountPaginator(
Consumer listDelegatedServicesForAccountRequest)
throws AccessDeniedException, AccountNotFoundException, AccountNotRegisteredException,
AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, TooManyRequestsException,
ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
return listDelegatedServicesForAccountPaginator(ListDelegatedServicesForAccountRequest.builder()
.applyMutation(listDelegatedServicesForAccountRequest).build());
}
/**
*
* Lists the current handshakes that are associated with the account of the requesting user.
*
*
* Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
* of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called from any account in the organization.
*
*
* @return Result of the ListHandshakesForAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListHandshakesForAccount
* @see #listHandshakesForAccount(ListHandshakesForAccountRequest)
* @see AWS API Documentation
*/
default ListHandshakesForAccountResponse listHandshakesForAccount() throws AccessDeniedException,
ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
return listHandshakesForAccount(ListHandshakesForAccountRequest.builder().build());
}
/**
*
* Lists the current handshakes that are associated with the account of the requesting user.
*
*
* Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
* of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called from any account in the organization.
*
*
* @param listHandshakesForAccountRequest
* @return Result of the ListHandshakesForAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListHandshakesForAccount
* @see AWS API Documentation
*/
default ListHandshakesForAccountResponse listHandshakesForAccount(
ListHandshakesForAccountRequest listHandshakesForAccountRequest) throws AccessDeniedException,
ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the current handshakes that are associated with the account of the requesting user.
*
*
* Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
* of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called from any account in the organization.
*
*
*
* This is a convenience which creates an instance of the {@link ListHandshakesForAccountRequest.Builder} avoiding
* the need to create one manually via {@link ListHandshakesForAccountRequest#builder()}
*
*
* @param listHandshakesForAccountRequest
* A {@link Consumer} that will call methods on {@link ListHandshakesForAccountRequest.Builder} to create a
* request.
* @return Result of the ListHandshakesForAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListHandshakesForAccount
* @see AWS API Documentation
*/
default ListHandshakesForAccountResponse listHandshakesForAccount(
Consumer listHandshakesForAccountRequest) throws AccessDeniedException,
ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
return listHandshakesForAccount(ListHandshakesForAccountRequest.builder().applyMutation(listHandshakesForAccountRequest)
.build());
}
/**
*
* Lists the current handshakes that are associated with the account of the requesting user.
*
*
* Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
* of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called from any account in the organization.
*
*
*
* This is a variant of
* {@link #listHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client.listHandshakesForAccountPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client
* .listHandshakesForAccountPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client.listHandshakesForAccountPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)}
* operation.
*
*
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListHandshakesForAccount
* @see #listHandshakesForAccountPaginator(ListHandshakesForAccountRequest)
* @see AWS API Documentation
*/
default ListHandshakesForAccountIterable listHandshakesForAccountPaginator() throws AccessDeniedException,
ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
return listHandshakesForAccountPaginator(ListHandshakesForAccountRequest.builder().build());
}
/**
*
* Lists the current handshakes that are associated with the account of the requesting user.
*
*
* Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
* of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called from any account in the organization.
*
*
*
* This is a variant of
* {@link #listHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client.listHandshakesForAccountPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client
* .listHandshakesForAccountPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client.listHandshakesForAccountPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)}
* operation.
*
*
* @param listHandshakesForAccountRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListHandshakesForAccount
* @see AWS API Documentation
*/
default ListHandshakesForAccountIterable listHandshakesForAccountPaginator(
ListHandshakesForAccountRequest listHandshakesForAccountRequest) throws AccessDeniedException,
ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the current handshakes that are associated with the account of the requesting user.
*
*
* Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
* of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called from any account in the organization.
*
*
*
* This is a variant of
* {@link #listHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client.listHandshakesForAccountPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client
* .listHandshakesForAccountPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client.listHandshakesForAccountPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)}
* operation.
*
*
* This is a convenience which creates an instance of the {@link ListHandshakesForAccountRequest.Builder} avoiding
* the need to create one manually via {@link ListHandshakesForAccountRequest#builder()}
*
*
* @param listHandshakesForAccountRequest
* A {@link Consumer} that will call methods on {@link ListHandshakesForAccountRequest.Builder} to create a
* request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListHandshakesForAccount
* @see AWS API Documentation
*/
default ListHandshakesForAccountIterable listHandshakesForAccountPaginator(
Consumer listHandshakesForAccountRequest) throws AccessDeniedException,
ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
return listHandshakesForAccountPaginator(ListHandshakesForAccountRequest.builder()
.applyMutation(listHandshakesForAccountRequest).build());
}
/**
*
* Lists the handshakes that are associated with the organization that the requesting user is part of. The
* ListHandshakesForOrganization operation returns a list of handshake structures. Each structure
* contains details and status about a handshake.
*
*
* Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
* of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @return Result of the ListHandshakesForOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListHandshakesForOrganization
* @see #listHandshakesForOrganization(ListHandshakesForOrganizationRequest)
* @see AWS API Documentation
*/
default ListHandshakesForOrganizationResponse listHandshakesForOrganization() throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listHandshakesForOrganization(ListHandshakesForOrganizationRequest.builder().build());
}
/**
*
* Lists the handshakes that are associated with the organization that the requesting user is part of. The
* ListHandshakesForOrganization operation returns a list of handshake structures. Each structure
* contains details and status about a handshake.
*
*
* Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
* of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param listHandshakesForOrganizationRequest
* @return Result of the ListHandshakesForOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListHandshakesForOrganization
* @see AWS API Documentation
*/
default ListHandshakesForOrganizationResponse listHandshakesForOrganization(
ListHandshakesForOrganizationRequest listHandshakesForOrganizationRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the handshakes that are associated with the organization that the requesting user is part of. The
* ListHandshakesForOrganization operation returns a list of handshake structures. Each structure
* contains details and status about a handshake.
*
*
* Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
* of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link ListHandshakesForOrganizationRequest.Builder}
* avoiding the need to create one manually via {@link ListHandshakesForOrganizationRequest#builder()}
*
*
* @param listHandshakesForOrganizationRequest
* A {@link Consumer} that will call methods on {@link ListHandshakesForOrganizationRequest.Builder} to
* create a request.
* @return Result of the ListHandshakesForOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListHandshakesForOrganization
* @see AWS API Documentation
*/
default ListHandshakesForOrganizationResponse listHandshakesForOrganization(
Consumer listHandshakesForOrganizationRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException,
OrganizationsException {
return listHandshakesForOrganization(ListHandshakesForOrganizationRequest.builder()
.applyMutation(listHandshakesForOrganizationRequest).build());
}
/**
*
* Lists the handshakes that are associated with the organization that the requesting user is part of. The
* ListHandshakesForOrganization operation returns a list of handshake structures. Each structure
* contains details and status about a handshake.
*
*
* Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
* of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client.listHandshakesForOrganizationPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client
* .listHandshakesForOrganizationPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client.listHandshakesForOrganizationPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)}
* operation.
