From 72bf4cb5b08e7e56228cf1d8943e5bed862009ef Mon Sep 17 00:00:00 2001 From: awstools Date: Mon, 16 Sep 2024 18:23:01 +0000 Subject: [PATCH] docs(client-organizations): Doc only update for AWS Organizations that fixes several customer-reported issues --- .../src/commands/AttachPolicyCommand.ts | 5 ++--- .../src/commands/CloseAccountCommand.ts | 9 ++++----- .../src/commands/CreateAccountCommand.ts | 10 ++++------ .../src/commands/CreateGovCloudAccountCommand.ts | 5 ++--- .../src/commands/CreateOrganizationCommand.ts | 5 ++--- .../commands/CreateOrganizationalUnitCommand.ts | 5 ++--- .../src/commands/CreatePolicyCommand.ts | 5 ++--- .../src/commands/DeleteResourcePolicyCommand.ts | 5 ++--- .../DeregisterDelegatedAdministratorCommand.ts | 5 ++--- .../commands/DescribeEffectivePolicyCommand.ts | 5 ++--- .../commands/DescribeResourcePolicyCommand.ts | 5 ++--- .../src/commands/DetachPolicyCommand.ts | 5 ++--- .../commands/DisableAWSServiceAccessCommand.ts | 5 ++--- .../src/commands/DisablePolicyTypeCommand.ts | 5 ++--- .../commands/EnableAWSServiceAccessCommand.ts | 16 ++++++++-------- .../src/commands/EnablePolicyTypeCommand.ts | 5 ++--- .../InviteAccountToOrganizationCommand.ts | 5 ++--- .../src/commands/LeaveOrganizationCommand.ts | 9 ++++----- ...ListAWSServiceAccessForOrganizationCommand.ts | 5 ++--- .../ListDelegatedAdministratorsCommand.ts | 5 ++--- .../ListDelegatedServicesForAccountCommand.ts | 5 ++--- .../src/commands/PutResourcePolicyCommand.ts | 5 ++--- .../RegisterDelegatedAdministratorCommand.ts | 5 ++--- .../RemoveAccountFromOrganizationCommand.ts | 5 ++--- .../src/commands/TagResourceCommand.ts | 5 ++--- .../src/commands/UntagResourceCommand.ts | 5 ++--- .../src/commands/UpdatePolicyCommand.ts | 5 ++--- .../client-organizations/src/models/models_0.ts | 8 ++++---- .../sdk-codegen/aws-models/organizations.json | 14 +++++++------- 29 files changed, 77 insertions(+), 104 deletions(-) diff --git a/clients/client-organizations/src/commands/AttachPolicyCommand.ts b/clients/client-organizations/src/commands/AttachPolicyCommand.ts index 42b3c0442087..28f03001a94c 100644 --- a/clients/client-organizations/src/commands/AttachPolicyCommand.ts +++ b/clients/client-organizations/src/commands/AttachPolicyCommand.ts @@ -281,9 +281,8 @@ export interface AttachPolicyCommandOutput extends __MetadataBearer {} * that are not compliant with the tag policy requirements for this account.

* *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/CloseAccountCommand.ts b/clients/client-organizations/src/commands/CloseAccountCommand.ts index 0ede30a115d1..369b50c168f2 100644 --- a/clients/client-organizations/src/commands/CloseAccountCommand.ts +++ b/clients/client-organizations/src/commands/CloseAccountCommand.ts @@ -57,10 +57,10 @@ export interface CloseAccountCommandOutput extends __MetadataBearer {} *
  • *

    You can close only 10% of member accounts, between 10 and 1000, within a * rolling 30 day period. This quota is not bound by a calendar month, but - * starts when you close an account. After you reach this limit, you can close + * starts when you close an account. After you reach this limit, you can't close * additional accounts. For more information, see Closing a member * account in your organization and Quotas for - * Organizationsin the Organizations User Guide.

    + * Organizations in the Organizations User Guide.

    *
    • *
  • *

    To reinstate a closed account, contact Amazon Web Services Support within the 90-day @@ -312,9 +312,8 @@ export interface CloseAccountCommandOutput extends __MetadataBearer {} * that are not compliant with the tag policy requirements for this account.

    *
    • *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/CreateAccountCommand.ts b/clients/client-organizations/src/commands/CreateAccountCommand.ts index a3289cf772b9..b4158217130e 100644 --- a/clients/client-organizations/src/commands/CreateAccountCommand.ts +++ b/clients/client-organizations/src/commands/CreateAccountCommand.ts @@ -87,9 +87,8 @@ export interface CreateAccountCommandOutput extends CreateAccountResponse, __Met * If the error persists, contact Amazon Web Services Support.

    * *
  • - *

    Using CreateAccount to create multiple temporary accounts - * isn't recommended. You can only close an account from the Billing and Cost Management console, and - * you must be signed in as the root user. For information on the requirements + *

    It isn't recommended to use CreateAccount to create multiple temporary accounts, and using + * the CreateAccount API to close accounts is subject to a 30-day usage quota. For information on the requirements * and process for closing an account, see Closing a member * account in your organization in the * Organizations User Guide.

    @@ -351,9 +350,8 @@ export interface CreateAccountCommandOutput extends CreateAccountResponse, __Met * that are not compliant with the tag policy requirements for this account.

