Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
- Service Configuration
- Errors
- AccountJoinedMethod
- AccountStatus
- ActionType
- ChildType
- CreateAccountFailureReason
- CreateAccountState
- EffectivePolicyType
- HandshakePartyType
- HandshakeResourceType
- HandshakeState
- IAMUserAccessToBilling
- OrganizationFeatureSet
- ParentType
- PolicyType
- PolicyTypeStatus
- TargetType
- Account
- Child
- CreateAccountStatus
- DelegatedAdministrator
- DelegatedService
- EffectivePolicy
- EnabledServicePrincipal
- Handshake
- HandshakeFilter
- HandshakeParty
- HandshakeResource
- Organization
- OrganizationalUnit
- Parent
- Policy
- PolicySummary
- PolicyTargetSummary
- PolicyTypeSummary
- ResourcePolicy
- ResourcePolicySummary
- Root
- Tag
Synopsis
- defaultService :: Service
- _AWSOrganizationsNotInUseException :: AsError a => Fold a ServiceError
- _AccessDeniedException :: AsError a => Fold a ServiceError
- _AccessDeniedForDependencyException :: AsError a => Fold a ServiceError
- _AccountAlreadyClosedException :: AsError a => Fold a ServiceError
- _AccountAlreadyRegisteredException :: AsError a => Fold a ServiceError
- _AccountNotFoundException :: AsError a => Fold a ServiceError
- _AccountNotRegisteredException :: AsError a => Fold a ServiceError
- _AccountOwnerNotVerifiedException :: AsError a => Fold a ServiceError
- _AlreadyInOrganizationException :: AsError a => Fold a ServiceError
- _ChildNotFoundException :: AsError a => Fold a ServiceError
- _ConcurrentModificationException :: AsError a => Fold a ServiceError
- _ConflictException :: AsError a => Fold a ServiceError
- _ConstraintViolationException :: AsError a => Fold a ServiceError
- _CreateAccountStatusNotFoundException :: AsError a => Fold a ServiceError
- _DestinationParentNotFoundException :: AsError a => Fold a ServiceError
- _DuplicateAccountException :: AsError a => Fold a ServiceError
- _DuplicateHandshakeException :: AsError a => Fold a ServiceError
- _DuplicateOrganizationalUnitException :: AsError a => Fold a ServiceError
- _DuplicatePolicyAttachmentException :: AsError a => Fold a ServiceError
- _DuplicatePolicyException :: AsError a => Fold a ServiceError
- _EffectivePolicyNotFoundException :: AsError a => Fold a ServiceError
- _FinalizingOrganizationException :: AsError a => Fold a ServiceError
- _HandshakeAlreadyInStateException :: AsError a => Fold a ServiceError
- _HandshakeConstraintViolationException :: AsError a => Fold a ServiceError
- _HandshakeNotFoundException :: AsError a => Fold a ServiceError
- _InvalidHandshakeTransitionException :: AsError a => Fold a ServiceError
- _InvalidInputException :: AsError a => Fold a ServiceError
- _MalformedPolicyDocumentException :: AsError a => Fold a ServiceError
- _MasterCannotLeaveOrganizationException :: AsError a => Fold a ServiceError
- _OrganizationNotEmptyException :: AsError a => Fold a ServiceError
- _OrganizationalUnitNotEmptyException :: AsError a => Fold a ServiceError
- _OrganizationalUnitNotFoundException :: AsError a => Fold a ServiceError
- _ParentNotFoundException :: AsError a => Fold a ServiceError
- _PolicyChangesInProgressException :: AsError a => Fold a ServiceError
- _PolicyInUseException :: AsError a => Fold a ServiceError
- _PolicyNotAttachedException :: AsError a => Fold a ServiceError
- _PolicyNotFoundException :: AsError a => Fold a ServiceError
- _PolicyTypeAlreadyEnabledException :: AsError a => Fold a ServiceError
- _PolicyTypeNotAvailableForOrganizationException :: AsError a => Fold a ServiceError
- _PolicyTypeNotEnabledException :: AsError a => Fold a ServiceError
- _ResourcePolicyNotFoundException :: AsError a => Fold a ServiceError
- _RootNotFoundException :: AsError a => Fold a ServiceError
- _ServiceException :: AsError a => Fold a ServiceError
- _SourceParentNotFoundException :: AsError a => Fold a ServiceError
- _TargetNotFoundException :: AsError a => Fold a ServiceError
- _TooManyRequestsException :: AsError a => Fold a ServiceError
- _UnsupportedAPIEndpointException :: AsError a => Fold a ServiceError
- newtype AccountJoinedMethod where
- newtype AccountStatus where
- AccountStatus' { }
- pattern AccountStatus_ACTIVE :: AccountStatus
- pattern AccountStatus_PENDING_CLOSURE :: AccountStatus
- pattern AccountStatus_SUSPENDED :: AccountStatus
- newtype ActionType where
- ActionType' { }
- pattern ActionType_ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE :: ActionType
- pattern ActionType_APPROVE_ALL_FEATURES :: ActionType
- pattern ActionType_ENABLE_ALL_FEATURES :: ActionType
- pattern ActionType_INVITE :: ActionType
- newtype ChildType where
- ChildType' { }
- pattern ChildType_ACCOUNT :: ChildType
- pattern ChildType_ORGANIZATIONAL_UNIT :: ChildType
- newtype CreateAccountFailureReason where
- CreateAccountFailureReason' { }
- pattern CreateAccountFailureReason_ACCOUNT_LIMIT_EXCEEDED :: CreateAccountFailureReason
- pattern CreateAccountFailureReason_CONCURRENT_ACCOUNT_MODIFICATION :: CreateAccountFailureReason
- pattern CreateAccountFailureReason_EMAIL_ALREADY_EXISTS :: CreateAccountFailureReason
- pattern CreateAccountFailureReason_FAILED_BUSINESS_VALIDATION :: CreateAccountFailureReason
- pattern CreateAccountFailureReason_GOVCLOUD_ACCOUNT_ALREADY_EXISTS :: CreateAccountFailureReason
- pattern CreateAccountFailureReason_INTERNAL_FAILURE :: CreateAccountFailureReason
- pattern CreateAccountFailureReason_INVALID_ADDRESS :: CreateAccountFailureReason
- pattern CreateAccountFailureReason_INVALID_EMAIL :: CreateAccountFailureReason
- pattern CreateAccountFailureReason_INVALID_IDENTITY_FOR_BUSINESS_VALIDATION :: CreateAccountFailureReason
- pattern CreateAccountFailureReason_INVALID_PAYMENT_INSTRUMENT :: CreateAccountFailureReason
- pattern CreateAccountFailureReason_MISSING_BUSINESS_VALIDATION :: CreateAccountFailureReason
- pattern CreateAccountFailureReason_MISSING_PAYMENT_INSTRUMENT :: CreateAccountFailureReason
- pattern CreateAccountFailureReason_PENDING_BUSINESS_VALIDATION :: CreateAccountFailureReason
- pattern CreateAccountFailureReason_UNKNOWN_BUSINESS_VALIDATION :: CreateAccountFailureReason
- pattern CreateAccountFailureReason_UPDATE_EXISTING_RESOURCE_POLICY_WITH_TAGS_NOT_SUPPORTED :: CreateAccountFailureReason
- newtype CreateAccountState where
- newtype EffectivePolicyType where
- newtype HandshakePartyType where
- HandshakePartyType' { }
- pattern HandshakePartyType_ACCOUNT :: HandshakePartyType
- pattern HandshakePartyType_EMAIL :: HandshakePartyType
- pattern HandshakePartyType_ORGANIZATION :: HandshakePartyType
- newtype HandshakeResourceType where
- HandshakeResourceType' { }
- pattern HandshakeResourceType_ACCOUNT :: HandshakeResourceType
- pattern HandshakeResourceType_EMAIL :: HandshakeResourceType
- pattern HandshakeResourceType_MASTER_EMAIL :: HandshakeResourceType
- pattern HandshakeResourceType_MASTER_NAME :: HandshakeResourceType
- pattern HandshakeResourceType_NOTES :: HandshakeResourceType
- pattern HandshakeResourceType_ORGANIZATION :: HandshakeResourceType
- pattern HandshakeResourceType_ORGANIZATION_FEATURE_SET :: HandshakeResourceType
- pattern HandshakeResourceType_PARENT_HANDSHAKE :: HandshakeResourceType
- newtype HandshakeState where
- HandshakeState' { }
- pattern HandshakeState_ACCEPTED :: HandshakeState
- pattern HandshakeState_CANCELED :: HandshakeState
- pattern HandshakeState_DECLINED :: HandshakeState
- pattern HandshakeState_EXPIRED :: HandshakeState
- pattern HandshakeState_OPEN :: HandshakeState
- pattern HandshakeState_REQUESTED :: HandshakeState
- newtype IAMUserAccessToBilling where
- newtype OrganizationFeatureSet where
- newtype ParentType where
- ParentType' { }
- pattern ParentType_ORGANIZATIONAL_UNIT :: ParentType
- pattern ParentType_ROOT :: ParentType
- newtype PolicyType where
- PolicyType' { }
- pattern PolicyType_AISERVICES_OPT_OUT_POLICY :: PolicyType
- pattern PolicyType_BACKUP_POLICY :: PolicyType
- pattern PolicyType_SERVICE_CONTROL_POLICY :: PolicyType