*
*
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListHandshakesForOrganization
* @see #listHandshakesForOrganizationPaginator(ListHandshakesForOrganizationRequest)
* @see AWS API Documentation
*/
default ListHandshakesForOrganizationIterable listHandshakesForOrganizationPaginator() throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listHandshakesForOrganizationPaginator(ListHandshakesForOrganizationRequest.builder().build());
}
/**
*
* Lists the handshakes that are associated with the organization that the requesting user is part of. The
* ListHandshakesForOrganization operation returns a list of handshake structures. Each structure
* contains details and status about a handshake.
*
*
* Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
* of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client.listHandshakesForOrganizationPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client
* .listHandshakesForOrganizationPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client.listHandshakesForOrganizationPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)}
* operation.
*
*
* @param listHandshakesForOrganizationRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListHandshakesForOrganization
* @see AWS API Documentation
*/
default ListHandshakesForOrganizationIterable listHandshakesForOrganizationPaginator(
ListHandshakesForOrganizationRequest listHandshakesForOrganizationRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the handshakes that are associated with the organization that the requesting user is part of. The
* ListHandshakesForOrganization operation returns a list of handshake structures. Each structure
* contains details and status about a handshake.
*
*
* Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
* of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client.listHandshakesForOrganizationPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client
* .listHandshakesForOrganizationPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client.listHandshakesForOrganizationPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)}
* operation.
*
*
* This is a convenience which creates an instance of the {@link ListHandshakesForOrganizationRequest.Builder}
* avoiding the need to create one manually via {@link ListHandshakesForOrganizationRequest#builder()}
*
*
* @param listHandshakesForOrganizationRequest
* A {@link Consumer} that will call methods on {@link ListHandshakesForOrganizationRequest.Builder} to
* create a request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListHandshakesForOrganization
* @see AWS API Documentation
*/
default ListHandshakesForOrganizationIterable listHandshakesForOrganizationPaginator(
Consumer listHandshakesForOrganizationRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException,
OrganizationsException {
return listHandshakesForOrganizationPaginator(ListHandshakesForOrganizationRequest.builder()
.applyMutation(listHandshakesForOrganizationRequest).build());
}
/**
*
* Lists the organizational units (OUs) in a parent organizational unit or root.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param listOrganizationalUnitsForParentRequest
* @return Result of the ListOrganizationalUnitsForParent operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListOrganizationalUnitsForParent
* @see AWS API Documentation
*/
default ListOrganizationalUnitsForParentResponse listOrganizationalUnitsForParent(
ListOrganizationalUnitsForParentRequest listOrganizationalUnitsForParentRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the organizational units (OUs) in a parent organizational unit or root.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link ListOrganizationalUnitsForParentRequest.Builder}
* avoiding the need to create one manually via {@link ListOrganizationalUnitsForParentRequest#builder()}
*
*
* @param listOrganizationalUnitsForParentRequest
* A {@link Consumer} that will call methods on {@link ListOrganizationalUnitsForParentRequest.Builder} to
* create a request.
* @return Result of the ListOrganizationalUnitsForParent operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListOrganizationalUnitsForParent
* @see AWS API Documentation
*/
default ListOrganizationalUnitsForParentResponse listOrganizationalUnitsForParent(
Consumer listOrganizationalUnitsForParentRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException,
ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listOrganizationalUnitsForParent(ListOrganizationalUnitsForParentRequest.builder()
.applyMutation(listOrganizationalUnitsForParentRequest).build());
}
/**
*
* Lists the organizational units (OUs) in a parent organizational unit or root.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listOrganizationalUnitsForParent(software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListOrganizationalUnitsForParentIterable responses = client.listOrganizationalUnitsForParentPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListOrganizationalUnitsForParentIterable responses = client
* .listOrganizationalUnitsForParentPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListOrganizationalUnitsForParentIterable responses = client.listOrganizationalUnitsForParentPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listOrganizationalUnitsForParent(software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentRequest)}
* operation.
*
*
* @param listOrganizationalUnitsForParentRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListOrganizationalUnitsForParent
* @see AWS API Documentation
*/
default ListOrganizationalUnitsForParentIterable listOrganizationalUnitsForParentPaginator(
ListOrganizationalUnitsForParentRequest listOrganizationalUnitsForParentRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the organizational units (OUs) in a parent organizational unit or root.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listOrganizationalUnitsForParent(software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListOrganizationalUnitsForParentIterable responses = client.listOrganizationalUnitsForParentPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListOrganizationalUnitsForParentIterable responses = client
* .listOrganizationalUnitsForParentPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListOrganizationalUnitsForParentIterable responses = client.listOrganizationalUnitsForParentPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listOrganizationalUnitsForParent(software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentRequest)}
* operation.
*
*
* This is a convenience which creates an instance of the {@link ListOrganizationalUnitsForParentRequest.Builder}
* avoiding the need to create one manually via {@link ListOrganizationalUnitsForParentRequest#builder()}
*
*
* @param listOrganizationalUnitsForParentRequest
* A {@link Consumer} that will call methods on {@link ListOrganizationalUnitsForParentRequest.Builder} to
* create a request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ParentNotFoundException
* We can't find a root or OU with the ParentId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListOrganizationalUnitsForParent
* @see AWS API Documentation
*/
default ListOrganizationalUnitsForParentIterable listOrganizationalUnitsForParentPaginator(
Consumer listOrganizationalUnitsForParentRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException,
ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listOrganizationalUnitsForParentPaginator(ListOrganizationalUnitsForParentRequest.builder()
.applyMutation(listOrganizationalUnitsForParentRequest).build());
}
/**
*
* Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or
* account. This operation, along with ListChildren enables you to traverse the tree structure that makes up
* this root.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* In the current release, a child can have only a single parent.
*
*
*
* @param listParentsRequest
* @return Result of the ListParents operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ChildNotFoundException
* We can't find an organizational unit (OU) or AWS account with the ChildId that you
* specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListParents
* @see AWS API
* Documentation
*/
default ListParentsResponse listParents(ListParentsRequest listParentsRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ChildNotFoundException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or
* account. This operation, along with ListChildren enables you to traverse the tree structure that makes up
* this root.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* In the current release, a child can have only a single parent.
*
*
*
* This is a convenience which creates an instance of the {@link ListParentsRequest.Builder} avoiding the need to
* create one manually via {@link ListParentsRequest#builder()}
*
*
* @param listParentsRequest
* A {@link Consumer} that will call methods on {@link ListParentsRequest.Builder} to create a request.
* @return Result of the ListParents operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ChildNotFoundException
* We can't find an organizational unit (OU) or AWS account with the ChildId that you
* specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListParents
* @see AWS API
* Documentation
*/
default ListParentsResponse listParents(Consumer listParentsRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ChildNotFoundException, InvalidInputException,
ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listParents(ListParentsRequest.builder().applyMutation(listParentsRequest).build());
}
/**
*
* Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or
* account. This operation, along with ListChildren enables you to traverse the tree structure that makes up
* this root.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* In the current release, a child can have only a single parent.