    *
    • *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/CreateGovCloudAccountCommand.ts b/clients/client-organizations/src/commands/CreateGovCloudAccountCommand.ts index 29df999ce59f..89a9d13ec49b 100644 --- a/clients/client-organizations/src/commands/CreateGovCloudAccountCommand.ts +++ b/clients/client-organizations/src/commands/CreateGovCloudAccountCommand.ts @@ -404,9 +404,8 @@ export interface CreateGovCloudAccountCommandOutput extends CreateGovCloudAccoun * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/CreateOrganizationCommand.ts b/clients/client-organizations/src/commands/CreateOrganizationCommand.ts index 2aec053a3d3a..9be2f0a1cd74 100644 --- a/clients/client-organizations/src/commands/CreateOrganizationCommand.ts +++ b/clients/client-organizations/src/commands/CreateOrganizationCommand.ts @@ -289,9 +289,8 @@ export interface CreateOrganizationCommandOutput extends CreateOrganizationRespo * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/CreateOrganizationalUnitCommand.ts b/clients/client-organizations/src/commands/CreateOrganizationalUnitCommand.ts index 92008db0ecfa..66411eb7d07b 100644 --- a/clients/client-organizations/src/commands/CreateOrganizationalUnitCommand.ts +++ b/clients/client-organizations/src/commands/CreateOrganizationalUnitCommand.ts @@ -276,9 +276,8 @@ export interface CreateOrganizationalUnitCommandOutput extends CreateOrganizatio * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/CreatePolicyCommand.ts b/clients/client-organizations/src/commands/CreatePolicyCommand.ts index 95feed8a55e6..1f5ce51b9dbc 100644 --- a/clients/client-organizations/src/commands/CreatePolicyCommand.ts +++ b/clients/client-organizations/src/commands/CreatePolicyCommand.ts @@ -282,9 +282,8 @@ export interface CreatePolicyCommandOutput extends CreatePolicyResponse, __Metad * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/DeleteResourcePolicyCommand.ts b/clients/client-organizations/src/commands/DeleteResourcePolicyCommand.ts index ba9cd02a08ee..2b67ba88e926 100644 --- a/clients/client-organizations/src/commands/DeleteResourcePolicyCommand.ts +++ b/clients/client-organizations/src/commands/DeleteResourcePolicyCommand.ts @@ -252,9 +252,8 @@ export interface DeleteResourcePolicyCommandOutput extends __MetadataBearer {} * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/DeregisterDelegatedAdministratorCommand.ts b/clients/client-organizations/src/commands/DeregisterDelegatedAdministratorCommand.ts index c3b1cb9d0319..2e8f45429fd0 100644 --- a/clients/client-organizations/src/commands/DeregisterDelegatedAdministratorCommand.ts +++ b/clients/client-organizations/src/commands/DeregisterDelegatedAdministratorCommand.ts @@ -279,9 +279,8 @@ export interface DeregisterDelegatedAdministratorCommandOutput extends __Metadat * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/DescribeEffectivePolicyCommand.ts b/clients/client-organizations/src/commands/DescribeEffectivePolicyCommand.ts index 21e4942a1bf7..e351b8559d9a 100644 --- a/clients/client-organizations/src/commands/DescribeEffectivePolicyCommand.ts +++ b/clients/client-organizations/src/commands/DescribeEffectivePolicyCommand.ts @@ -267,9 +267,8 @@ export interface DescribeEffectivePolicyCommandOutput extends DescribeEffectiveP * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/DescribeResourcePolicyCommand.ts b/clients/client-organizations/src/commands/DescribeResourcePolicyCommand.ts index 4bdefb39bdf9..028290f1cf08 100644 --- a/clients/client-organizations/src/commands/DescribeResourcePolicyCommand.ts +++ b/clients/client-organizations/src/commands/DescribeResourcePolicyCommand.ts @@ -258,9 +258,8 @@ export interface DescribeResourcePolicyCommandOutput extends DescribeResourcePol * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/DetachPolicyCommand.ts b/clients/client-organizations/src/commands/DetachPolicyCommand.ts index e3f68d7071d5..3d3819c7abd1 100644 --- a/clients/client-organizations/src/commands/DetachPolicyCommand.ts +++ b/clients/client-organizations/src/commands/DetachPolicyCommand.ts @@ -270,9 +270,8 @@ export interface DetachPolicyCommandOutput extends __MetadataBearer {} * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/DisableAWSServiceAccessCommand.ts b/clients/client-organizations/src/commands/DisableAWSServiceAccessCommand.ts index a8fd38f4e04d..cdd5b4c1ac9b 100644 --- a/clients/client-organizations/src/commands/DisableAWSServiceAccessCommand.ts +++ b/clients/client-organizations/src/commands/DisableAWSServiceAccessCommand.ts @@ -308,9 +308,8 @@ export interface DisableAWSServiceAccessCommandOutput extends __MetadataBearer { * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/DisablePolicyTypeCommand.ts b/clients/client-organizations/src/commands/DisablePolicyTypeCommand.ts index 3142a0f0e21b..4c9996248e71 100644 --- a/clients/client-organizations/src/commands/DisablePolicyTypeCommand.ts +++ b/clients/client-organizations/src/commands/DisablePolicyTypeCommand.ts @@ -278,9 +278,8 @@ export interface DisablePolicyTypeCommandOutput extends DisablePolicyTypeRespons * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/EnableAWSServiceAccessCommand.ts b/clients/client-organizations/src/commands/EnableAWSServiceAccessCommand.ts index a633a1f56782..8b6e97c170d1 100644 --- a/clients/client-organizations/src/commands/EnableAWSServiceAccessCommand.ts +++ b/clients/client-organizations/src/commands/EnableAWSServiceAccessCommand.ts @@ -28,11 +28,12 @@ export interface EnableAWSServiceAccessCommandInput extends EnableAWSServiceAcce export interface EnableAWSServiceAccessCommandOutput extends __MetadataBearer {} /** - *

    Enables the integration of an Amazon Web Services service (the service that is specified by - * ServicePrincipal) with Organizations. When you enable integration, you allow - * the specified service to create a service-linked role in - * all the accounts in your organization. This allows the service to perform operations on - * your behalf in your organization and its accounts.

    + *

    Provides an Amazon Web Services service (the service that is specified by + * ServicePrincipal) with permissions to view the structure of an organization, + * create a service-linked role in all the accounts in the organization, + * and allow the service to perform operations + * on behalf of the organization and its accounts. Establishing these permissions can be a first step + * in enabling the integration of an Amazon Web Services service with Organizations.