- pattern PolicyType_TAG_POLICY :: PolicyType
- newtype PolicyTypeStatus where
- PolicyTypeStatus' { }
- pattern PolicyTypeStatus_ENABLED :: PolicyTypeStatus
- pattern PolicyTypeStatus_PENDING_DISABLE :: PolicyTypeStatus
- pattern PolicyTypeStatus_PENDING_ENABLE :: PolicyTypeStatus
- newtype TargetType where
- TargetType' { }
- pattern TargetType_ACCOUNT :: TargetType
- pattern TargetType_ORGANIZATIONAL_UNIT :: TargetType
- pattern TargetType_ROOT :: TargetType
- data Account = Account' {}
- newAccount :: Account
- account_arn :: Lens' Account (Maybe Text)
- account_email :: Lens' Account (Maybe Text)
- account_id :: Lens' Account (Maybe Text)
- account_joinedMethod :: Lens' Account (Maybe AccountJoinedMethod)
- account_joinedTimestamp :: Lens' Account (Maybe UTCTime)
- account_name :: Lens' Account (Maybe Text)
- account_status :: Lens' Account (Maybe AccountStatus)
- data Child = Child' {}
- newChild :: Child
- child_id :: Lens' Child (Maybe Text)
- child_type :: Lens' Child (Maybe ChildType)
- data CreateAccountStatus = CreateAccountStatus' {}
- newCreateAccountStatus :: CreateAccountStatus
- createAccountStatus_accountId :: Lens' CreateAccountStatus (Maybe Text)
- createAccountStatus_accountName :: Lens' CreateAccountStatus (Maybe Text)
- createAccountStatus_completedTimestamp :: Lens' CreateAccountStatus (Maybe UTCTime)
- createAccountStatus_failureReason :: Lens' CreateAccountStatus (Maybe CreateAccountFailureReason)
- createAccountStatus_govCloudAccountId :: Lens' CreateAccountStatus (Maybe Text)
- createAccountStatus_id :: Lens' CreateAccountStatus (Maybe Text)
- createAccountStatus_requestedTimestamp :: Lens' CreateAccountStatus (Maybe UTCTime)
- createAccountStatus_state :: Lens' CreateAccountStatus (Maybe CreateAccountState)
- data DelegatedAdministrator = DelegatedAdministrator' {}
- newDelegatedAdministrator :: DelegatedAdministrator
- delegatedAdministrator_arn :: Lens' DelegatedAdministrator (Maybe Text)
- delegatedAdministrator_delegationEnabledDate :: Lens' DelegatedAdministrator (Maybe UTCTime)
- delegatedAdministrator_email :: Lens' DelegatedAdministrator (Maybe Text)
- delegatedAdministrator_id :: Lens' DelegatedAdministrator (Maybe Text)
- delegatedAdministrator_joinedMethod :: Lens' DelegatedAdministrator (Maybe AccountJoinedMethod)
- delegatedAdministrator_joinedTimestamp :: Lens' DelegatedAdministrator (Maybe UTCTime)
- delegatedAdministrator_name :: Lens' DelegatedAdministrator (Maybe Text)
- delegatedAdministrator_status :: Lens' DelegatedAdministrator (Maybe AccountStatus)
- data DelegatedService = DelegatedService' {}
- newDelegatedService :: DelegatedService
- delegatedService_delegationEnabledDate :: Lens' DelegatedService (Maybe UTCTime)
- delegatedService_servicePrincipal :: Lens' DelegatedService (Maybe Text)
- data EffectivePolicy = EffectivePolicy' {}
- newEffectivePolicy :: EffectivePolicy
- effectivePolicy_lastUpdatedTimestamp :: Lens' EffectivePolicy (Maybe UTCTime)
- effectivePolicy_policyContent :: Lens' EffectivePolicy (Maybe Text)
- effectivePolicy_policyType :: Lens' EffectivePolicy (Maybe EffectivePolicyType)
- effectivePolicy_targetId :: Lens' EffectivePolicy (Maybe Text)
- data EnabledServicePrincipal = EnabledServicePrincipal' {}
- newEnabledServicePrincipal :: EnabledServicePrincipal
- enabledServicePrincipal_dateEnabled :: Lens' EnabledServicePrincipal (Maybe UTCTime)
- enabledServicePrincipal_servicePrincipal :: Lens' EnabledServicePrincipal (Maybe Text)
- data Handshake = Handshake' {}
- newHandshake :: Handshake
- handshake_action :: Lens' Handshake (Maybe ActionType)
- handshake_arn :: Lens' Handshake (Maybe Text)
- handshake_expirationTimestamp :: Lens' Handshake (Maybe UTCTime)
- handshake_id :: Lens' Handshake (Maybe Text)
- handshake_parties :: Lens' Handshake (Maybe [HandshakeParty])
- handshake_requestedTimestamp :: Lens' Handshake (Maybe UTCTime)
- handshake_resources :: Lens' Handshake (Maybe [HandshakeResource])
- handshake_state :: Lens' Handshake (Maybe HandshakeState)
- data HandshakeFilter = HandshakeFilter' {}
- newHandshakeFilter :: HandshakeFilter
- handshakeFilter_actionType :: Lens' HandshakeFilter (Maybe ActionType)
- handshakeFilter_parentHandshakeId :: Lens' HandshakeFilter (Maybe Text)
- data HandshakeParty = HandshakeParty' {}
- newHandshakeParty :: Text -> HandshakePartyType -> HandshakeParty
- handshakeParty_id :: Lens' HandshakeParty Text
- handshakeParty_type :: Lens' HandshakeParty HandshakePartyType
- data HandshakeResource = HandshakeResource' {}
- newHandshakeResource :: HandshakeResource
- handshakeResource_resources :: Lens' HandshakeResource (Maybe [HandshakeResource])
- handshakeResource_type :: Lens' HandshakeResource (Maybe HandshakeResourceType)
- handshakeResource_value :: Lens' HandshakeResource (Maybe Text)
- data Organization = Organization' {}
- newOrganization :: Organization
- organization_arn :: Lens' Organization (Maybe Text)
- organization_availablePolicyTypes :: Lens' Organization (Maybe [PolicyTypeSummary])
- organization_featureSet :: Lens' Organization (Maybe OrganizationFeatureSet)
- organization_id :: Lens' Organization (Maybe Text)
- organization_masterAccountArn :: Lens' Organization (Maybe Text)
- organization_masterAccountEmail :: Lens' Organization (Maybe Text)
- organization_masterAccountId :: Lens' Organization (Maybe Text)
- data OrganizationalUnit = OrganizationalUnit' {}
- newOrganizationalUnit :: OrganizationalUnit
- organizationalUnit_arn :: Lens' OrganizationalUnit (Maybe Text)
- organizationalUnit_id :: Lens' OrganizationalUnit (Maybe Text)
- organizationalUnit_name :: Lens' OrganizationalUnit (Maybe Text)
- data Parent = Parent' {}
- newParent :: Parent
- parent_id :: Lens' Parent (Maybe Text)
- parent_type :: Lens' Parent (Maybe ParentType)
- data Policy = Policy' {}
- newPolicy :: Policy
- policy_content :: Lens' Policy (Maybe Text)
- policy_policySummary :: Lens' Policy (Maybe PolicySummary)
- data PolicySummary = PolicySummary' {}
- newPolicySummary :: PolicySummary
- policySummary_arn :: Lens' PolicySummary (Maybe Text)
- policySummary_awsManaged :: Lens' PolicySummary (Maybe Bool)
- policySummary_description :: Lens' PolicySummary (Maybe Text)
- policySummary_id :: Lens' PolicySummary (Maybe Text)
- policySummary_name :: Lens' PolicySummary (Maybe Text)
- policySummary_type :: Lens' PolicySummary (Maybe PolicyType)
- data PolicyTargetSummary = PolicyTargetSummary' {}
- newPolicyTargetSummary :: PolicyTargetSummary
- policyTargetSummary_arn :: Lens' PolicyTargetSummary (Maybe Text)
- policyTargetSummary_name :: Lens' PolicyTargetSummary (Maybe Text)
- policyTargetSummary_targetId :: Lens' PolicyTargetSummary (Maybe Text)
- policyTargetSummary_type :: Lens' PolicyTargetSummary (Maybe TargetType)
- data PolicyTypeSummary = PolicyTypeSummary' {}
- newPolicyTypeSummary :: PolicyTypeSummary
- policyTypeSummary_status :: Lens' PolicyTypeSummary (Maybe PolicyTypeStatus)
- policyTypeSummary_type :: Lens' PolicyTypeSummary (Maybe PolicyType)
- data ResourcePolicy = ResourcePolicy' {}
- newResourcePolicy :: ResourcePolicy
- resourcePolicy_content :: Lens' ResourcePolicy (Maybe Text)
- resourcePolicy_resourcePolicySummary :: Lens' ResourcePolicy (Maybe ResourcePolicySummary)
- data ResourcePolicySummary = ResourcePolicySummary' {}
- newResourcePolicySummary :: ResourcePolicySummary
- resourcePolicySummary_arn :: Lens' ResourcePolicySummary (Maybe Text)
- resourcePolicySummary_id :: Lens' ResourcePolicySummary (Maybe Text)
- data Root = Root' {}
- newRoot :: Root
- root_arn :: Lens' Root (Maybe Text)
- root_id :: Lens' Root (Maybe Text)
- root_name :: Lens' Root (Maybe Text)
- root_policyTypes :: Lens' Root (Maybe [PolicyTypeSummary])
- data Tag = Tag' {}
- newTag :: Text -> Text -> Tag
- tag_key :: Lens' Tag Text
- tag_value :: Lens' Tag Text
Service Configuration
defaultService :: Service Source #
API version 2016-11-28
of the Amazon Organizations SDK configuration.