*
*
*
* This is a variant of {@link #listParents(software.amazon.awssdk.services.organizations.model.ListParentsRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListParentsIterable responses = client.listParentsPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListParentsIterable responses = client.listParentsPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListParentsResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListParentsIterable responses = client.listParentsPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listParents(software.amazon.awssdk.services.organizations.model.ListParentsRequest)} operation.
*
*
* @param listParentsRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ChildNotFoundException
* We can't find an organizational unit (OU) or AWS account with the ChildId that you
* specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListParents
* @see AWS API
* Documentation
*/
default ListParentsIterable listParentsPaginator(ListParentsRequest listParentsRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ChildNotFoundException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or
* account. This operation, along with ListChildren enables you to traverse the tree structure that makes up
* this root.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* In the current release, a child can have only a single parent.
*
*
*
* This is a variant of {@link #listParents(software.amazon.awssdk.services.organizations.model.ListParentsRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListParentsIterable responses = client.listParentsPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListParentsIterable responses = client.listParentsPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListParentsResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListParentsIterable responses = client.listParentsPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listParents(software.amazon.awssdk.services.organizations.model.ListParentsRequest)} operation.
*
*
* This is a convenience which creates an instance of the {@link ListParentsRequest.Builder} avoiding the need to
* create one manually via {@link ListParentsRequest#builder()}
*
*
* @param listParentsRequest
* A {@link Consumer} that will call methods on {@link ListParentsRequest.Builder} to create a request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ChildNotFoundException
* We can't find an organizational unit (OU) or AWS account with the ChildId that you
* specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListParents
* @see AWS API
* Documentation
*/
default ListParentsIterable listParentsPaginator(Consumer listParentsRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ChildNotFoundException, InvalidInputException,
ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listParentsPaginator(ListParentsRequest.builder().applyMutation(listParentsRequest).build());
}
/**
*
* Retrieves the list of all policies in an organization of a specified type.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param listPoliciesRequest
* @return Result of the ListPolicies operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListPolicies
* @see AWS
* API Documentation
*/
default ListPoliciesResponse listPolicies(ListPoliciesRequest listPoliciesRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Retrieves the list of all policies in an organization of a specified type.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link ListPoliciesRequest.Builder} avoiding the need to
* create one manually via {@link ListPoliciesRequest#builder()}
*
*
* @param listPoliciesRequest
* A {@link Consumer} that will call methods on {@link ListPoliciesRequest.Builder} to create a request.
* @return Result of the ListPolicies operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListPolicies
* @see AWS
* API Documentation
*/
default ListPoliciesResponse listPolicies(Consumer listPoliciesRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException,
TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
return listPolicies(ListPoliciesRequest.builder().applyMutation(listPoliciesRequest).build());
}
/**
*
* Retrieves the list of all policies in an organization of a specified type.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listPolicies(software.amazon.awssdk.services.organizations.model.ListPoliciesRequest)} operation. The
* return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle
* making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListPoliciesIterable responses = client.listPoliciesPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListPoliciesIterable responses = client
* .listPoliciesPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListPoliciesResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListPoliciesIterable responses = client.listPoliciesPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listPolicies(software.amazon.awssdk.services.organizations.model.ListPoliciesRequest)} operation.
*
*
* @param listPoliciesRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListPolicies
* @see AWS
* API Documentation
*/
default ListPoliciesIterable listPoliciesPaginator(ListPoliciesRequest listPoliciesRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException,
UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Retrieves the list of all policies in an organization of a specified type.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listPolicies(software.amazon.awssdk.services.organizations.model.ListPoliciesRequest)} operation. The
* return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle
* making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListPoliciesIterable responses = client.listPoliciesPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListPoliciesIterable responses = client
* .listPoliciesPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListPoliciesResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListPoliciesIterable responses = client.listPoliciesPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listPolicies(software.amazon.awssdk.services.organizations.model.ListPoliciesRequest)} operation.
*
*
* This is a convenience which creates an instance of the {@link ListPoliciesRequest.Builder} avoiding the need to
* create one manually via {@link ListPoliciesRequest#builder()}
*
*
* @param listPoliciesRequest
* A {@link Consumer} that will call methods on {@link ListPoliciesRequest.Builder} to create a request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListPolicies
* @see AWS
* API Documentation
*/
default ListPoliciesIterable listPoliciesPaginator(Consumer listPoliciesRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException,
TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
return listPoliciesPaginator(ListPoliciesRequest.builder().applyMutation(listPoliciesRequest).build());
}
/**
*
* Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account.
* You must specify the policy type that you want included in the returned list.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param listPoliciesForTargetRequest
* @return Result of the ListPoliciesForTarget operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListPoliciesForTarget
* @see AWS API Documentation
*/
default ListPoliciesForTargetResponse listPoliciesForTarget(ListPoliciesForTargetRequest listPoliciesForTargetRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException,
TargetNotFoundException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException,
SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account.
* You must specify the policy type that you want included in the returned list.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link ListPoliciesForTargetRequest.Builder} avoiding the
* need to create one manually via {@link ListPoliciesForTargetRequest#builder()}
*
*
* @param listPoliciesForTargetRequest
* A {@link Consumer} that will call methods on {@link ListPoliciesForTargetRequest.Builder} to create a
* request.
* @return Result of the ListPoliciesForTarget operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListPoliciesForTarget
* @see AWS API Documentation
*/
default ListPoliciesForTargetResponse listPoliciesForTarget(
Consumer listPoliciesForTargetRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TargetNotFoundException,
TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
return listPoliciesForTarget(ListPoliciesForTargetRequest.builder().applyMutation(listPoliciesForTargetRequest).build());
}
/**
*
* Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account.
* You must specify the policy type that you want included in the returned list.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listPoliciesForTarget(software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListPoliciesForTargetIterable responses = client.listPoliciesForTargetPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListPoliciesForTargetIterable responses = client
* .listPoliciesForTargetPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListPoliciesForTargetIterable responses = client.listPoliciesForTargetPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listPoliciesForTarget(software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetRequest)}
* operation.
*
*
* @param listPoliciesForTargetRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListPoliciesForTarget
* @see AWS API Documentation
*/
default ListPoliciesForTargetIterable listPoliciesForTargetPaginator(ListPoliciesForTargetRequest listPoliciesForTargetRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException,
TargetNotFoundException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException,
SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account.
* You must specify the policy type that you want included in the returned list.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listPoliciesForTarget(software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListPoliciesForTargetIterable responses = client.listPoliciesForTargetPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListPoliciesForTargetIterable responses = client
* .listPoliciesForTargetPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListPoliciesForTargetIterable responses = client.listPoliciesForTargetPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listPoliciesForTarget(software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetRequest)}
* operation.