    * *

    We recommend that you enable integration between Organizations and the specified Amazon Web Services * service by using the console or commands that are provided by the specified service. @@ -272,9 +273,8 @@ export interface EnableAWSServiceAccessCommandOutput extends __MetadataBearer {} * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/EnablePolicyTypeCommand.ts b/clients/client-organizations/src/commands/EnablePolicyTypeCommand.ts index 9978bc45d73c..ac9efc3a337a 100644 --- a/clients/client-organizations/src/commands/EnablePolicyTypeCommand.ts +++ b/clients/client-organizations/src/commands/EnablePolicyTypeCommand.ts @@ -278,9 +278,8 @@ export interface EnablePolicyTypeCommandOutput extends EnablePolicyTypeResponse, * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/InviteAccountToOrganizationCommand.ts b/clients/client-organizations/src/commands/InviteAccountToOrganizationCommand.ts index c838f366ecbc..625a45e6158f 100644 --- a/clients/client-organizations/src/commands/InviteAccountToOrganizationCommand.ts +++ b/clients/client-organizations/src/commands/InviteAccountToOrganizationCommand.ts @@ -330,9 +330,8 @@ export interface InviteAccountToOrganizationCommandOutput * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/LeaveOrganizationCommand.ts b/clients/client-organizations/src/commands/LeaveOrganizationCommand.ts index 2d44074e4419..6c59cd2d477a 100644 --- a/clients/client-organizations/src/commands/LeaveOrganizationCommand.ts +++ b/clients/client-organizations/src/commands/LeaveOrganizationCommand.ts @@ -84,8 +84,8 @@ export interface LeaveOrganizationCommandOutput extends __MetadataBearer {} * *
  • *

    A newly created account has a waiting period before it can be removed from - * its organization. If you get an error that indicates that a wait period is - * required, then try again in a few days.

    + * its organization. + * You must wait until at least seven days after the account was created. Invited accounts aren't subject to this waiting period.

    *
    • *
  • *

    If you are using an organization principal to call @@ -322,9 +322,8 @@ export interface LeaveOrganizationCommandOutput extends __MetadataBearer {} * that are not compliant with the tag policy requirements for this account.

    *
    • *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/ListAWSServiceAccessForOrganizationCommand.ts b/clients/client-organizations/src/commands/ListAWSServiceAccessForOrganizationCommand.ts index da74daede324..a4c7b853be44 100644 --- a/clients/client-organizations/src/commands/ListAWSServiceAccessForOrganizationCommand.ts +++ b/clients/client-organizations/src/commands/ListAWSServiceAccessForOrganizationCommand.ts @@ -274,9 +274,8 @@ export interface ListAWSServiceAccessForOrganizationCommandOutput * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/ListDelegatedAdministratorsCommand.ts b/clients/client-organizations/src/commands/ListDelegatedAdministratorsCommand.ts index 2922afe9a153..34c6047a4939 100644 --- a/clients/client-organizations/src/commands/ListDelegatedAdministratorsCommand.ts +++ b/clients/client-organizations/src/commands/ListDelegatedAdministratorsCommand.ts @@ -275,9 +275,8 @@ export interface ListDelegatedAdministratorsCommandOutput * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/ListDelegatedServicesForAccountCommand.ts b/clients/client-organizations/src/commands/ListDelegatedServicesForAccountCommand.ts index 9aaf169c36ab..14630138dd29 100644 --- a/clients/client-organizations/src/commands/ListDelegatedServicesForAccountCommand.ts +++ b/clients/client-organizations/src/commands/ListDelegatedServicesForAccountCommand.ts @@ -276,9 +276,8 @@ export interface ListDelegatedServicesForAccountCommandOutput * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/PutResourcePolicyCommand.ts b/clients/client-organizations/src/commands/PutResourcePolicyCommand.ts index 04650f7fc582..2bf5d559cda9 100644 --- a/clients/client-organizations/src/commands/PutResourcePolicyCommand.ts +++ b/clients/client-organizations/src/commands/PutResourcePolicyCommand.ts @@ -269,9 +269,8 @@ export interface PutResourcePolicyCommandOutput extends PutResourcePolicyRespons * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/RegisterDelegatedAdministratorCommand.ts b/clients/client-organizations/src/commands/RegisterDelegatedAdministratorCommand.ts index a2bd62d5da96..8ee9b273ab1b 100644 --- a/clients/client-organizations/src/commands/RegisterDelegatedAdministratorCommand.ts +++ b/clients/client-organizations/src/commands/RegisterDelegatedAdministratorCommand.ts @@ -275,9 +275,8 @@ export interface RegisterDelegatedAdministratorCommandOutput extends __MetadataB * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/RemoveAccountFromOrganizationCommand.ts b/clients/client-organizations/src/commands/RemoveAccountFromOrganizationCommand.ts index b23cbfee60a5..a1e1e3df32d5 100644 --- a/clients/client-organizations/src/commands/RemoveAccountFromOrganizationCommand.ts +++ b/clients/client-organizations/src/commands/RemoveAccountFromOrganizationCommand.ts @@ -292,9 +292,8 @@ export interface RemoveAccountFromOrganizationCommandOutput extends __MetadataBe * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/TagResourceCommand.ts b/clients/client-organizations/src/commands/TagResourceCommand.ts index 2fef789dfda3..2bc8058df372 100644 --- a/clients/client-organizations/src/commands/TagResourceCommand.ts +++ b/clients/client-organizations/src/commands/TagResourceCommand.ts @@ -277,9 +277,8 @@ export interface TagResourceCommandOutput extends __MetadataBearer {} * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/UntagResourceCommand.ts b/clients/client-organizations/src/commands/UntagResourceCommand.ts index e84386f9ec52..49294b68da55 100644 --- a/clients/client-organizations/src/commands/UntagResourceCommand.ts +++ b/clients/client-organizations/src/commands/UntagResourceCommand.ts @@ -274,9 +274,8 @@ export interface UntagResourceCommandOutput extends __MetadataBearer {} * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/commands/UpdatePolicyCommand.ts b/clients/client-organizations/src/commands/UpdatePolicyCommand.ts index 7affe2fec43c..f3b8abd93d7f 100644 --- a/clients/client-organizations/src/commands/UpdatePolicyCommand.ts +++ b/clients/client-organizations/src/commands/UpdatePolicyCommand.ts @@ -273,9 +273,8 @@ export interface UpdatePolicyCommandOutput extends UpdatePolicyResponse, __Metad * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * diff --git a/clients/client-organizations/src/models/models_0.ts b/clients/client-organizations/src/models/models_0.ts index cd0357dcad06..2e609828fbe6 100644 --- a/clients/client-organizations/src/models/models_0.ts +++ b/clients/client-organizations/src/models/models_0.ts @@ -1113,9 +1113,8 @@ export type ConstraintViolationExceptionReason = * that are not compliant with the tag policy requirements for this account.