Errors
_AWSOrganizationsNotInUseException :: AsError a => Fold a ServiceError Source #
Your account isn't a member of an organization. To make this request, you must use the credentials of an account that belongs to an organization.
_AccessDeniedException :: AsError a => Fold a ServiceError Source #
You don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access Management in the IAM User Guide.
_AccessDeniedForDependencyException :: AsError a => Fold a ServiceError Source #
The operation that you attempted requires you to have the
iam:CreateServiceLinkedRole
for organizations.amazonaws.com
permission so that Organizations can create the required service-linked
role. You don't have that permission.
_AccountAlreadyClosedException :: AsError a => Fold a ServiceError Source #
You attempted to close an account that is already closed.
_AccountAlreadyRegisteredException :: AsError a => Fold a ServiceError Source #
The specified account is already a delegated administrator for this Amazon Web Services service.
_AccountNotFoundException :: AsError a => Fold a ServiceError Source #
We can't find an Amazon Web Services account with the AccountId
that
you specified, or the account whose credentials you used to make this
request isn't a member of an organization.
_AccountNotRegisteredException :: AsError a => Fold a ServiceError Source #
The specified account is not a delegated administrator for this Amazon Web Services service.
_AccountOwnerNotVerifiedException :: AsError a => Fold a ServiceError Source #
You can't invite an existing account to your organization until you verify that you own the email address associated with the management account. For more information, see Email Address Verification in the Organizations User Guide.
_AlreadyInOrganizationException :: AsError a => Fold a ServiceError Source #
This account is already a member of an organization. An account can belong to only one organization at a time.
_ChildNotFoundException :: AsError a => Fold a ServiceError Source #
We can't find an organizational unit (OU) or Amazon Web Services
account with the ChildId
that you specified.
_ConcurrentModificationException :: AsError a => Fold a ServiceError Source #
The target of the operation is currently being modified by a different request. Try again later.
_ConflictException :: AsError a => Fold a ServiceError Source #
The request failed because it conflicts with the current state of the specified resource.
_ConstraintViolationException :: AsError a => Fold a ServiceError Source #
Performing this operation violates a minimum or maximum value limit. For example, attempting to remove the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation.
- ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization. You can't remove the management account. Instead, after you remove all member accounts, delete the organization itself.
- ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization that doesn't yet have enough information to exist as a standalone account. This account requires you to first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
- ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create in one day.
ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. If you need more accounts, contact Amazon Web Services Support to request an increase in your limit.
Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase in the number of accounts.
Deleted and closed accounts still count toward your limit.
If you get this exception when running a command immediately after creating the organization, wait one hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
- CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of the organization as a delegated administrator for an Amazon Web Services service integrated with Organizations. You can designate only a member account as a delegated administrator.
- CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management account for the organization, you must first either remove or close all member accounts in the organization. Follow standard account closure process using root credentials.
- CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as a delegated administrator for a service integrated with your organization. To complete this operation, you must first deregister this account as a delegated administrator.
- CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
- CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close at a time.
- CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified region, you must enable all features mode.
- DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account as a delegated administrator for an Amazon Web Services service that already has a delegated administrator. To complete this operation, you must first deregister any existing delegated administrators for this service.
- EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time. You must resubmit the request and generate a new verfication code.
- HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.
- INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is associated with the account. Amazon Web Services does not support cards issued by financial institutions in Russia or Belarus. For more information, see Managing your Amazon Web Services payments.
- MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first must migrate the organization's management account to the marketplace that corresponds to the management account's address. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be associated with the same marketplace.
- MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services /> Regions in China. To create an organization, the master must have a valid business license. For more information, contact customer support.
- MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact address and phone number for the management account. Then try the operation again.
- MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations in the Amazon Web Services GovCloud User Guide.
- MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you first must associate a valid payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the Organizations User Guide.
- MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated administrators than allowed for the service principal.
- MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain type that can be attached to an entity at one time.
- MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
- MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you first must associate a valid payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the Organizations User Guide.
- MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would cause the entity to have fewer than the minimum number of policies of a certain type required.
- ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the organization to be configured to support all features. An organization that supports only consolidated billing features can't perform this operation.
- OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
- OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
- POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
- POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an organization.
- SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated
administrator before you enabled service access. Call the
EnableAWSServiceAccess
API first. - TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with the tag policy requirements for this account.
- WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting period before you can remove it from the organization. If you get an error that indicates that a wait period is required, try again in a few days.
_CreateAccountStatusNotFoundException :: AsError a => Fold a ServiceError Source #
We can't find an create account request with the
CreateAccountRequestId
that you specified.
_DestinationParentNotFoundException :: AsError a => Fold a ServiceError Source #
We can't find the destination container (a root or OU) with the
ParentId
that you specified.
_DuplicateAccountException :: AsError a => Fold a ServiceError Source #
That account is already present in the specified destination.
_DuplicateHandshakeException :: AsError a => Fold a ServiceError Source #
A handshake with the same action and target already exists. For example, if you invited an account to join your organization, the invited account might already have a pending invitation from this organization. If you intend to resend an invitation to an account, ensure that existing handshakes that might be considered duplicates are canceled or declined.
_DuplicateOrganizationalUnitException :: AsError a => Fold a ServiceError Source #
An OU with the same name already exists.
_DuplicatePolicyAttachmentException :: AsError a => Fold a ServiceError Source #
The selected policy is already attached to the specified target.
_DuplicatePolicyException :: AsError a => Fold a ServiceError Source #
A policy with the same name already exists.
_EffectivePolicyNotFoundException :: AsError a => Fold a ServiceError Source #
If you ran this action on the management account, this policy type is not enabled. If you ran the action on a member account, the account doesn't have an effective policy of this type. Contact the administrator of your organization about attaching a policy of this type to the account.
_FinalizingOrganizationException :: AsError a => Fold a ServiceError Source #
Organizations couldn't perform the operation because your organization hasn't finished initializing. This can take up to an hour. Try again later. If after one hour you continue to receive this error, contact Amazon Web Services Support.
_HandshakeAlreadyInStateException :: AsError a => Fold a ServiceError Source #
The specified handshake is already in the requested state. For example, you can't accept a handshake that was already accepted.
_HandshakeConstraintViolationException :: AsError a => Fold a ServiceError Source #
The requested operation would violate the constraint identified in the reason code.
Some of the reasons in the following list might not be applicable to this specific API or operation:
ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. Note that deleted and closed accounts still count toward your limit.
If you get this exception immediately after creating the organization, wait one hour and try again. If after an hour it continues to fail with this error, contact Amazon Web Services Support.
- ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a member of an organization.
- HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.
- INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while it's in the process of enabling all features. You can resume inviting accounts after you finalize the process when all accounts have agreed to the change.
- ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has already enabled all features.
- ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the organization has already started the process to enable all features.
- ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different marketplace than the accounts in the organization. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
- ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account too quickly after its previous change.
- PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment instrument, such as a credit card, associated with it.
_HandshakeNotFoundException :: AsError a => Fold a ServiceError Source #
We can't find a handshake with the HandshakeId
that you specified.
_InvalidHandshakeTransitionException :: AsError a => Fold a ServiceError Source #
You can't perform the operation on the handshake in its current state. For example, you can't cancel a handshake that was already accepted or accept a handshake that was already declined.
_InvalidInputException :: AsError a => Fold a ServiceError Source #
The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation.
- DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
- IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
- INPUT_REQUIRED: You must include a value for all required parameters.
- INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
- INVALID_ENUM: You specified an invalid value.
- INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
- INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
- INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
- INVALID_PAGINATION_TOKEN: Get the value for the
NextToken
parameter from the response to a previous call of the operation. - INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.
- INVALID_PATTERN: You provided a value that doesn't match the required pattern.
- INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
- INVALID_ROLE_NAME: You provided a role name that isn't valid. A
role name can't begin with the reserved prefix
AWSServiceRoleFor
. - INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the organization.
- INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
- INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count against your tags per resource limit.
- MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
- MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
- MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
- MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
- MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
- MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
- TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
- UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
_MalformedPolicyDocumentException :: AsError a => Fold a ServiceError Source #
The provided policy document doesn't meet the requirements of the specified policy type. For example, the syntax might be incorrect. For details about service control policy syntax, see Service Control Policy Syntax in the Organizations User Guide.
_MasterCannotLeaveOrganizationException :: AsError a => Fold a ServiceError Source #
You can't remove a management account from an organization. If you want the management account to become a member account in another organization, you must first delete the current organization of the management account.
_OrganizationNotEmptyException :: AsError a => Fold a ServiceError Source #
The organization isn't empty. To delete an organization, you must first remove all accounts except the management account, delete all OUs, and delete all policies.
_OrganizationalUnitNotEmptyException :: AsError a => Fold a ServiceError Source #
The specified OU is not empty. Move all accounts to another root or to other OUs, remove all child OUs, and try the operation again.
_OrganizationalUnitNotFoundException :: AsError a => Fold a ServiceError Source #
We can't find an OU with the OrganizationalUnitId
that you specified.
_ParentNotFoundException :: AsError a => Fold a ServiceError Source #
We can't find a root or OU with the ParentId
that you specified.