*
*
* This is a convenience which creates an instance of the {@link ListPoliciesForTargetRequest.Builder} avoiding the
* need to create one manually via {@link ListPoliciesForTargetRequest#builder()}
*
*
* @param listPoliciesForTargetRequest
* A {@link Consumer} that will call methods on {@link ListPoliciesForTargetRequest.Builder} to create a
* request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListPoliciesForTarget
* @see AWS API Documentation
*/
default ListPoliciesForTargetIterable listPoliciesForTargetPaginator(
Consumer listPoliciesForTargetRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TargetNotFoundException,
TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
return listPoliciesForTargetPaginator(ListPoliciesForTargetRequest.builder().applyMutation(listPoliciesForTargetRequest)
.build());
}
/**
*
* Lists the roots that are defined in the current organization.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* Policy types can be enabled and disabled in roots. This is distinct from whether they're available in the
* organization. When you enable all features, you make policy types available for use in that organization.
* Individual policy types can then be enabled and disabled in a root. To see the availability of a policy type in
* an organization, use DescribeOrganization.
*
*
*
* @return Result of the ListRoots operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListRoots
* @see #listRoots(ListRootsRequest)
* @see AWS API
* Documentation
*/
default ListRootsResponse listRoots() throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException,
ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listRoots(ListRootsRequest.builder().build());
}
/**
*
* Lists the roots that are defined in the current organization.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* Policy types can be enabled and disabled in roots. This is distinct from whether they're available in the
* organization. When you enable all features, you make policy types available for use in that organization.
* Individual policy types can then be enabled and disabled in a root. To see the availability of a policy type in
* an organization, use DescribeOrganization.
*
*
*
* @param listRootsRequest
* @return Result of the ListRoots operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListRoots
* @see AWS API
* Documentation
*/
default ListRootsResponse listRoots(ListRootsRequest listRootsRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the roots that are defined in the current organization.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* Policy types can be enabled and disabled in roots. This is distinct from whether they're available in the
* organization. When you enable all features, you make policy types available for use in that organization.
* Individual policy types can then be enabled and disabled in a root. To see the availability of a policy type in
* an organization, use DescribeOrganization.
*
*
*
* This is a convenience which creates an instance of the {@link ListRootsRequest.Builder} avoiding the need to
* create one manually via {@link ListRootsRequest#builder()}
*
*
* @param listRootsRequest
* A {@link Consumer} that will call methods on {@link ListRootsRequest.Builder} to create a request.
* @return Result of the ListRoots operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListRoots
* @see AWS API
* Documentation
*/
default ListRootsResponse listRoots(Consumer listRootsRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
return listRoots(ListRootsRequest.builder().applyMutation(listRootsRequest).build());
}
/**
*
* Lists the roots that are defined in the current organization.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* Policy types can be enabled and disabled in roots. This is distinct from whether they're available in the
* organization. When you enable all features, you make policy types available for use in that organization.
* Individual policy types can then be enabled and disabled in a root. To see the availability of a policy type in
* an organization, use DescribeOrganization.
*
*
*
* This is a variant of {@link #listRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListRootsResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)} operation.
*
*
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListRoots
* @see #listRootsPaginator(ListRootsRequest)
* @see AWS API
* Documentation
*/
default ListRootsIterable listRootsPaginator() throws AccessDeniedException, AwsOrganizationsNotInUseException,
InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException,
OrganizationsException {
return listRootsPaginator(ListRootsRequest.builder().build());
}
/**
*
* Lists the roots that are defined in the current organization.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* Policy types can be enabled and disabled in roots. This is distinct from whether they're available in the
* organization. When you enable all features, you make policy types available for use in that organization.
* Individual policy types can then be enabled and disabled in a root. To see the availability of a policy type in
* an organization, use DescribeOrganization.
*
*
*
* This is a variant of {@link #listRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListRootsResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)} operation.
*
*
* @param listRootsRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListRoots
* @see AWS API
* Documentation
*/
default ListRootsIterable listRootsPaginator(ListRootsRequest listRootsRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the roots that are defined in the current organization.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* Policy types can be enabled and disabled in roots. This is distinct from whether they're available in the
* organization. When you enable all features, you make policy types available for use in that organization.
* Individual policy types can then be enabled and disabled in a root. To see the availability of a policy type in
* an organization, use DescribeOrganization.
*
*
*
* This is a variant of {@link #listRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListRootsResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)} operation.
*
*
* This is a convenience which creates an instance of the {@link ListRootsRequest.Builder} avoiding the need to
* create one manually via {@link ListRootsRequest#builder()}
*
*
* @param listRootsRequest
* A {@link Consumer} that will call methods on {@link ListRootsRequest.Builder} to create a request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListRoots
* @see AWS API
* Documentation
*/
default ListRootsIterable listRootsPaginator(Consumer listRootsRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listRootsPaginator(ListRootsRequest.builder().applyMutation(listRootsRequest).build());
}
/**
*
* Lists tags that are attached to the specified resource.
*
*
* You can attach tags to the following resources in AWS Organizations.
*
*
* -
*
* AWS account
*
*
* -
*
* Organization root
*
*
* -
*
* Organizational unit (OU)
*
*
* -
*
* Policy (any type)
*
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param listTagsForResourceRequest
* @return Result of the ListTagsForResource operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListTagsForResource
* @see AWS API Documentation
*/
default ListTagsForResourceResponse listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, TargetNotFoundException, InvalidInputException,
ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists tags that are attached to the specified resource.
*
*
* You can attach tags to the following resources in AWS Organizations.
*
*
* -
*
* AWS account
*
*
* -
*
* Organization root
*
*
* -
*
* Organizational unit (OU)
*
*
* -
*
* Policy (any type)
*
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link ListTagsForResourceRequest.Builder} avoiding the
* need to create one manually via {@link ListTagsForResourceRequest#builder()}
*
*
* @param listTagsForResourceRequest
* A {@link Consumer} that will call methods on {@link ListTagsForResourceRequest.Builder} to create a
* request.
* @return Result of the ListTagsForResource operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListTagsForResource
* @see AWS API Documentation
*/
default ListTagsForResourceResponse listTagsForResource(
Consumer listTagsForResourceRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, TargetNotFoundException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listTagsForResource(ListTagsForResourceRequest.builder().applyMutation(listTagsForResourceRequest).build());
}
/**
*
* Lists tags that are attached to the specified resource.
*
*
* You can attach tags to the following resources in AWS Organizations.
*
*
* -
*
* AWS account
*
*
* -
*
* Organization root
*
*
* -
*
* Organizational unit (OU)
*
*
* -
*
* Policy (any type)
*
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listTagsForResource(software.amazon.awssdk.services.organizations.model.ListTagsForResourceRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListTagsForResourceIterable responses = client.listTagsForResourcePaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListTagsForResourceIterable responses = client
* .listTagsForResourcePaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListTagsForResourceResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListTagsForResourceIterable responses = client.listTagsForResourcePaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of null won't limit the number of results you get with the paginator. It
* only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listTagsForResource(software.amazon.awssdk.services.organizations.model.ListTagsForResourceRequest)}
* operation.
*
*
* @param listTagsForResourceRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListTagsForResource
* @see AWS API Documentation
*/
default ListTagsForResourceIterable listTagsForResourcePaginator(ListTagsForResourceRequest listTagsForResourceRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, TargetNotFoundException, InvalidInputException,
ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists tags that are attached to the specified resource.