    * *
  • - *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting - * period before you can remove it from the organization. If you get an error that - * indicates that a wait period is required, try again in a few days.

    + *

    WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. + * Invited accounts aren't subject to this waiting period.

    *
    • * * @public @@ -2766,7 +2765,8 @@ export interface DescribeOrganizationResponse { * *

    The AvailablePolicyTypes part of the response is deprecated, and you * shouldn't use it in your apps. It doesn't include any policy type supported by Organizations - * other than SCPs. To determine which policy types are enabled in your organization, + * other than SCPs. In the China (Ningxia) Region, no policy type is included. + * To determine which policy types are enabled in your organization, * use the * ListRoots * operation.

    diff --git a/codegen/sdk-codegen/aws-models/organizations.json b/codegen/sdk-codegen/aws-models/organizations.json index 289ea819c9cd..94e1eae5f93d 100644 --- a/codegen/sdk-codegen/aws-models/organizations.json +++ b/codegen/sdk-codegen/aws-models/organizations.json @@ -2128,7 +2128,7 @@ } ], "traits": { - "smithy.api#documentation": "

    Closes an Amazon Web Services member account within an organization. You can close an account when\n all\n features are enabled . You can't close the management account with this API.\n This is an asynchronous request that Amazon Web Services performs in the background. Because\n CloseAccount operates asynchronously, it can return a successful\n completion message even though account closure might still be in progress. You need to\n wait a few minutes before the account is fully closed. To check the status of the\n request, do one of the following:

    \n
      \n
    • \n

      Use the AccountId that you sent in the CloseAccount\n request to provide as a parameter to the DescribeAccount\n operation.

      \n

      While the close account request is in progress, Account status will indicate\n PENDING_CLOSURE. When the close account request completes, the status will\n change to SUSPENDED.

      \n
      • \n
    • \n

      Check the CloudTrail log for the CloseAccountResult event that gets\n published after the account closes successfully. For information on using CloudTrail\n with Organizations, see Logging and monitoring in Organizations in the\n Organizations User Guide.

      \n
      • \n
    \n \n
      \n
    • \n

      You can close only 10% of member accounts, between 10 and 1000, within a\n rolling 30 day period. This quota is not bound by a calendar month, but\n starts when you close an account. After you reach this limit, you can close\n additional accounts. For more information, see Closing a member\n account in your organization and Quotas for\n Organizationsin the Organizations User Guide.

      \n
      • \n
    • \n

      To reinstate a closed account, contact Amazon Web Services Support within the 90-day\n grace period while the account is in SUSPENDED status.

      \n
      • \n
    • \n

      If the Amazon Web Services account you attempt to close is linked to an Amazon Web Services GovCloud\n (US) account, the CloseAccount request will close both\n accounts. To learn important pre-closure details, see \n Closing an Amazon Web Services GovCloud (US) account in the \n Amazon Web Services GovCloud User Guide.

      \n
      • \n
    \n     " + "smithy.api#documentation": "

    Closes an Amazon Web Services member account within an organization. You can close an account when\n all\n features are enabled . You can't close the management account with this API.\n This is an asynchronous request that Amazon Web Services performs in the background. Because\n CloseAccount operates asynchronously, it can return a successful\n completion message even though account closure might still be in progress. You need to\n wait a few minutes before the account is fully closed. To check the status of the\n request, do one of the following:

    \n
      \n
    • \n

      Use the AccountId that you sent in the CloseAccount\n request to provide as a parameter to the DescribeAccount\n operation.

      \n

      While the close account request is in progress, Account status will indicate\n PENDING_CLOSURE. When the close account request completes, the status will\n change to SUSPENDED.

      \n
      • \n
    • \n

      Check the CloudTrail log for the CloseAccountResult event that gets\n published after the account closes successfully. For information on using CloudTrail\n with Organizations, see Logging and monitoring in Organizations in the\n Organizations User Guide.

      \n
      • \n
    \n \n
      \n
    • \n

      You can close only 10% of member accounts, between 10 and 1000, within a\n rolling 30 day period. This quota is not bound by a calendar month, but\n starts when you close an account. After you reach this limit, you can't close\n additional accounts. For more information, see Closing a member\n account in your organization and Quotas for\n Organizations in the Organizations User Guide.

      \n
      • \n
    • \n

      To reinstate a closed account, contact Amazon Web Services Support within the 90-day\n grace period while the account is in SUSPENDED status.

      \n
      • \n
    • \n

      If the Amazon Web Services account you attempt to close is linked to an Amazon Web Services GovCloud\n (US) account, the CloseAccount request will close both\n accounts. To learn important pre-closure details, see \n Closing an Amazon Web Services GovCloud (US) account in the \n Amazon Web Services GovCloud User Guide.