_PolicyChangesInProgressException :: AsError a => Fold a ServiceError Source #
Changes to the effective policy are in progress, and its contents can't be returned. Try the operation again later.
_PolicyInUseException :: AsError a => Fold a ServiceError Source #
The policy is attached to one or more entities. You must detach it from all roots, OUs, and accounts before performing this operation.
_PolicyNotAttachedException :: AsError a => Fold a ServiceError Source #
The policy isn't attached to the specified target in the specified root.
_PolicyNotFoundException :: AsError a => Fold a ServiceError Source #
We can't find a policy with the PolicyId
that you specified.
_PolicyTypeAlreadyEnabledException :: AsError a => Fold a ServiceError Source #
The specified policy type is already enabled in the specified root.
_PolicyTypeNotAvailableForOrganizationException :: AsError a => Fold a ServiceError Source #
You can't use the specified policy type with the feature set currently enabled for this organization. For example, you can enable SCPs only after you enable all features in the organization. For more information, see Managing Organizations Policiesin the Organizations User Guide.
_PolicyTypeNotEnabledException :: AsError a => Fold a ServiceError Source #
The specified policy type isn't currently enabled in this root. You can't attach policies of the specified type to entities in a root until you enable that type in the root. For more information, see Enabling All Features in Your Organization in the Organizations User Guide.
_ResourcePolicyNotFoundException :: AsError a => Fold a ServiceError Source #
We can't find a resource policy request with the parameter that you specified.
_RootNotFoundException :: AsError a => Fold a ServiceError Source #
We can't find a root with the RootId
that you specified.
_ServiceException :: AsError a => Fold a ServiceError Source #
Organizations can't complete your request because of an internal service error. Try again later.
_SourceParentNotFoundException :: AsError a => Fold a ServiceError Source #
We can't find a source root or OU with the ParentId
that you
specified.
_TargetNotFoundException :: AsError a => Fold a ServiceError Source #
We can't find a root, OU, account, or policy with the TargetId
that
you specified.
_TooManyRequestsException :: AsError a => Fold a ServiceError Source #
You have sent too many requests in too short a period of time. The quota helps protect against denial-of-service attacks. Try again later.
For information about quotas that affect Organizations, see Quotas for Organizationsin the Organizations User Guide.
_UnsupportedAPIEndpointException :: AsError a => Fold a ServiceError Source #
This action isn't available in the current Amazon Web Services Region.
AccountJoinedMethod
newtype AccountJoinedMethod Source #
pattern AccountJoinedMethod_CREATED :: AccountJoinedMethod | |
pattern AccountJoinedMethod_INVITED :: AccountJoinedMethod |
Instances
AccountStatus
newtype AccountStatus Source #
pattern AccountStatus_ACTIVE :: AccountStatus | |
pattern AccountStatus_PENDING_CLOSURE :: AccountStatus | |
pattern AccountStatus_SUSPENDED :: AccountStatus |
Instances
ActionType
newtype ActionType Source #
pattern ActionType_ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE :: ActionType | |
pattern ActionType_APPROVE_ALL_FEATURES :: ActionType | |
pattern ActionType_ENABLE_ALL_FEATURES :: ActionType | |
pattern ActionType_INVITE :: ActionType |
Instances
ChildType
pattern ChildType_ACCOUNT :: ChildType | |
pattern ChildType_ORGANIZATIONAL_UNIT :: ChildType |
Instances
CreateAccountFailureReason
newtype CreateAccountFailureReason Source #
Instances
CreateAccountState
newtype CreateAccountState Source #
pattern CreateAccountState_FAILED :: CreateAccountState | |
pattern CreateAccountState_IN_PROGRESS :: CreateAccountState | |
pattern CreateAccountState_SUCCEEDED :: CreateAccountState |
Instances
EffectivePolicyType
newtype EffectivePolicyType Source #
Instances
HandshakePartyType
newtype HandshakePartyType Source #
pattern HandshakePartyType_ACCOUNT :: HandshakePartyType | |
pattern HandshakePartyType_EMAIL :: HandshakePartyType | |
pattern HandshakePartyType_ORGANIZATION :: HandshakePartyType |
Instances
HandshakeResourceType
newtype HandshakeResourceType Source #
Instances
HandshakeState
newtype HandshakeState Source #
pattern HandshakeState_ACCEPTED :: HandshakeState | |
pattern HandshakeState_CANCELED :: HandshakeState | |
pattern HandshakeState_DECLINED :: HandshakeState | |
pattern HandshakeState_EXPIRED :: HandshakeState | |
pattern HandshakeState_OPEN :: HandshakeState | |
pattern HandshakeState_REQUESTED :: HandshakeState |
Instances
IAMUserAccessToBilling
newtype IAMUserAccessToBilling Source #
pattern IAMUserAccessToBilling_ALLOW :: IAMUserAccessToBilling | |
pattern IAMUserAccessToBilling_DENY :: IAMUserAccessToBilling |
Instances
OrganizationFeatureSet
newtype OrganizationFeatureSet Source #
pattern OrganizationFeatureSet_ALL :: OrganizationFeatureSet | |
pattern OrganizationFeatureSet_CONSOLIDATED_BILLING :: OrganizationFeatureSet |
Instances
ParentType
newtype ParentType Source #
pattern ParentType_ORGANIZATIONAL_UNIT :: ParentType | |
pattern ParentType_ROOT :: ParentType |
Instances
PolicyType
newtype PolicyType Source #
pattern PolicyType_AISERVICES_OPT_OUT_POLICY :: PolicyType | |
pattern PolicyType_BACKUP_POLICY :: PolicyType | |
pattern PolicyType_SERVICE_CONTROL_POLICY :: PolicyType | |
pattern PolicyType_TAG_POLICY :: PolicyType |
Instances
PolicyTypeStatus
newtype PolicyTypeStatus Source #
pattern PolicyTypeStatus_ENABLED :: PolicyTypeStatus | |
pattern PolicyTypeStatus_PENDING_DISABLE :: PolicyTypeStatus | |
pattern PolicyTypeStatus_PENDING_ENABLE :: PolicyTypeStatus |
Instances
TargetType
newtype TargetType Source #
pattern TargetType_ACCOUNT :: TargetType | |
pattern TargetType_ORGANIZATIONAL_UNIT :: TargetType | |
pattern TargetType_ROOT :: TargetType |
Instances
Account
Contains information about an Amazon Web Services account that is a member of an organization.
See: newAccount
smart constructor.
Account' | |
|
Instances
newAccount :: Account Source #
Create a value of Account
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:Account'
, account_arn
- The Amazon Resource Name (ARN) of the account.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
$sel:email:Account'
, account_email
- The email address associated with the Amazon Web Services account.
The regex pattern for this parameter is a string of characters that represents a standard internet email address.
$sel:id:Account'
, account_id
- The unique identifier (ID) of the account.
The regex pattern for an account ID string requires exactly 12 digits.
$sel:joinedMethod:Account'
, account_joinedMethod
- The method by which the account joined the organization.
$sel:joinedTimestamp:Account'
, account_joinedTimestamp
- The date the account became a part of the organization.
$sel:name:Account'
, account_name
- The friendly name of the account.
The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
$sel:status:Account'
, account_status
- The status of the account in the organization.
account_arn :: Lens' Account (Maybe Text) Source #
The Amazon Resource Name (ARN) of the account.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
account_email :: Lens' Account (Maybe Text) Source #
The email address associated with the Amazon Web Services account.
The regex pattern for this parameter is a string of characters that represents a standard internet email address.
account_id :: Lens' Account (Maybe Text) Source #
The unique identifier (ID) of the account.
The regex pattern for an account ID string requires exactly 12 digits.
account_joinedMethod :: Lens' Account (Maybe AccountJoinedMethod) Source #
The method by which the account joined the organization.
account_joinedTimestamp :: Lens' Account (Maybe UTCTime) Source #
The date the account became a part of the organization.
account_name :: Lens' Account (Maybe Text) Source #
The friendly name of the account.
The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
account_status :: Lens' Account (Maybe AccountStatus) Source #
The status of the account in the organization.
Child
Contains a list of child entities, either OUs or accounts.
See: newChild
smart constructor.
Child' | |
|
Instances
FromJSON Child Source # | |
Generic Child Source # | |
Read Child Source # | |
Show Child Source # | |
NFData Child Source # | |
Defined in Amazonka.Organizations.Types.Child | |
Eq Child Source # | |
Hashable Child Source # | |
Defined in Amazonka.Organizations.Types.Child | |
type Rep Child Source # | |
Defined in Amazonka.Organizations.Types.Child type Rep Child = D1 ('MetaData "Child" "Amazonka.Organizations.Types.Child" "amazonka-organizations-2.0-JONpdX4PtttLcKxQshpOlA" 'False) (C1 ('MetaCons "Child'" 'PrefixI 'True) (S1 ('MetaSel ('Just "id") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "type'") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe ChildType)))) |
Create a value of Child
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:id:Child'
, child_id
- The unique identifier (ID) of this child entity.
The regex pattern for a child ID string requires one of the following:
- Account - A string that consists of exactly 12 digits.
- Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
$sel:type':Child'
, child_type
- The type of this child entity.
child_id :: Lens' Child (Maybe Text) Source #
The unique identifier (ID) of this child entity.
The regex pattern for a child ID string requires one of the following:
- Account - A string that consists of exactly 12 digits.
- Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
CreateAccountStatus
data CreateAccountStatus Source #
Contains the status about a CreateAccount or CreateGovCloudAccount request to create an Amazon Web Services account or an Amazon Web Services GovCloud (US) account in an organization.
See: newCreateAccountStatus
smart constructor.
CreateAccountStatus' | |
|
Instances
newCreateAccountStatus :: CreateAccountStatus Source #
Create a value of CreateAccountStatus
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountId:CreateAccountStatus'
, createAccountStatus_accountId
- If the account was created successfully, the unique identifier (ID) of
the new account.
The regex pattern for an account ID string requires exactly 12 digits.
$sel:accountName:CreateAccountStatus'
, createAccountStatus_accountName
- The account name given to the account when it was created.
$sel:completedTimestamp:CreateAccountStatus'
, createAccountStatus_completedTimestamp
- The date and time that the account was created and the request
completed.
$sel:failureReason:CreateAccountStatus'
, createAccountStatus_failureReason
- If the request failed, a description of the reason for the failure.
- ACCOUNT_LIMIT_EXCEEDED: The account couldn't be created because you reached the limit on the number of accounts in your organization.
- CONCURRENT_ACCOUNT_MODIFICATION: You already submitted a request with the same information.
- EMAIL_ALREADY_EXISTS: The account could not be created because another Amazon Web Services account with that email address already exists.
- FAILED_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization failed to receive business license validation.
- GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the Amazon Web Services GovCloud (US) Region could not be created because this Region already includes an account with that email address.
- IDENTITY_INVALID_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization can't complete business license validation because it doesn't have valid identity data.
- INVALID_ADDRESS: The account could not be created because the address you provided is not valid.
- INVALID_EMAIL: The account could not be created because the email address you provided is not valid.
- INVALID_PAYMENT_INSTRUMENT: The Amazon Web Services account that owns your organization does not have a supported payment method associated with the account. Amazon Web Services does not support cards issued by financial institutions in Russia or Belarus. For more information, see Managing your Amazon Web Services payments.
- INTERNAL_FAILURE: The account could not be created because of an internal failure. Try again later. If the problem persists, contact Amazon Web Services Customer Support.
- MISSING_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization has not received Business Validation.
- MISSING_PAYMENT_INSTRUMENT: You must configure the management account with a valid payment method, such as a credit card.
- PENDING_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization is still in the process of completing business license validation.
- UNKNOWN_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization has an unknown issue with business license validation.
$sel:govCloudAccountId:CreateAccountStatus'
, createAccountStatus_govCloudAccountId
- If the account was created successfully, the unique identifier (ID) of
the new account in the Amazon Web Services GovCloud (US) Region.
$sel:id:CreateAccountStatus'
, createAccountStatus_id
- The unique identifier (ID) that references this request. You get this
value from the response of the initial CreateAccount request to create
the account.
The regex pattern for a create account request ID string requires "car-" followed by from 8 to 32 lowercase letters or digits.
$sel:requestedTimestamp:CreateAccountStatus'
, createAccountStatus_requestedTimestamp
- The date and time that the request was made for the account creation.
$sel:state:CreateAccountStatus'
, createAccountStatus_state
- The status of the asynchronous request to create an Amazon Web Services
account.
createAccountStatus_accountId :: Lens' CreateAccountStatus (Maybe Text) Source #
If the account was created successfully, the unique identifier (ID) of the new account.
The regex pattern for an account ID string requires exactly 12 digits.
createAccountStatus_accountName :: Lens' CreateAccountStatus (Maybe Text) Source #
The account name given to the account when it was created.
createAccountStatus_completedTimestamp :: Lens' CreateAccountStatus (Maybe UTCTime) Source #
The date and time that the account was created and the request completed.
createAccountStatus_failureReason :: Lens' CreateAccountStatus (Maybe CreateAccountFailureReason) Source #
If the request failed, a description of the reason for the failure.
- ACCOUNT_LIMIT_EXCEEDED: The account couldn't be created because you reached the limit on the number of accounts in your organization.
- CONCURRENT_ACCOUNT_MODIFICATION: You already submitted a request with the same information.
- EMAIL_ALREADY_EXISTS: The account could not be created because another Amazon Web Services account with that email address already exists.
- FAILED_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization failed to receive business license validation.
- GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the Amazon Web Services GovCloud (US) Region could not be created because this Region already includes an account with that email address.
- IDENTITY_INVALID_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization can't complete business license validation because it doesn't have valid identity data.
- INVALID_ADDRESS: The account could not be created because the address you provided is not valid.
- INVALID_EMAIL: The account could not be created because the email address you provided is not valid.
- INVALID_PAYMENT_INSTRUMENT: The Amazon Web Services account that owns your organization does not have a supported payment method associated with the account. Amazon Web Services does not support cards issued by financial institutions in Russia or Belarus. For more information, see Managing your Amazon Web Services payments.
- INTERNAL_FAILURE: The account could not be created because of an internal failure. Try again later. If the problem persists, contact Amazon Web Services Customer Support.
- MISSING_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization has not received Business Validation.
- MISSING_PAYMENT_INSTRUMENT: You must configure the management account with a valid payment method, such as a credit card.
- PENDING_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization is still in the process of completing business license validation.
- UNKNOWN_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization has an unknown issue with business license validation.
createAccountStatus_govCloudAccountId :: Lens' CreateAccountStatus (Maybe Text) Source #
If the account was created successfully, the unique identifier (ID) of the new account in the Amazon Web Services GovCloud (US) Region.
createAccountStatus_id :: Lens' CreateAccountStatus (Maybe Text) Source #
The unique identifier (ID) that references this request. You get this value from the response of the initial CreateAccount request to create the account.
The regex pattern for a create account request ID string requires "car-" followed by from 8 to 32 lowercase letters or digits.
createAccountStatus_requestedTimestamp :: Lens' CreateAccountStatus (Maybe UTCTime) Source #
The date and time that the request was made for the account creation.
createAccountStatus_state :: Lens' CreateAccountStatus (Maybe CreateAccountState) Source #
The status of the asynchronous request to create an Amazon Web Services account.
DelegatedAdministrator
data DelegatedAdministrator Source #
Contains information about the delegated administrator.
See: newDelegatedAdministrator
smart constructor.
DelegatedAdministrator' | |
|
Instances
newDelegatedAdministrator :: DelegatedAdministrator Source #
Create a value of DelegatedAdministrator
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:DelegatedAdministrator'
, delegatedAdministrator_arn
- The Amazon Resource Name (ARN) of the delegated administrator's
account.
$sel:delegationEnabledDate:DelegatedAdministrator'
, delegatedAdministrator_delegationEnabledDate
- The date when the account was made a delegated administrator.
$sel:email:DelegatedAdministrator'
, delegatedAdministrator_email
- The email address that is associated with the delegated administrator's
Amazon Web Services account.
$sel:id:DelegatedAdministrator'
, delegatedAdministrator_id
- The unique identifier (ID) of the delegated administrator's account.
$sel:joinedMethod:DelegatedAdministrator'
, delegatedAdministrator_joinedMethod
- The method by which the delegated administrator's account joined the
organization.
$sel:joinedTimestamp:DelegatedAdministrator'
, delegatedAdministrator_joinedTimestamp
- The date when the delegated administrator's account became a part of
the organization.
$sel:name:DelegatedAdministrator'
, delegatedAdministrator_name
- The friendly name of the delegated administrator's account.
$sel:status:DelegatedAdministrator'
, delegatedAdministrator_status
- The status of the delegated administrator's account in the
organization.
delegatedAdministrator_arn :: Lens' DelegatedAdministrator (Maybe Text) Source #
The Amazon Resource Name (ARN) of the delegated administrator's account.
delegatedAdministrator_delegationEnabledDate :: Lens' DelegatedAdministrator (Maybe UTCTime) Source #
The date when the account was made a delegated administrator.
delegatedAdministrator_email :: Lens' DelegatedAdministrator (Maybe Text) Source #
The email address that is associated with the delegated administrator's Amazon Web Services account.
delegatedAdministrator_id :: Lens' DelegatedAdministrator (Maybe Text) Source #
The unique identifier (ID) of the delegated administrator's account.
delegatedAdministrator_joinedMethod :: Lens' DelegatedAdministrator (Maybe AccountJoinedMethod) Source #
The method by which the delegated administrator's account joined the organization.
delegatedAdministrator_joinedTimestamp :: Lens' DelegatedAdministrator (Maybe UTCTime) Source #
The date when the delegated administrator's account became a part of the organization.
delegatedAdministrator_name :: Lens' DelegatedAdministrator (Maybe Text) Source #
The friendly name of the delegated administrator's account.
delegatedAdministrator_status :: Lens' DelegatedAdministrator (Maybe AccountStatus) Source #
The status of the delegated administrator's account in the organization.
DelegatedService
data DelegatedService Source #
Contains information about the Amazon Web Services service for which the account is a delegated administrator.
See: newDelegatedService
smart constructor.
DelegatedService' | |
|
Instances
newDelegatedService :: DelegatedService Source #
Create a value of DelegatedService
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:delegationEnabledDate:DelegatedService'
, delegatedService_delegationEnabledDate
- The date that the account became a delegated administrator for this
service.