*
*
* You can attach tags to the following resources in AWS Organizations.
*
*
* -
*
* AWS account
*
*
* -
*
* Organization root
*
*
* -
*
* Organizational unit (OU)
*
*
* -
*
* Policy (any type)
*
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listTagsForResource(software.amazon.awssdk.services.organizations.model.ListTagsForResourceRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListTagsForResourceIterable responses = client.listTagsForResourcePaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListTagsForResourceIterable responses = client
* .listTagsForResourcePaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListTagsForResourceResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListTagsForResourceIterable responses = client.listTagsForResourcePaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of null won't limit the number of results you get with the paginator. It
* only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listTagsForResource(software.amazon.awssdk.services.organizations.model.ListTagsForResourceRequest)}
* operation.
*
*
* This is a convenience which creates an instance of the {@link ListTagsForResourceRequest.Builder} avoiding the
* need to create one manually via {@link ListTagsForResourceRequest#builder()}
*
*
* @param listTagsForResourceRequest
* A {@link Consumer} that will call methods on {@link ListTagsForResourceRequest.Builder} to create a
* request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListTagsForResource
* @see AWS API Documentation
*/
default ListTagsForResourceIterable listTagsForResourcePaginator(
Consumer listTagsForResourceRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, TargetNotFoundException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return listTagsForResourcePaginator(ListTagsForResourceRequest.builder().applyMutation(listTagsForResourceRequest)
.build());
}
/**
*
* Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
* @param listTargetsForPolicyRequest
* @return Result of the ListTargetsForPolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListTargetsForPolicy
* @see AWS API Documentation
*/
default ListTargetsForPolicyResponse listTargetsForPolicy(ListTargetsForPolicyRequest listTargetsForPolicyRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, PolicyNotFoundException,
ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a convenience which creates an instance of the {@link ListTargetsForPolicyRequest.Builder} avoiding the
* need to create one manually via {@link ListTargetsForPolicyRequest#builder()}
*
*
* @param listTargetsForPolicyRequest
* A {@link Consumer} that will call methods on {@link ListTargetsForPolicyRequest.Builder} to create a
* request.
* @return Result of the ListTargetsForPolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListTargetsForPolicy
* @see AWS API Documentation
*/
default ListTargetsForPolicyResponse listTargetsForPolicy(
Consumer listTargetsForPolicyRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, PolicyNotFoundException, ServiceException,
TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
return listTargetsForPolicy(ListTargetsForPolicyRequest.builder().applyMutation(listTargetsForPolicyRequest).build());
}
/**
*
* Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listTargetsForPolicy(software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListTargetsForPolicyIterable responses = client.listTargetsForPolicyPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListTargetsForPolicyIterable responses = client
* .listTargetsForPolicyPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListTargetsForPolicyIterable responses = client.listTargetsForPolicyPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listTargetsForPolicy(software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyRequest)}
* operation.
*
*
* @param listTargetsForPolicyRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListTargetsForPolicy
* @see AWS API Documentation
*/
default ListTargetsForPolicyIterable listTargetsForPolicyPaginator(ListTargetsForPolicyRequest listTargetsForPolicyRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, PolicyNotFoundException,
ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to.
*
*
*
* Always check the NextToken response parameter for a null value when calling a
* List* operation. These operations can occasionally return an empty set of results even when there
* are more results available. The NextToken response parameter value is null only
* when there are no more results to display.
*
*
*
* This operation can be called only from the organization's management account or by a member account that is a
* delegated administrator for an AWS service.
*
*
*
* This is a variant of
* {@link #listTargetsForPolicy(software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListTargetsForPolicyIterable responses = client.listTargetsForPolicyPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.organizations.paginators.ListTargetsForPolicyIterable responses = client
* .listTargetsForPolicyPaginator(request);
* for (software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.organizations.paginators.ListTargetsForPolicyIterable responses = client.listTargetsForPolicyPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listTargetsForPolicy(software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyRequest)}
* operation.
*
*
* This is a convenience which creates an instance of the {@link ListTargetsForPolicyRequest.Builder} avoiding the
* need to create one manually via {@link ListTargetsForPolicyRequest#builder()}
*
*
* @param listTargetsForPolicyRequest
* A {@link Consumer} that will call methods on {@link ListTargetsForPolicyRequest.Builder} to create a
* request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.ListTargetsForPolicy
* @see AWS API Documentation
*/
default ListTargetsForPolicyIterable listTargetsForPolicyPaginator(
Consumer listTargetsForPolicyRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, InvalidInputException, PolicyNotFoundException, ServiceException,
TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException,
OrganizationsException {
return listTargetsForPolicyPaginator(ListTargetsForPolicyRequest.builder().applyMutation(listTargetsForPolicyRequest)
.build());
}
/**
*
* Moves an account from its current source parent root or organizational unit (OU) to the specified destination
* parent root or OU.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param moveAccountRequest
* @return Result of the MoveAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws SourceParentNotFoundException
* We can't find a source root or OU with the ParentId that you specified.
* @throws DestinationParentNotFoundException
* We can't find the destination container (a root or OU) with the ParentId that you specified.
* @throws DuplicateAccountException
* That account is already present in the specified destination.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.MoveAccount
* @see AWS API
* Documentation
*/
default MoveAccountResponse moveAccount(MoveAccountRequest moveAccountRequest) throws AccessDeniedException,
InvalidInputException, SourceParentNotFoundException, DestinationParentNotFoundException, DuplicateAccountException,
AccountNotFoundException, TooManyRequestsException, ConcurrentModificationException,
AwsOrganizationsNotInUseException, ServiceException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Moves an account from its current source parent root or organizational unit (OU) to the specified destination
* parent root or OU.
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link MoveAccountRequest.Builder} avoiding the need to
* create one manually via {@link MoveAccountRequest#builder()}
*
*
* @param moveAccountRequest
* A {@link Consumer} that will call methods on {@link MoveAccountRequest.Builder} to create a request.
* @return Result of the MoveAccount operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws SourceParentNotFoundException
* We can't find a source root or OU with the ParentId that you specified.
* @throws DestinationParentNotFoundException
* We can't find the destination container (a root or OU) with the ParentId that you specified.
* @throws DuplicateAccountException
* That account is already present in the specified destination.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.MoveAccount
* @see AWS API
* Documentation
*/
default MoveAccountResponse moveAccount(Consumer moveAccountRequest)
throws AccessDeniedException, InvalidInputException, SourceParentNotFoundException,
DestinationParentNotFoundException, DuplicateAccountException, AccountNotFoundException, TooManyRequestsException,
ConcurrentModificationException, AwsOrganizationsNotInUseException, ServiceException, AwsServiceException,
SdkClientException, OrganizationsException {
return moveAccount(MoveAccountRequest.builder().applyMutation(moveAccountRequest).build());
}
/**
*
* Enables the specified member account to administer the Organizations features of the specified AWS service. It
* grants read-only access to AWS Organizations service data. The account still requires IAM permissions to access
* and administer the AWS service.