      \n
      • \n
    \n     " } }, "com.amazonaws.organizations#CloseAccountRequest": { @@ -2183,7 +2183,7 @@ } }, "traits": { - "smithy.api#documentation": "

    Performing this operation violates a minimum or maximum value limit. For example,\n attempting to remove the last service control policy (SCP) from an OU or root, inviting\n or creating too many accounts to the organization, or attaching too many policies to an\n account, OU, or root. This exception includes a reason that contains additional\n information about the violated limit:

    \n \n

    Some of the reasons in the following list might not be applicable to this specific\n API or operation.

    \n     \n
      \n
    • \n

      ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management\n account from the organization. You can't remove the management account. Instead,\n after you remove all member accounts, delete the organization itself.

      \n
      • \n
    • \n

      ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an\n account from the organization that doesn't yet have enough information to exist\n as a standalone account. This account requires you to first complete phone\n verification. Follow the steps at Removing a member account from your organization in the\n Organizations User Guide.

      \n
      • \n
    • \n

      ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of\n accounts that you can create in one day.

      \n
      • \n
    • \n

      ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your\n account isn't fully active. You must complete the account setup before you\n create an organization.

      \n
      • \n
    • \n

      ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number\n of accounts in an organization. If you need more accounts, contact Amazon Web Services Support to\n request an increase in your limit.

      \n

      Or the number of invitations that you tried to send would cause you to exceed\n the limit of accounts in your organization. Send fewer invitations or contact\n Amazon Web Services Support to request an increase in the number of accounts.

      \n \n

      Deleted and closed accounts still count toward your limit.

      \n       \n \n

      If you get this exception when running a command immediately after\n creating the organization, wait one hour and try again. After an hour, if\n the command continues to fail with this error, contact Amazon Web Services Support.

      \n       \n
      • \n
    • \n

      CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot\n register a suspended account as a delegated administrator.

      \n
      • \n
    • \n

      CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register\n the management account of the organization as a delegated administrator for an\n Amazon Web Services service integrated with Organizations. You can designate only a member account as a\n delegated administrator.

      \n
      • \n
    • \n

      CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management\n account. To close the management account for the organization, you must first\n either remove or close all member accounts in the organization. Follow standard\n account closure process using root credentials.​

      \n
      • \n
    • \n

      CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an\n account that is registered as a delegated administrator for a service integrated\n with your organization. To complete this operation, you must first deregister\n this account as a delegated administrator.

      \n
      • \n
    • \n

      CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the\n past 30 days.

      \n
      • \n
    • \n

      CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of\n accounts that you can close at a time. ​

      \n
      • \n
    • \n

      CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an\n organization in the specified region, you must enable all features mode.

      \n
      • \n
    • \n

      DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an\n Amazon Web Services account as a delegated administrator for an Amazon Web Services service that already has\n a delegated administrator. To complete this operation, you must first deregister\n any existing delegated administrators for this service.

      \n
      • \n
    • \n

      EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for\n a limited period of time. You must resubmit the request and generate a new\n verfication code.

      \n
      • \n
    • \n

      HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of\n handshakes that you can send in one day.

      \n
      • \n
    • \n

      INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported\n payment method is associated with the account. Amazon Web Services does not support cards\n issued by financial institutions in Russia or Belarus. For more information, see\n Managing your\n Amazon Web Services payments.

      \n
      • \n
    • \n

      MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in\n this organization, you first must migrate the organization's management account\n to the marketplace that corresponds to the management account's address. All\n accounts in an organization must be associated with the same marketplace.

      \n
      • \n
    • \n

      MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in\n China. To create an organization, the master must have a valid business license.\n For more information, contact customer support.

      \n
      • \n
    • \n

      MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must\n first provide a valid contact address and phone number for the management\n account. Then try the operation again.

      \n
      • \n
    • \n

      MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the\n management account must have an associated account in the Amazon Web Services GovCloud\n (US-West) Region. For more information, see Organizations\n in the \n Amazon Web Services GovCloud User Guide.

      \n
      • \n
    • \n

      MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with\n this management account, you first must associate a valid payment instrument,\n such as a credit card, with the account. For more information, see Considerations before removing an account from an organization in\n the Organizations User Guide.

      \n
      • \n
    • \n

      MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to\n register more delegated administrators than allowed for the service principal.\n

      \n
      • \n
    • \n

      MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number\n of policies of a certain type that can be attached to an entity at one\n time.

      \n
      • \n
    • \n

      MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this\n resource.

      \n
      • \n
    • \n

      MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with\n this member account, you first must associate a valid payment instrument, such\n as a credit card, with the account. For more information, see Considerations before removing an account from an organization in\n the Organizations User Guide.

      \n
      • \n
    • \n

      MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy\n from an entity that would cause the entity to have fewer than the minimum number\n of policies of a certain type required.

      \n
      • \n
    • \n

      ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation\n that requires the organization to be configured to support all features. An\n organization that supports only consolidated billing features can't perform this\n operation.

      \n
      • \n
    • \n

      OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many\n levels deep.

      \n
      • \n
    • \n

      OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you\n can have in an organization.

      \n
      • \n
    • \n

      POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger\n than the maximum size.

      \n
      • \n
    • \n

      POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies\n that you can have in an organization.

      \n
      • \n
    • \n

      SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated\n administrator before you enabled service access. Call the\n EnableAWSServiceAccess API first.

      \n
      • \n
    • \n

      TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags\n that are not compliant with the tag policy requirements for this account.

      \n
      • \n
    • \n

      WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, there is a waiting\n period before you can remove it from the organization. If you get an error that\n indicates that a wait period is required, try again in a few days.

      \n
      • \n
    ", + "smithy.api#documentation": "

    Performing this operation violates a minimum or maximum value limit. For example,\n attempting to remove the last service control policy (SCP) from an OU or root, inviting\n or creating too many accounts to the organization, or attaching too many policies to an\n account, OU, or root. This exception includes a reason that contains additional\n information about the violated limit:

    \n \n

    Some of the reasons in the following list might not be applicable to this specific\n API or operation.

    \n     \n
      \n
    • \n

      ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management\n account from the organization. You can't remove the management account. Instead,\n after you remove all member accounts, delete the organization itself.