$sel:servicePrincipal:DelegatedService'
, delegatedService_servicePrincipal
- The name of an Amazon Web Services service that can request an operation
for the specified service. This is typically in the form of a URL, such
as:
servicename
.amazonaws.com
.
delegatedService_delegationEnabledDate :: Lens' DelegatedService (Maybe UTCTime) Source #
The date that the account became a delegated administrator for this service.
delegatedService_servicePrincipal :: Lens' DelegatedService (Maybe Text) Source #
The name of an Amazon Web Services service that can request an operation
for the specified service. This is typically in the form of a URL, such
as:
servicename
.amazonaws.com
.
EffectivePolicy
data EffectivePolicy Source #
Contains rules to be applied to the affected accounts. The effective policy is the aggregation of any policies the account inherits, plus any policy directly attached to the account.
See: newEffectivePolicy
smart constructor.
EffectivePolicy' | |
|
Instances
newEffectivePolicy :: EffectivePolicy Source #
Create a value of EffectivePolicy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:lastUpdatedTimestamp:EffectivePolicy'
, effectivePolicy_lastUpdatedTimestamp
- The time of the last update to this policy.
$sel:policyContent:EffectivePolicy'
, effectivePolicy_policyContent
- The text content of the policy.
$sel:policyType:EffectivePolicy'
, effectivePolicy_policyType
- The policy type.
$sel:targetId:EffectivePolicy'
, effectivePolicy_targetId
- The account ID of the policy target.
effectivePolicy_lastUpdatedTimestamp :: Lens' EffectivePolicy (Maybe UTCTime) Source #
The time of the last update to this policy.
effectivePolicy_policyContent :: Lens' EffectivePolicy (Maybe Text) Source #
The text content of the policy.
effectivePolicy_policyType :: Lens' EffectivePolicy (Maybe EffectivePolicyType) Source #
The policy type.
effectivePolicy_targetId :: Lens' EffectivePolicy (Maybe Text) Source #
The account ID of the policy target.
EnabledServicePrincipal
data EnabledServicePrincipal Source #
A structure that contains details of a service principal that represents an Amazon Web Services service that is enabled to integrate with Organizations.
See: newEnabledServicePrincipal
smart constructor.
EnabledServicePrincipal' | |
|
Instances
newEnabledServicePrincipal :: EnabledServicePrincipal Source #
Create a value of EnabledServicePrincipal
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:dateEnabled:EnabledServicePrincipal'
, enabledServicePrincipal_dateEnabled
- The date that the service principal was enabled for integration with
Organizations.
$sel:servicePrincipal:EnabledServicePrincipal'
, enabledServicePrincipal_servicePrincipal
- The name of the service principal. This is typically in the form of a
URL, such as:
servicename
.amazonaws.com
.
enabledServicePrincipal_dateEnabled :: Lens' EnabledServicePrincipal (Maybe UTCTime) Source #
The date that the service principal was enabled for integration with Organizations.
enabledServicePrincipal_servicePrincipal :: Lens' EnabledServicePrincipal (Maybe Text) Source #
The name of the service principal. This is typically in the form of a
URL, such as:
servicename
.amazonaws.com
.
Handshake
Contains information that must be exchanged to securely establish a relationship between two accounts (an originator and a recipient). For example, when a management account (the originator) invites another account (the recipient) to join its organization, the two accounts exchange information as a series of handshake requests and responses.
Note: Handshakes that are CANCELED
, ACCEPTED
, DECLINED
, or
EXPIRED
show up in lists for only 30 days after entering that state
After that they are deleted.
See: newHandshake
smart constructor.
Handshake' | |
|
Instances
newHandshake :: Handshake Source #
Create a value of Handshake
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:action:Handshake'
, handshake_action
- The type of handshake, indicating what action occurs when the recipient
accepts the handshake. The following handshake types are supported:
- INVITE: This type of handshake represents a request to join an organization. It is always sent from the management account to only non-member accounts.
- ENABLE_ALL_FEATURES: This type of handshake represents a request to enable all features in an organization. It is always sent from the management account to only invited member accounts. Created accounts do not receive this because those accounts were created by the organization's management account and approval is inferred.
- APPROVE_ALL_FEATURES: This type of handshake is sent from the
Organizations service when all member accounts have approved the
ENABLE_ALL_FEATURES
invitation. It is sent only to the management account and signals the master that it can finalize the process to enable all features.
$sel:arn:Handshake'
, handshake_arn
- The Amazon Resource Name (ARN) of a handshake.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
$sel:expirationTimestamp:Handshake'
, handshake_expirationTimestamp
- The date and time that the handshake expires. If the recipient of the
handshake request fails to respond before the specified date and time,
the handshake becomes inactive and is no longer valid.
Handshake
, handshake_id
- The unique identifier (ID) of a handshake. The originating account
creates the ID when it initiates the handshake.
The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lowercase letters or digits.
$sel:parties:Handshake'
, handshake_parties
- Information about the two accounts that are participating in the
handshake.
$sel:requestedTimestamp:Handshake'
, handshake_requestedTimestamp
- The date and time that the handshake request was made.
Handshake
, handshake_resources
- Additional information that is needed to process the handshake.
$sel:state:Handshake'
, handshake_state
- The current state of the handshake. Use the state to trace the flow of
the handshake through the process from its creation to its acceptance.
The meaning of each of the valid values is as follows:
- REQUESTED: This handshake was sent to multiple recipients (applicable to only some handshake types) and not all recipients have responded yet. The request stays in this state until all recipients respond.
- OPEN: This handshake was sent to multiple recipients (applicable to only some policy types) and all recipients have responded, allowing the originator to complete the handshake action.
- CANCELED: This handshake is no longer active because it was canceled by the originating account.
- ACCEPTED: This handshake is complete because it has been accepted by the recipient.
- DECLINED: This handshake is no longer active because it was declined by the recipient account.
- EXPIRED: This handshake is no longer active because the originator did not receive a response of any kind from the recipient before the expiration time (15 days).
handshake_action :: Lens' Handshake (Maybe ActionType) Source #
The type of handshake, indicating what action occurs when the recipient accepts the handshake. The following handshake types are supported:
- INVITE: This type of handshake represents a request to join an organization. It is always sent from the management account to only non-member accounts.
- ENABLE_ALL_FEATURES: This type of handshake represents a request to enable all features in an organization. It is always sent from the management account to only invited member accounts. Created accounts do not receive this because those accounts were created by the organization's management account and approval is inferred.
- APPROVE_ALL_FEATURES: This type of handshake is sent from the
Organizations service when all member accounts have approved the
ENABLE_ALL_FEATURES
invitation. It is sent only to the management account and signals the master that it can finalize the process to enable all features.
handshake_arn :: Lens' Handshake (Maybe Text) Source #
The Amazon Resource Name (ARN) of a handshake.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
handshake_expirationTimestamp :: Lens' Handshake (Maybe UTCTime) Source #
The date and time that the handshake expires. If the recipient of the handshake request fails to respond before the specified date and time, the handshake becomes inactive and is no longer valid.
handshake_id :: Lens' Handshake (Maybe Text) Source #
The unique identifier (ID) of a handshake. The originating account creates the ID when it initiates the handshake.
The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lowercase letters or digits.
handshake_parties :: Lens' Handshake (Maybe [HandshakeParty]) Source #
Information about the two accounts that are participating in the handshake.
handshake_requestedTimestamp :: Lens' Handshake (Maybe UTCTime) Source #
The date and time that the handshake request was made.
handshake_resources :: Lens' Handshake (Maybe [HandshakeResource]) Source #
Additional information that is needed to process the handshake.
handshake_state :: Lens' Handshake (Maybe HandshakeState) Source #
The current state of the handshake. Use the state to trace the flow of the handshake through the process from its creation to its acceptance. The meaning of each of the valid values is as follows:
- REQUESTED: This handshake was sent to multiple recipients (applicable to only some handshake types) and not all recipients have responded yet. The request stays in this state until all recipients respond.
- OPEN: This handshake was sent to multiple recipients (applicable to only some policy types) and all recipients have responded, allowing the originator to complete the handshake action.
- CANCELED: This handshake is no longer active because it was canceled by the originating account.
- ACCEPTED: This handshake is complete because it has been accepted by the recipient.
- DECLINED: This handshake is no longer active because it was declined by the recipient account.
- EXPIRED: This handshake is no longer active because the originator did not receive a response of any kind from the recipient before the expiration time (15 days).
HandshakeFilter
data HandshakeFilter Source #
Specifies the criteria that are used to select the handshakes for the operation.
See: newHandshakeFilter
smart constructor.
HandshakeFilter' | |
|
Instances
newHandshakeFilter :: HandshakeFilter Source #
Create a value of HandshakeFilter
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:actionType:HandshakeFilter'
, handshakeFilter_actionType
- Specifies the type of handshake action.
If you specify ActionType
, you cannot also specify
ParentHandshakeId
.
$sel:parentHandshakeId:HandshakeFilter'
, handshakeFilter_parentHandshakeId
- Specifies the parent handshake. Only used for handshake types that are a
child of another type.
If you specify ParentHandshakeId
, you cannot also specify
ActionType
.
The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lowercase letters or digits.
handshakeFilter_actionType :: Lens' HandshakeFilter (Maybe ActionType) Source #
Specifies the type of handshake action.
If you specify ActionType
, you cannot also specify
ParentHandshakeId
.
handshakeFilter_parentHandshakeId :: Lens' HandshakeFilter (Maybe Text) Source #
Specifies the parent handshake. Only used for handshake types that are a child of another type.
If you specify ParentHandshakeId
, you cannot also specify
ActionType
.