*
*
* You can run this action only for AWS services that support this feature. For a current list of services that
* support it, see the column Supports Delegated Administrator in the table at AWS Services
* that you can use with AWS Organizations in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param registerDelegatedAdministratorRequest
* @return Result of the RegisterDelegatedAdministrator operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountAlreadyRegisteredException
* The specified account is already a delegated administrator for this AWS service.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.RegisterDelegatedAdministrator
* @see AWS API Documentation
*/
default RegisterDelegatedAdministratorResponse registerDelegatedAdministrator(
RegisterDelegatedAdministratorRequest registerDelegatedAdministratorRequest) throws AccessDeniedException,
AccountAlreadyRegisteredException, AccountNotFoundException, AwsOrganizationsNotInUseException,
ConcurrentModificationException, ConstraintViolationException, InvalidInputException, TooManyRequestsException,
ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Enables the specified member account to administer the Organizations features of the specified AWS service. It
* grants read-only access to AWS Organizations service data. The account still requires IAM permissions to access
* and administer the AWS service.
*
*
* You can run this action only for AWS services that support this feature. For a current list of services that
* support it, see the column Supports Delegated Administrator in the table at AWS Services
* that you can use with AWS Organizations in the AWS Organizations User Guide.
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link RegisterDelegatedAdministratorRequest.Builder}
* avoiding the need to create one manually via {@link RegisterDelegatedAdministratorRequest#builder()}
*
*
* @param registerDelegatedAdministratorRequest
* A {@link Consumer} that will call methods on {@link RegisterDelegatedAdministratorRequest.Builder} to
* create a request.
* @return Result of the RegisterDelegatedAdministrator operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountAlreadyRegisteredException
* The specified account is already a delegated administrator for this AWS service.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.RegisterDelegatedAdministrator
* @see AWS API Documentation
*/
default RegisterDelegatedAdministratorResponse registerDelegatedAdministrator(
Consumer registerDelegatedAdministratorRequest)
throws AccessDeniedException, AccountAlreadyRegisteredException, AccountNotFoundException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException,
InvalidInputException, TooManyRequestsException, ServiceException, UnsupportedApiEndpointException,
AwsServiceException, SdkClientException, OrganizationsException {
return registerDelegatedAdministrator(RegisterDelegatedAdministratorRequest.builder()
.applyMutation(registerDelegatedAdministratorRequest).build());
}
/**
*
* Removes the specified account from the organization.
*
*
* The removed account becomes a standalone account that isn't a member of any organization. It's no longer subject
* to any policies and is responsible for its own bill payments. The organization's management account is no longer
* charged for any expenses accrued by the member account after it's removed from the organization.
*
*
* This operation can be called only from the organization's management account. Member accounts can remove
* themselves with LeaveOrganization instead.
*
*
*
* -
*
* You can remove an account from your organization only if the account is configured with the information required
* to operate as a standalone account. When you create an account in an organization using the AWS Organizations
* console, API, or CLI commands, the information required of standalone accounts is not automatically
* collected. For an account that you want to make standalone, you must choose a support plan, provide and verify
* the required contact information, and provide a current payment method. AWS uses the payment method to charge for
* any billable (not free tier) AWS activity that occurs while the account isn't attached to an organization. To
* remove an account that doesn't yet have this information, you must sign in as the member account and follow the
* steps at To leave an organization when all required account information has not yet been provided in the AWS
* Organizations User Guide.
*
*
* -
*
* The account that you want to leave must not be a delegated administrator account for any AWS service enabled for
* your organization. If the account is a delegated administrator, you must first change the delegated administrator
* account to another account that is remaining in the organization.
*
*
* -
*
* After the account leaves the organization, all tags that were attached to the account object in the organization
* are deleted. AWS accounts outside of an organization do not support tags.
*
*
*
*
*
* @param removeAccountFromOrganizationRequest
* @return Result of the RemoveAccountFromOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws MasterCannotLeaveOrganizationException
* You can't remove a management account from an organization. If you want the management account to become
* a member account in another organization, you must first delete the current organization of the
* management account.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.RemoveAccountFromOrganization
* @see AWS API Documentation
*/
default RemoveAccountFromOrganizationResponse removeAccountFromOrganization(
RemoveAccountFromOrganizationRequest removeAccountFromOrganizationRequest) throws AccessDeniedException,
AccountNotFoundException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
ConstraintViolationException, InvalidInputException, MasterCannotLeaveOrganizationException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Removes the specified account from the organization.
*
*
* The removed account becomes a standalone account that isn't a member of any organization. It's no longer subject
* to any policies and is responsible for its own bill payments. The organization's management account is no longer
* charged for any expenses accrued by the member account after it's removed from the organization.
*
*
* This operation can be called only from the organization's management account. Member accounts can remove
* themselves with LeaveOrganization instead.
*
*
*
* -
*
* You can remove an account from your organization only if the account is configured with the information required
* to operate as a standalone account. When you create an account in an organization using the AWS Organizations
* console, API, or CLI commands, the information required of standalone accounts is not automatically
* collected. For an account that you want to make standalone, you must choose a support plan, provide and verify
* the required contact information, and provide a current payment method. AWS uses the payment method to charge for
* any billable (not free tier) AWS activity that occurs while the account isn't attached to an organization. To
* remove an account that doesn't yet have this information, you must sign in as the member account and follow the
* steps at To leave an organization when all required account information has not yet been provided in the AWS
* Organizations User Guide.
*
*
* -
*
* The account that you want to leave must not be a delegated administrator account for any AWS service enabled for
* your organization. If the account is a delegated administrator, you must first change the delegated administrator
* account to another account that is remaining in the organization.
*
*
* -
*
* After the account leaves the organization, all tags that were attached to the account object in the organization
* are deleted. AWS accounts outside of an organization do not support tags.
*
*
*
*
*
* This is a convenience which creates an instance of the {@link RemoveAccountFromOrganizationRequest.Builder}
* avoiding the need to create one manually via {@link RemoveAccountFromOrganizationRequest#builder()}
*
*
* @param removeAccountFromOrganizationRequest
* A {@link Consumer} that will call methods on {@link RemoveAccountFromOrganizationRequest.Builder} to
* create a request.
* @return Result of the RemoveAccountFromOrganization operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AccountNotFoundException
* We can't find an AWS account with the AccountId that you specified, or the account whose
* credentials you used to make this request isn't a member of an organization.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws MasterCannotLeaveOrganizationException
* You can't remove a management account from an organization. If you want the management account to become
* a member account in another organization, you must first delete the current organization of the
* management account.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.RemoveAccountFromOrganization
* @see AWS API Documentation
*/
default RemoveAccountFromOrganizationResponse removeAccountFromOrganization(
Consumer removeAccountFromOrganizationRequest)
throws AccessDeniedException, AccountNotFoundException, AwsOrganizationsNotInUseException,
ConcurrentModificationException, ConstraintViolationException, InvalidInputException,
MasterCannotLeaveOrganizationException, ServiceException, TooManyRequestsException, AwsServiceException,
SdkClientException, OrganizationsException {
return removeAccountFromOrganization(RemoveAccountFromOrganizationRequest.builder()
.applyMutation(removeAccountFromOrganizationRequest).build());
}
/**
*
* Adds one or more tags to the specified resource.