      \n
      • \n
    • \n

      ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an\n account from the organization that doesn't yet have enough information to exist\n as a standalone account. This account requires you to first complete phone\n verification. Follow the steps at Removing a member account from your organization in the\n Organizations User Guide.

      \n
      • \n
    • \n

      ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of\n accounts that you can create in one day.

      \n
      • \n
    • \n

      ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your\n account isn't fully active. You must complete the account setup before you\n create an organization.

      \n
      • \n
    • \n

      ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number\n of accounts in an organization. If you need more accounts, contact Amazon Web Services Support to\n request an increase in your limit.

      \n

      Or the number of invitations that you tried to send would cause you to exceed\n the limit of accounts in your organization. Send fewer invitations or contact\n Amazon Web Services Support to request an increase in the number of accounts.

      \n \n

      Deleted and closed accounts still count toward your limit.

      \n       \n \n

      If you get this exception when running a command immediately after\n creating the organization, wait one hour and try again. After an hour, if\n the command continues to fail with this error, contact Amazon Web Services Support.

      \n       \n
      • \n
    • \n

      CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot\n register a suspended account as a delegated administrator.

      \n
      • \n
    • \n

      CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register\n the management account of the organization as a delegated administrator for an\n Amazon Web Services service integrated with Organizations. You can designate only a member account as a\n delegated administrator.

      \n
      • \n
    • \n

      CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management\n account. To close the management account for the organization, you must first\n either remove or close all member accounts in the organization. Follow standard\n account closure process using root credentials.​

      \n
      • \n
    • \n

      CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an\n account that is registered as a delegated administrator for a service integrated\n with your organization. To complete this operation, you must first deregister\n this account as a delegated administrator.

      \n
      • \n
    • \n

      CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the\n past 30 days.

      \n
      • \n
    • \n

      CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of\n accounts that you can close at a time. ​

      \n
      • \n
    • \n

      CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an\n organization in the specified region, you must enable all features mode.

      \n
      • \n
    • \n

      DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an\n Amazon Web Services account as a delegated administrator for an Amazon Web Services service that already has\n a delegated administrator. To complete this operation, you must first deregister\n any existing delegated administrators for this service.

      \n
      • \n
    • \n

      EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for\n a limited period of time. You must resubmit the request and generate a new\n verfication code.

      \n
      • \n
    • \n

      HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of\n handshakes that you can send in one day.

      \n
      • \n
    • \n

      INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported\n payment method is associated with the account. Amazon Web Services does not support cards\n issued by financial institutions in Russia or Belarus. For more information, see\n Managing your\n Amazon Web Services payments.

      \n
      • \n
    • \n

      MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in\n this organization, you first must migrate the organization's management account\n to the marketplace that corresponds to the management account's address. All\n accounts in an organization must be associated with the same marketplace.

      \n
      • \n
    • \n

      MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in\n China. To create an organization, the master must have a valid business license.\n For more information, contact customer support.

      \n
      • \n
    • \n

      MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must\n first provide a valid contact address and phone number for the management\n account. Then try the operation again.

      \n
      • \n
    • \n

      MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the\n management account must have an associated account in the Amazon Web Services GovCloud\n (US-West) Region. For more information, see Organizations\n in the \n Amazon Web Services GovCloud User Guide.

      \n
      • \n
    • \n

      MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with\n this management account, you first must associate a valid payment instrument,\n such as a credit card, with the account. For more information, see Considerations before removing an account from an organization in\n the Organizations User Guide.

      \n
      • \n
    • \n

      MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to\n register more delegated administrators than allowed for the service principal.\n

      \n
      • \n
    • \n

      MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number\n of policies of a certain type that can be attached to an entity at one\n time.

      \n
      • \n
    • \n

      MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this\n resource.

      \n
      • \n
    • \n

      MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with\n this member account, you first must associate a valid payment instrument, such\n as a credit card, with the account. For more information, see Considerations before removing an account from an organization in\n the Organizations User Guide.

      \n
      • \n
    • \n

      MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy\n from an entity that would cause the entity to have fewer than the minimum number\n of policies of a certain type required.

      \n
      • \n
    • \n

      ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation\n that requires the organization to be configured to support all features. An\n organization that supports only consolidated billing features can't perform this\n operation.

      \n
      • \n
    • \n

      OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many\n levels deep.

      \n
      • \n
    • \n

      OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you\n can have in an organization.

      \n
      • \n
    • \n

      POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger\n than the maximum size.

      \n
      • \n
    • \n

      POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies\n that you can have in an organization.

      \n
      • \n
    • \n

      SERVICE_ACCESS_NOT_ENABLED: You attempted to register a delegated\n administrator before you enabled service access. Call the\n EnableAWSServiceAccess API first.

      \n
      • \n
    • \n

      TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags\n that are not compliant with the tag policy requirements for this account.

      \n
      • \n
    • \n

      WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created.\n Invited accounts aren't subject to this waiting period.

      \n
      • \n
    ", "smithy.api#error": "client", "smithy.api#httpError": 409 } @@ -2441,7 +2441,7 @@ } ], "traits": { - "smithy.api#documentation": "

    Creates an Amazon Web Services account that is automatically a member of the organization whose\n credentials made the request. This is an asynchronous request that Amazon Web Services performs in the\n background. Because CreateAccount operates asynchronously, it can return a\n successful completion message even though account initialization might still be in\n progress. You might need to wait a few minutes before you can successfully access the\n account. To check the status of the request, do one of the following:

    \n
      \n
    • \n

      Use the Id value of the CreateAccountStatus response\n element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation.

      \n
      • \n
    • \n

      Check the CloudTrail log for the CreateAccountResult event. For\n information on using CloudTrail with Organizations, see Logging and monitoring in Organizations in the\n Organizations User Guide.