The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lowercase letters or digits.
HandshakeParty
data HandshakeParty Source #
Identifies a participant in a handshake.
See: newHandshakeParty
smart constructor.
HandshakeParty' | |
|
Instances
Create a value of HandshakeParty
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:id:HandshakeParty'
, handshakeParty_id
- The unique identifier (ID) for the party.
The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lowercase letters or digits.
$sel:type':HandshakeParty'
, handshakeParty_type
- The type of party.
handshakeParty_id :: Lens' HandshakeParty Text Source #
The unique identifier (ID) for the party.
The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lowercase letters or digits.
handshakeParty_type :: Lens' HandshakeParty HandshakePartyType Source #
The type of party.
HandshakeResource
data HandshakeResource Source #
Contains additional data that is needed to process a handshake.
See: newHandshakeResource
smart constructor.
HandshakeResource' | |
|
Instances
newHandshakeResource :: HandshakeResource Source #
Create a value of HandshakeResource
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resources:HandshakeResource'
, handshakeResource_resources
- When needed, contains an additional array of HandshakeResource
objects.
$sel:type':HandshakeResource'
, handshakeResource_type
- The type of information being passed, specifying how the value is to be
interpreted by the other party:
ACCOUNT
- Specifies an Amazon Web Services account ID number.ORGANIZATION
- Specifies an organization ID number.EMAIL
- Specifies the email address that is associated with the account that receives the handshake.OWNER_EMAIL
- Specifies the email address associated with the management account. Included as information about an organization.OWNER_NAME
- Specifies the name associated with the management account. Included as information about an organization.NOTES
- Additional text provided by the handshake initiator and intended for the recipient to read.
$sel:value:HandshakeResource'
, handshakeResource_value
- The information that is passed to the other party in the handshake. The
format of the value string must match the requirements of the specified
type.
handshakeResource_resources :: Lens' HandshakeResource (Maybe [HandshakeResource]) Source #
When needed, contains an additional array of HandshakeResource
objects.
handshakeResource_type :: Lens' HandshakeResource (Maybe HandshakeResourceType) Source #
The type of information being passed, specifying how the value is to be interpreted by the other party:
ACCOUNT
- Specifies an Amazon Web Services account ID number.ORGANIZATION
- Specifies an organization ID number.EMAIL
- Specifies the email address that is associated with the account that receives the handshake.OWNER_EMAIL
- Specifies the email address associated with the management account. Included as information about an organization.OWNER_NAME
- Specifies the name associated with the management account. Included as information about an organization.NOTES
- Additional text provided by the handshake initiator and intended for the recipient to read.
handshakeResource_value :: Lens' HandshakeResource (Maybe Text) Source #
The information that is passed to the other party in the handshake. The format of the value string must match the requirements of the specified type.
Organization
data Organization Source #
Contains details about an organization. An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies .
See: newOrganization
smart constructor.
Organization' | |
|
Instances
newOrganization :: Organization Source #
Create a value of Organization
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:Organization'
, organization_arn
- The Amazon Resource Name (ARN) of an organization.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
$sel:availablePolicyTypes:Organization'
, organization_availablePolicyTypes
- Do not use. This field is deprecated and doesn't provide complete
information about the policies in your organization.
To determine the policies that are enabled and available for use in your organization, use the ListRoots operation instead.
$sel:featureSet:Organization'
, organization_featureSet
- Specifies the functionality that currently is available to the
organization. If set to "ALL", then all features are enabled and
policies can be applied to accounts in the organization. If set to
"CONSOLIDATED_BILLING", then only consolidated billing functionality
is available. For more information, see
Enabling All Features in Your Organization
in the Organizations User Guide.
$sel:id:Organization'
, organization_id
- The unique identifier (ID) of an organization.
The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits.
$sel:masterAccountArn:Organization'
, organization_masterAccountArn
- The Amazon Resource Name (ARN) of the account that is designated as the
management account for the organization.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
$sel:masterAccountEmail:Organization'
, organization_masterAccountEmail
- The email address that is associated with the Amazon Web Services
account that is designated as the management account for the
organization.
$sel:masterAccountId:Organization'
, organization_masterAccountId
- The unique identifier (ID) of the management account of an organization.
The regex pattern for an account ID string requires exactly 12 digits.
organization_arn :: Lens' Organization (Maybe Text) Source #
The Amazon Resource Name (ARN) of an organization.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
organization_availablePolicyTypes :: Lens' Organization (Maybe [PolicyTypeSummary]) Source #
Do not use. This field is deprecated and doesn't provide complete information about the policies in your organization.
To determine the policies that are enabled and available for use in your organization, use the ListRoots operation instead.
organization_featureSet :: Lens' Organization (Maybe OrganizationFeatureSet) Source #
Specifies the functionality that currently is available to the organization. If set to "ALL", then all features are enabled and policies can be applied to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only consolidated billing functionality is available. For more information, see Enabling All Features in Your Organization in the Organizations User Guide.
organization_id :: Lens' Organization (Maybe Text) Source #
The unique identifier (ID) of an organization.
The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lowercase letters or digits.
organization_masterAccountArn :: Lens' Organization (Maybe Text) Source #
The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
organization_masterAccountEmail :: Lens' Organization (Maybe Text) Source #
The email address that is associated with the Amazon Web Services account that is designated as the management account for the organization.
organization_masterAccountId :: Lens' Organization (Maybe Text) Source #
The unique identifier (ID) of the management account of an organization.
The regex pattern for an account ID string requires exactly 12 digits.
OrganizationalUnit
data OrganizationalUnit Source #
Contains details about an organizational unit (OU). An OU is a container of Amazon Web Services accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.
See: newOrganizationalUnit
smart constructor.
OrganizationalUnit' | |
|
Instances
newOrganizationalUnit :: OrganizationalUnit Source #
Create a value of OrganizationalUnit
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:OrganizationalUnit'
, organizationalUnit_arn
- The Amazon Resource Name (ARN) of this OU.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
$sel:id:OrganizationalUnit'
, organizationalUnit_id
- The unique identifier (ID) associated with this OU.
The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
$sel:name:OrganizationalUnit'
, organizationalUnit_name
- The friendly name of this OU.
The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
organizationalUnit_arn :: Lens' OrganizationalUnit (Maybe Text) Source #
The Amazon Resource Name (ARN) of this OU.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
organizationalUnit_id :: Lens' OrganizationalUnit (Maybe Text) Source #
The unique identifier (ID) associated with this OU.
The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
organizationalUnit_name :: Lens' OrganizationalUnit (Maybe Text) Source #
The friendly name of this OU.
The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
Parent
Contains information about either a root or an organizational unit (OU) that can contain OUs or accounts in an organization.
See: newParent
smart constructor.
Parent' | |
|
Instances
FromJSON Parent Source # | |
Generic Parent Source # | |
Read Parent Source # | |
Show Parent Source # | |
NFData Parent Source # | |
Defined in Amazonka.Organizations.Types.Parent | |
Eq Parent Source # | |
Hashable Parent Source # | |
Defined in Amazonka.Organizations.Types.Parent | |
type Rep Parent Source # | |
Defined in Amazonka.Organizations.Types.Parent type Rep Parent = D1 ('MetaData "Parent" "Amazonka.Organizations.Types.Parent" "amazonka-organizations-2.0-JONpdX4PtttLcKxQshpOlA" 'False) (C1 ('MetaCons "Parent'" 'PrefixI 'True) (S1 ('MetaSel ('Just "id") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "type'") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe ParentType)))) |
Create a value of Parent
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:id:Parent'
, parent_id
- The unique identifier (ID) of the parent entity.
The regex pattern for a parent ID string requires one of the following:
- Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
- Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
$sel:type':Parent'
, parent_type
- The type of the parent entity.
parent_id :: Lens' Parent (Maybe Text) Source #
The unique identifier (ID) of the parent entity.
The regex pattern for a parent ID string requires one of the following:
- Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
- Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
parent_type :: Lens' Parent (Maybe ParentType) Source #
The type of the parent entity.
Policy
Contains rules to be applied to the affected accounts. Policies can be attached directly to accounts, or to roots and OUs to affect all accounts in those hierarchies.
See: newPolicy
smart constructor.
Policy' | |
|
Instances
FromJSON Policy Source # | |
Generic Policy Source # | |
Read Policy Source # | |
Show Policy Source # | |
NFData Policy Source # | |
Defined in Amazonka.Organizations.Types.Policy | |
Eq Policy Source # | |
Hashable Policy Source # | |
Defined in Amazonka.Organizations.Types.Policy | |
type Rep Policy Source # | |
Defined in Amazonka.Organizations.Types.Policy type Rep Policy = D1 ('MetaData "Policy" "Amazonka.Organizations.Types.Policy" "amazonka-organizations-2.0-JONpdX4PtttLcKxQshpOlA" 'False) (C1 ('MetaCons "Policy'" 'PrefixI 'True) (S1 ('MetaSel ('Just "content") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "policySummary") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe PolicySummary)))) |
Create a value of Policy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:content:Policy'
, policy_content
- The text content of the policy.
$sel:policySummary:Policy'
, policy_policySummary
- A structure that contains additional details about the policy.
policy_policySummary :: Lens' Policy (Maybe PolicySummary) Source #
A structure that contains additional details about the policy.
PolicySummary
data PolicySummary Source #
Contains information about a policy, but does not include the content. To see the content of a policy, see DescribePolicy.
See: newPolicySummary
smart constructor.