*
*
* Currently, you can attach tags to the following resources in AWS Organizations.
*
*
* -
*
* AWS account
*
*
* -
*
* Organization root
*
*
* -
*
* Organizational unit (OU)
*
*
* -
*
* Policy (any type)
*
*
*
*
* This operation can be called only from the organization's management account.
*
*
* @param tagResourceRequest
* @return Result of the TagResource operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.TagResource
* @see AWS API
* Documentation
*/
default TagResourceResponse tagResource(TagResourceRequest tagResourceRequest) throws AccessDeniedException,
ConcurrentModificationException, AwsOrganizationsNotInUseException, TargetNotFoundException,
ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException,
SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Adds one or more tags to the specified resource.
*
*
* Currently, you can attach tags to the following resources in AWS Organizations.
*
*
* -
*
* AWS account
*
*
* -
*
* Organization root
*
*
* -
*
* Organizational unit (OU)
*
*
* -
*
* Policy (any type)
*
*
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link TagResourceRequest.Builder} avoiding the need to
* create one manually via {@link TagResourceRequest#builder()}
*
*
* @param tagResourceRequest
* A {@link Consumer} that will call methods on {@link TagResourceRequest.Builder} to create a request.
* @return Result of the TagResource operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.TagResource
* @see AWS API
* Documentation
*/
default TagResourceResponse tagResource(Consumer tagResourceRequest)
throws AccessDeniedException, ConcurrentModificationException, AwsOrganizationsNotInUseException,
TargetNotFoundException, ConstraintViolationException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return tagResource(TagResourceRequest.builder().applyMutation(tagResourceRequest).build());
}
/**
*
* Removes any tags with the specified keys from the specified resource.
*
*
* You can attach tags to the following resources in AWS Organizations.
*
*
* -
*
* AWS account
*
*
* -
*
* Organization root
*
*
* -
*
* Organizational unit (OU)
*
*
* -
*
* Policy (any type)
*
*
*
*
* This operation can be called only from the organization's management account.
*
*
* @param untagResourceRequest
* @return Result of the UntagResource operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.UntagResource
* @see AWS
* API Documentation
*/
default UntagResourceResponse untagResource(UntagResourceRequest untagResourceRequest) throws AccessDeniedException,
ConcurrentModificationException, AwsOrganizationsNotInUseException, TargetNotFoundException,
ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException,
SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Removes any tags with the specified keys from the specified resource.
*
*
* You can attach tags to the following resources in AWS Organizations.
*
*
* -
*
* AWS account
*
*
* -
*
* Organization root
*
*
* -
*
* Organizational unit (OU)
*
*
* -
*
* Policy (any type)
*
*
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link UntagResourceRequest.Builder} avoiding the need to
* create one manually via {@link UntagResourceRequest#builder()}
*
*
* @param untagResourceRequest
* A {@link Consumer} that will call methods on {@link UntagResourceRequest.Builder} to create a request.
* @return Result of the UntagResource operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws TargetNotFoundException
* We can't find a root, OU, account, or policy with the TargetId that you specified.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.UntagResource
* @see AWS
* API Documentation
*/
default UntagResourceResponse untagResource(Consumer untagResourceRequest)
throws AccessDeniedException, ConcurrentModificationException, AwsOrganizationsNotInUseException,
TargetNotFoundException, ConstraintViolationException, InvalidInputException, ServiceException,
TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException {
return untagResource(UntagResourceRequest.builder().applyMutation(untagResourceRequest).build());
}
/**
*
* Renames the specified organizational unit (OU). The ID and ARN don't change. The child OUs and accounts remain in
* place, and any attached policies of the OU remain attached.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param updateOrganizationalUnitRequest
* @return Result of the UpdateOrganizationalUnit operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws DuplicateOrganizationalUnitException
* An OU with the same name already exists.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws OrganizationalUnitNotFoundException
* We can't find an OU with the OrganizationalUnitId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.UpdateOrganizationalUnit
* @see AWS API Documentation
*/
default UpdateOrganizationalUnitResponse updateOrganizationalUnit(
UpdateOrganizationalUnitRequest updateOrganizationalUnitRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, DuplicateOrganizationalUnitException,
InvalidInputException, OrganizationalUnitNotFoundException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Renames the specified organizational unit (OU). The ID and ARN don't change. The child OUs and accounts remain in
* place, and any attached policies of the OU remain attached.
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link UpdateOrganizationalUnitRequest.Builder} avoiding
* the need to create one manually via {@link UpdateOrganizationalUnitRequest#builder()}
*
*
* @param updateOrganizationalUnitRequest
* A {@link Consumer} that will call methods on {@link UpdateOrganizationalUnitRequest.Builder} to create a
* request.
* @return Result of the UpdateOrganizationalUnit operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws DuplicateOrganizationalUnitException
* An OU with the same name already exists.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws OrganizationalUnitNotFoundException
* We can't find an OU with the OrganizationalUnitId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.UpdateOrganizationalUnit
* @see AWS API Documentation
*/
default UpdateOrganizationalUnitResponse updateOrganizationalUnit(
Consumer updateOrganizationalUnitRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, DuplicateOrganizationalUnitException,
InvalidInputException, OrganizationalUnitNotFoundException, ServiceException, TooManyRequestsException,
AwsServiceException, SdkClientException, OrganizationsException {
return updateOrganizationalUnit(UpdateOrganizationalUnitRequest.builder().applyMutation(updateOrganizationalUnitRequest)
.build());
}
/**
*
* Updates an existing policy with a new name, description, or content. If you don't supply any parameter, that
* value remains unchanged. You can't change a policy's type.
*
*
* This operation can be called only from the organization's management account.
*
*
* @param updatePolicyRequest
* @return Result of the UpdatePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws DuplicatePolicyException
* A policy with the same name already exists.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws MalformedPolicyDocumentException
* The provided policy document doesn't meet the requirements of the specified policy type. For example, the
* syntax might be incorrect. For details about service control policy syntax, see Service
* Control Policy Syntax in the AWS Organizations User Guide.
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.UpdatePolicy
* @see AWS
* API Documentation
*/
default UpdatePolicyResponse updatePolicy(UpdatePolicyRequest updatePolicyRequest) throws AccessDeniedException,
AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException,
DuplicatePolicyException, InvalidInputException, MalformedPolicyDocumentException, PolicyNotFoundException,
ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, PolicyChangesInProgressException,
AwsServiceException, SdkClientException, OrganizationsException {
throw new UnsupportedOperationException();
}
/**
*
* Updates an existing policy with a new name, description, or content. If you don't supply any parameter, that
* value remains unchanged. You can't change a policy's type.
*
*
* This operation can be called only from the organization's management account.