      \n
      • \n
    \n

    The user who calls the API to create an account must have the\n organizations:CreateAccount permission. If you enabled all features in\n the organization, Organizations creates the required service-linked role named\n AWSServiceRoleForOrganizations. For more information, see Organizations and service-linked roles in the\n Organizations User Guide.

    \n

    If the request includes tags, then the requester must have the\n organizations:TagResource permission.

    \n

    Organizations preconfigures the new member account with a role (named\n OrganizationAccountAccessRole by default) that grants users in the\n management account administrator permissions in the new member account. Principals in\n the management account can assume the role. Organizations clones the company name and address\n information for the new account from the organization's management account.

    \n

    This operation can be called only from the organization's management account.

    \n

    For more information about creating accounts, see Creating\n a member account in your organization in the\n Organizations User Guide.

    \n \n
      \n
    • \n

      When you create an account in an organization using the Organizations console,\n API, or CLI commands, the information required for the account to operate\n as a standalone account, such as a payment method is not automatically\n collected. If you must remove an account from your organization later, you\n can do so only after you provide the missing information. For more\n information, see Considerations before removing an account from an organization\n in the Organizations User Guide.

      \n
      • \n
    • \n

      If you get an exception that indicates that you exceeded your account\n limits for the organization, contact Amazon Web Services Support.

      \n
      • \n
    • \n

      If you get an exception that indicates that the operation failed because\n your organization is still initializing, wait one hour and then try again.\n If the error persists, contact Amazon Web Services Support.

      \n
      • \n
    • \n

      Using CreateAccount to create multiple temporary accounts\n isn't recommended. You can only close an account from the Billing and Cost Management console, and\n you must be signed in as the root user. For information on the requirements\n and process for closing an account, see Closing a member\n account in your organization in the\n Organizations User Guide.

      \n
      • \n
    \n     \n \n

    When you create a member account with this operation, you can choose whether to\n create the account with the IAM User and Role Access to\n Billing Information switch enabled. If you enable it, IAM users and\n roles that have appropriate permissions can view billing information for the\n account. If you disable it, only the account root user can access billing\n information. For information about how to disable this switch for an account, see\n Granting access to\n your billing information and tools.

    \n     ", + "smithy.api#documentation": "

    Creates an Amazon Web Services account that is automatically a member of the organization whose\n credentials made the request. This is an asynchronous request that Amazon Web Services performs in the\n background. Because CreateAccount operates asynchronously, it can return a\n successful completion message even though account initialization might still be in\n progress. You might need to wait a few minutes before you can successfully access the\n account. To check the status of the request, do one of the following:

    \n
      \n
    • \n

      Use the Id value of the CreateAccountStatus response\n element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation.

      \n
      • \n
    • \n

      Check the CloudTrail log for the CreateAccountResult event. For\n information on using CloudTrail with Organizations, see Logging and monitoring in Organizations in the\n Organizations User Guide.

      \n
      • \n
    \n

    The user who calls the API to create an account must have the\n organizations:CreateAccount permission. If you enabled all features in\n the organization, Organizations creates the required service-linked role named\n AWSServiceRoleForOrganizations. For more information, see Organizations and service-linked roles in the\n Organizations User Guide.

    \n

    If the request includes tags, then the requester must have the\n organizations:TagResource permission.

    \n

    Organizations preconfigures the new member account with a role (named\n OrganizationAccountAccessRole by default) that grants users in the\n management account administrator permissions in the new member account. Principals in\n the management account can assume the role. Organizations clones the company name and address\n information for the new account from the organization's management account.

    \n

    This operation can be called only from the organization's management account.

    \n

    For more information about creating accounts, see Creating\n a member account in your organization in the\n Organizations User Guide.

    \n \n
      \n
    • \n

      When you create an account in an organization using the Organizations console,\n API, or CLI commands, the information required for the account to operate\n as a standalone account, such as a payment method is not automatically\n collected. If you must remove an account from your organization later, you\n can do so only after you provide the missing information. For more\n information, see Considerations before removing an account from an organization\n in the Organizations User Guide.

      \n
      • \n
    • \n

      If you get an exception that indicates that you exceeded your account\n limits for the organization, contact Amazon Web Services Support.

      \n
      • \n
    • \n

      If you get an exception that indicates that the operation failed because\n your organization is still initializing, wait one hour and then try again.\n If the error persists, contact Amazon Web Services Support.

      \n
      • \n
    • \n

      It isn't recommended to use CreateAccount to create multiple temporary accounts, and using \n the CreateAccount API to close accounts is subject to a 30-day usage quota. For information on the requirements\n and process for closing an account, see Closing a member\n account in your organization in the\n Organizations User Guide.

      \n
      • \n
    \n     \n \n

    When you create a member account with this operation, you can choose whether to\n create the account with the IAM User and Role Access to\n Billing Information switch enabled. If you enable it, IAM users and\n roles that have appropriate permissions can view billing information for the\n account. If you disable it, only the account root user can access billing\n information. For information about how to disable this switch for an account, see\n Granting access to\n your billing information and tools.

    \n     ", "smithy.api#examples": [ { "title": "To create a new account that is automatically part of the organization", @@ -4032,7 +4032,7 @@ "Organization": { "target": "com.amazonaws.organizations#Organization", "traits": { - "smithy.api#documentation": "

    A structure that contains information about the organization.

    \n \n

    The AvailablePolicyTypes part of the response is deprecated, and you\n shouldn't use it in your apps. It doesn't include any policy type supported by Organizations\n other than SCPs. To determine which policy types are enabled in your organization,\n use the \n ListRoots\n operation.

    \n     " + "smithy.api#documentation": "

    A structure that contains information about the organization.

    \n \n

    The AvailablePolicyTypes part of the response is deprecated, and you\n shouldn't use it in your apps. It doesn't include any policy type supported by Organizations\n other than SCPs. In the China (Ningxia) Region, no policy type is included.\n To determine which policy types are enabled in your organization,\n use the \n ListRoots\n operation.