PolicySummary' | |
|
Instances
newPolicySummary :: PolicySummary Source #
Create a value of PolicySummary
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:PolicySummary'
, policySummary_arn
- The Amazon Resource Name (ARN) of the policy.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
$sel:awsManaged:PolicySummary'
, policySummary_awsManaged
- A boolean value that indicates whether the specified policy is an Amazon
Web Services managed policy. If true, then you can attach the policy to
roots, OUs, or accounts, but you cannot edit it.
$sel:description:PolicySummary'
, policySummary_description
- The description of the policy.
$sel:id:PolicySummary'
, policySummary_id
- The unique identifier (ID) of the policy.
The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
$sel:name:PolicySummary'
, policySummary_name
- The friendly name of the policy.
The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
$sel:type':PolicySummary'
, policySummary_type
- The type of policy.
policySummary_arn :: Lens' PolicySummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the policy.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
policySummary_awsManaged :: Lens' PolicySummary (Maybe Bool) Source #
A boolean value that indicates whether the specified policy is an Amazon Web Services managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.
policySummary_description :: Lens' PolicySummary (Maybe Text) Source #
The description of the policy.
policySummary_id :: Lens' PolicySummary (Maybe Text) Source #
The unique identifier (ID) of the policy.
The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
policySummary_name :: Lens' PolicySummary (Maybe Text) Source #
The friendly name of the policy.
The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
policySummary_type :: Lens' PolicySummary (Maybe PolicyType) Source #
The type of policy.
PolicyTargetSummary
data PolicyTargetSummary Source #
Contains information about a root, OU, or account that a policy is attached to.
See: newPolicyTargetSummary
smart constructor.
PolicyTargetSummary' | |
|
Instances
newPolicyTargetSummary :: PolicyTargetSummary Source #
Create a value of PolicyTargetSummary
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:PolicyTargetSummary'
, policyTargetSummary_arn
- The Amazon Resource Name (ARN) of the policy target.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
$sel:name:PolicyTargetSummary'
, policyTargetSummary_name
- The friendly name of the policy target.
The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
$sel:targetId:PolicyTargetSummary'
, policyTargetSummary_targetId
- The unique identifier (ID) of the policy target.
The regex pattern for a target ID string requires one of the following:
- Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
- Account - A string that consists of exactly 12 digits.
- Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
$sel:type':PolicyTargetSummary'
, policyTargetSummary_type
- The type of the policy target.
policyTargetSummary_arn :: Lens' PolicyTargetSummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the policy target.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
policyTargetSummary_name :: Lens' PolicyTargetSummary (Maybe Text) Source #
The friendly name of the policy target.
The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
policyTargetSummary_targetId :: Lens' PolicyTargetSummary (Maybe Text) Source #
The unique identifier (ID) of the policy target.
The regex pattern for a target ID string requires one of the following:
- Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
- Account - A string that consists of exactly 12 digits.
- Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
policyTargetSummary_type :: Lens' PolicyTargetSummary (Maybe TargetType) Source #
The type of the policy target.
PolicyTypeSummary
data PolicyTypeSummary Source #
Contains information about a policy type and its status in the associated root.
See: newPolicyTypeSummary
smart constructor.
PolicyTypeSummary' | |
|
Instances
newPolicyTypeSummary :: PolicyTypeSummary Source #
Create a value of PolicyTypeSummary
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:status:PolicyTypeSummary'
, policyTypeSummary_status
- The status of the policy type as it relates to the associated root. To
attach a policy of the specified type to a root or to an OU or account
in that root, it must be available in the organization and enabled for
that root.
$sel:type':PolicyTypeSummary'
, policyTypeSummary_type
- The name of the policy type.
policyTypeSummary_status :: Lens' PolicyTypeSummary (Maybe PolicyTypeStatus) Source #
The status of the policy type as it relates to the associated root. To attach a policy of the specified type to a root or to an OU or account in that root, it must be available in the organization and enabled for that root.
policyTypeSummary_type :: Lens' PolicyTypeSummary (Maybe PolicyType) Source #
The name of the policy type.
ResourcePolicy
data ResourcePolicy Source #
A structure that contains details about a resource policy.
See: newResourcePolicy
smart constructor.
ResourcePolicy' | |
|
Instances
newResourcePolicy :: ResourcePolicy Source #
Create a value of ResourcePolicy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:content:ResourcePolicy'
, resourcePolicy_content
- The policy text of the resource policy.
$sel:resourcePolicySummary:ResourcePolicy'
, resourcePolicy_resourcePolicySummary
- A structure that contains resource policy ID and Amazon Resource Name
(ARN).
resourcePolicy_content :: Lens' ResourcePolicy (Maybe Text) Source #
The policy text of the resource policy.
resourcePolicy_resourcePolicySummary :: Lens' ResourcePolicy (Maybe ResourcePolicySummary) Source #
A structure that contains resource policy ID and Amazon Resource Name (ARN).
ResourcePolicySummary
data ResourcePolicySummary Source #
A structure that contains resource policy ID and Amazon Resource Name (ARN).
See: newResourcePolicySummary
smart constructor.
Instances
newResourcePolicySummary :: ResourcePolicySummary Source #
Create a value of ResourcePolicySummary
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:ResourcePolicySummary'
, resourcePolicySummary_arn
- The Amazon Resource Name (ARN) of the resource policy.
$sel:id:ResourcePolicySummary'
, resourcePolicySummary_id
- The unique identifier (ID) of the resource policy.
resourcePolicySummary_arn :: Lens' ResourcePolicySummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the resource policy.
resourcePolicySummary_id :: Lens' ResourcePolicySummary (Maybe Text) Source #
The unique identifier (ID) of the resource policy.
Root
Contains details about a root. A root is a top-level parent node in the hierarchy of an organization that can contain organizational units (OUs) and accounts. The root contains every Amazon Web Services account in the organization.
See: newRoot
smart constructor.
Root' | |
|
Instances
FromJSON Root Source # | |
Generic Root Source # | |
Read Root Source # | |
Show Root Source # | |
NFData Root Source # | |
Defined in Amazonka.Organizations.Types.Root | |
Eq Root Source # | |
Hashable Root Source # | |
Defined in Amazonka.Organizations.Types.Root | |
type Rep Root Source # | |
Defined in Amazonka.Organizations.Types.Root type Rep Root = D1 ('MetaData "Root" "Amazonka.Organizations.Types.Root" "amazonka-organizations-2.0-JONpdX4PtttLcKxQshpOlA" 'False) (C1 ('MetaCons "Root'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "arn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "id") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))) :*: (S1 ('MetaSel ('Just "name") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "policyTypes") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [PolicyTypeSummary]))))) |
Create a value of Root
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:Root'
, root_arn
- The Amazon Resource Name (ARN) of the root.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
$sel:id:Root'
, root_id
- The unique identifier (ID) for the root.
The regex pattern for a root ID string requires "r-" followed by from 4 to 32 lowercase letters or digits.
$sel:name:Root'
, root_name
- The friendly name of the root.
The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
$sel:policyTypes:Root'
, root_policyTypes
- The types of policies that are currently enabled for the root and
therefore can be attached to the root or to its OUs or accounts.
Even if a policy type is shown as available in the organization, you can separately enable and disable them at the root level by using EnablePolicyType and DisablePolicyType. Use DescribeOrganization to see the availability of the policy types in that organization.
root_arn :: Lens' Root (Maybe Text) Source #
The Amazon Resource Name (ARN) of the root.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
root_id :: Lens' Root (Maybe Text) Source #
The unique identifier (ID) for the root.
The regex pattern for a root ID string requires "r-" followed by from 4 to 32 lowercase letters or digits.
root_name :: Lens' Root (Maybe Text) Source #
The friendly name of the root.
The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
root_policyTypes :: Lens' Root (Maybe [PolicyTypeSummary]) Source #
The types of policies that are currently enabled for the root and therefore can be attached to the root or to its OUs or accounts.
Even if a policy type is shown as available in the organization, you can separately enable and disable them at the root level by using EnablePolicyType and DisablePolicyType. Use DescribeOrganization to see the availability of the policy types in that organization.
Tag
A custom key-value pair associated with a resource within your organization.
You can attach tags to any of the following organization resources.
- Amazon Web Services account
- Organizational unit (OU)
- Organization root
- Policy
See: newTag
smart constructor.
Instances
FromJSON Tag Source # | |
ToJSON Tag Source # | |
Defined in Amazonka.Organizations.Types.Tag | |
Generic Tag Source # | |
Read Tag Source # | |
Show Tag Source # | |
NFData Tag Source # | |
Defined in Amazonka.Organizations.Types.Tag | |
Eq Tag Source # | |
Hashable Tag Source # | |
Defined in Amazonka.Organizations.Types.Tag | |
type Rep Tag Source # | |
Defined in Amazonka.Organizations.Types.Tag type Rep Tag = D1 ('MetaData "Tag" "Amazonka.Organizations.Types.Tag" "amazonka-organizations-2.0-JONpdX4PtttLcKxQshpOlA" 'False) (C1 ('MetaCons "Tag'" 'PrefixI 'True) (S1 ('MetaSel ('Just "key") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "value") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) |
Create a value of Tag
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:key:Tag'
, tag_key
- The key identifier, or name, of the tag.
$sel:value:Tag'
, tag_value
- The string value that's associated with the key of the tag. You can set
the value of a tag to an empty string, but you can't set the value of a
tag to null.