*
*
*
* This is a convenience which creates an instance of the {@link UpdatePolicyRequest.Builder} avoiding the need to
* create one manually via {@link UpdatePolicyRequest#builder()}
*
*
* @param updatePolicyRequest
* A {@link Consumer} that will call methods on {@link UpdatePolicyRequest.Builder} to create a request.
* @return Result of the UpdatePolicy operation returned by the service.
* @throws AccessDeniedException
* You don't have permissions to perform the requested operation. The user or role that is making the
* request must have at least one IAM permissions policy attached that grants the required permissions. For
* more information, see Access
* Management in the IAM User Guide.
* @throws AwsOrganizationsNotInUseException
* Your account isn't a member of an organization. To make this request, you must use the credentials of an
* account that belongs to an organization.
* @throws ConcurrentModificationException
* The target of the operation is currently being modified by a different request. Try again later.
* @throws ConstraintViolationException
* Performing this operation violates a minimum or maximum value limit. For example, attempting to remove
* the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the
* organization, or attaching too many policies to an account, OU, or root. This exception includes a reason
* that contains additional information about the violated limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization.
* You can't remove the management account. Instead, after you remove all member accounts, delete the
* organization itself.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that doesn't
* yet have enough information to exist as a standalone account. This account requires you to first agree to
* the AWS Customer Agreement. Follow the steps at Removing a member account from your organizationin the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization
* that doesn't yet have enough information to exist as a standalone account. This account requires you to
* first complete phone verification. Follow the steps at Removing a member account from your organization in the AWS Organizations User Guide.
*
*
* -
*
* ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create
* in one day.
*
*
* -
*
* ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an
* organization. If you need more accounts, contact AWS Support to request an increase in your
* limit.
*
*
* Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in
* your organization. Send fewer invitations or contact AWS Support to request an increase in the number of
* accounts.
*
*
*
* Deleted and closed accounts still count toward your limit.
*
*
*
* If you get this exception when running a command immediately after creating the organization, wait one
* hour and try again. After an hour, if the command continues to fail with this error, contact AWS Support.
*
*
* -
*
* CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of
* the organization as a delegated administrator for an AWS service integrated with Organizations. You can
* designate only a member account as a delegated administrator.
*
*
* -
*
* CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as
* a delegated administrator for a service integrated with your organization. To complete this operation,
* you must first deregister this account as a delegated administrator.
*
*
* -
*
* CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified
* region, you must enable all features mode.
*
*
* -
*
* DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an AWS account as a delegated
* administrator for an AWS service that already has a delegated administrator. To complete this operation,
* you must first deregister any existing delegated administrators for this service.
*
*
* -
*
* EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time.
* You must resubmit the request and generate a new verfication code.
*
*
* -
*
* HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one
* day.
*
*
* -
*
* MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first
* must migrate the organization's management account to the marketplace that corresponds to the management
* account's address. For example, accounts with India addresses must be associated with the AISPL
* marketplace. All accounts in an organization must be associated with the same marketplace.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions in China. To create an
* organization, the master must have a valid business license. For more information, contact customer
* support.
*
*
* -
*
* MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact
* address and phone number for the management account. Then try the operation again.
*
*
* -
*
* MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an
* associated account in the AWS GovCloud (US-West) Region. For more information, see AWS
* Organizations in the AWS GovCloud User Guide.
*
*
* -
*
* MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated
* administrators than allowed for the service principal.
*
*
* -
*
* MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain
* type that can be attached to an entity at one time.
*
*
* -
*
* MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
*
*
* -
*
* MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you
* first must associate a valid payment instrument, such as a credit card, with the account. Follow the
* steps at To leave an organization when all required account information has not yet been provided in the
* AWS Organizations User Guide.
*
*
* -
*
* MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would
* cause the entity to have fewer than the minimum number of policies of a certain type required.
*
*
* -
*
* ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the
* organization to be configured to support all features. An organization that supports only consolidated
* billing features can't perform this operation.
*
*
* -
*
* OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
*
*
* -
*
* OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
*
*
* -
*
* POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
*
*
* -
*
* POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an
* organization.
*
*
* -
*
* TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with
* the tag policy requirements for this account.
*
*
* @throws DuplicatePolicyException
* A policy with the same name already exists.
* @throws InvalidInputException
* The requested operation failed because you provided invalid values for one or more of the request
* parameters. This exception includes a reason that contains additional information about the violated
* limit:
*
* Some of the reasons in the following list might not be applicable to this specific API or operation.
*
*
*
* -
*
* DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
*
*
* -
*
* IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
*
*
* -
*
* INPUT_REQUIRED: You must include a value for all required parameters.
*
*
* -
*
* INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
*
*
* -
*
* INVALID_ENUM: You specified an invalid value.
*
*
* -
*
* INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
*
*
* -
*
* INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
*
*
* -
*
* INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
*
*
* -
*
* INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a
* previous call of the operation.
*
*
* -
*
* INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a
* party.
*
*
* -
*
* INVALID_PATTERN: You provided a value that doesn't match the required pattern.
*
*
* -
*
* INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
*
*
* -
*
* INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved
* prefix AWSServiceRoleFor.
*
*
* -
*
* INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the
* organization.
*
*
* -
*
* INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
*
*
* -
*
* INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or
* delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags
* per resource limit.
*
*
* -
*
* MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
*
*
* -
*
* MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
*
*
* -
*
* MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
*
*
* -
*
* MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
*
*
* -
*
* MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
*
*
* -
*
* MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
*
*
* -
*
* TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
*
*
* -
*
* UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
*
*
* @throws MalformedPolicyDocumentException
* The provided policy document doesn't meet the requirements of the specified policy type. For example, the
* syntax might be incorrect. For details about service control policy syntax, see Service
* Control Policy Syntax in the AWS Organizations User Guide.
* @throws PolicyNotFoundException
* We can't find a policy with the PolicyId that you specified.
* @throws ServiceException
* AWS Organizations can't complete your request because of an internal service error. Try again later.
* @throws TooManyRequestsException
* You have sent too many requests in too short a period of time. The quota helps protect against
* denial-of-service attacks. Try again later.
*
* For information about quotas that affect AWS Organizations, see Quotas for
* AWS Organizationsin the AWS Organizations User Guide.
* @throws UnsupportedApiEndpointException
* This action isn't available in the current AWS Region.
* @throws PolicyChangesInProgressException
* Changes to the effective policy are in progress, and its contents can't be returned. Try the operation
* again later.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws OrganizationsException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample OrganizationsClient.UpdatePolicy
* @see AWS
* API Documentation
*/
default UpdatePolicyResponse updatePolicy(Consumer updatePolicyRequest)
throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException,
ConstraintViolationException, DuplicatePolicyException, InvalidInputException, MalformedPolicyDocumentException,
PolicyNotFoundException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException,
PolicyChangesInProgressException, AwsServiceException, SdkClientException, OrganizationsException {
return updatePolicy(UpdatePolicyRequest.builder().applyMutation(updatePolicyRequest).build());
}
static ServiceMetadata serviceMetadata() {
return ServiceMetadata.of(SERVICE_METADATA_ID);
}
}