    \n     " } } }, @@ -4073,7 +4073,7 @@ "smithy.api#examples": [ { "title": "To get information about an organizational unit", - "documentation": "The following example shows how to request details about an OU:/n/n", + "documentation": "The following example shows how to request details about an OU:", "input": { "OrganizationalUnitId": "ou-examplerootid111-exampleouid111" }, @@ -4679,7 +4679,7 @@ } ], "traits": { - "smithy.api#documentation": "

    Enables the integration of an Amazon Web Services service (the service that is specified by\n ServicePrincipal) with Organizations. When you enable integration, you allow\n the specified service to create a service-linked role in\n all the accounts in your organization. This allows the service to perform operations on\n your behalf in your organization and its accounts.

    \n \n

    We recommend that you enable integration between Organizations and the specified Amazon Web Services\n service by using the console or commands that are provided by the specified service.\n Doing so ensures that the service is aware that it can create the resources that are\n required for the integration. How the service creates those resources in the\n organization's accounts depends on that service. For more information, see the\n documentation for the other Amazon Web Services service.

    \n     \n

    For more information about enabling services to integrate with Organizations, see Using\n Organizations with other Amazon Web Services services in the\n Organizations User Guide.

    \n

    You can only call this operation from the organization's management account and only\n if the organization has enabled all\n features.

    " + "smithy.api#documentation": "

    Provides an Amazon Web Services service (the service that is specified by\n ServicePrincipal) with permissions to view the structure of an organization, \n create a service-linked role in all the accounts in the organization,\n and allow the service to perform operations\n on behalf of the organization and its accounts. Establishing these permissions can be a first step\n in enabling the integration of an Amazon Web Services service with Organizations.

    \n \n

    We recommend that you enable integration between Organizations and the specified Amazon Web Services\n service by using the console or commands that are provided by the specified service.\n Doing so ensures that the service is aware that it can create the resources that are\n required for the integration. How the service creates those resources in the\n organization's accounts depends on that service. For more information, see the\n documentation for the other Amazon Web Services service.

    \n     \n

    For more information about enabling services to integrate with Organizations, see Using\n Organizations with other Amazon Web Services services in the\n Organizations User Guide.

    \n

    You can only call this operation from the organization's management account and only\n if the organization has enabled all\n features.

    " } }, "com.amazonaws.organizations#EnableAWSServiceAccessRequest": { @@ -5753,7 +5753,7 @@ } ], "traits": { - "smithy.api#documentation": "

    Removes a member account from its parent organization. This version of the operation\n is performed by the account that wants to leave. To remove a member account as a user in\n the management account, use RemoveAccountFromOrganization\n instead.

    \n

    This operation can be called only from a member account in the organization.

    \n \n
      \n
    • \n

      The management account in an organization with all features enabled can\n set service control policies (SCPs) that can restrict what administrators of\n member accounts can do. This includes preventing them from successfully\n calling LeaveOrganization and leaving the organization.

      \n
      • \n
    • \n

      You can leave an organization as a member account only if the account is\n configured with the information required to operate as a standalone account.\n When you create an account in an organization using the Organizations console,\n API, or CLI commands, the information required of standalone accounts is\n not automatically collected. For each account that\n you want to make standalone, you must perform the following steps. If any of\n the steps are already completed for this account, that step doesn't\n appear.

      \n
        \n
      • \n

        Choose a support plan

        \n
        • \n
      • \n

        Provide and verify the required contact information

        \n
        • \n
      • \n

        Provide a current payment method

        \n
        • \n
      \n

      Amazon Web Services uses the payment method to charge for any billable (not free tier)\n Amazon Web Services activity that occurs while the account isn't attached to an\n organization. For more information, see Considerations before removing an account from an organization\n in the Organizations User Guide.

      \n
      • \n
    • \n

      The account that you want to leave must not be a delegated administrator\n account for any Amazon Web Services service enabled for your organization. If the account\n is a delegated administrator, you must first change the delegated\n administrator account to another account that is remaining in the\n organization.

      \n
      • \n
    • \n

      You can leave an organization only after you enable IAM user access to\n billing in your account. For more information, see About IAM access to the Billing and Cost Management console in the\n Amazon Web Services Billing and Cost Management User Guide.

      \n
      • \n
    • \n

      After the account leaves the organization, all tags that were attached to\n the account object in the organization are deleted. Amazon Web Services accounts outside\n of an organization do not support tags.

      \n
      • \n
    • \n

      A newly created account has a waiting period before it can be removed from\n its organization. If you get an error that indicates that a wait period is\n required, then try again in a few days.

      \n
      • \n
    • \n

      If you are using an organization principal to call\n LeaveOrganization across multiple accounts, you can only do\n this up to 5 accounts per second in a single organization.

      \n
      • \n
    \n     ", + "smithy.api#documentation": "

    Removes a member account from its parent organization. This version of the operation\n is performed by the account that wants to leave. To remove a member account as a user in\n the management account, use RemoveAccountFromOrganization\n instead.

    \n

    This operation can be called only from a member account in the organization.

    \n \n
      \n
    • \n

      The management account in an organization with all features enabled can\n set service control policies (SCPs) that can restrict what administrators of\n member accounts can do. This includes preventing them from successfully\n calling LeaveOrganization and leaving the organization.

      \n
      • \n
    • \n

      You can leave an organization as a member account only if the account is\n configured with the information required to operate as a standalone account.\n When you create an account in an organization using the Organizations console,\n API, or CLI commands, the information required of standalone accounts is\n not automatically collected. For each account that\n you want to make standalone, you must perform the following steps. If any of\n the steps are already completed for this account, that step doesn't\n appear.

      \n
        \n
      • \n

        Choose a support plan

        \n
        • \n
      • \n

        Provide and verify the required contact information

        \n
        • \n
      • \n

        Provide a current payment method

        \n
        • \n
      \n

      Amazon Web Services uses the payment method to charge for any billable (not free tier)\n Amazon Web Services activity that occurs while the account isn't attached to an\n organization. For more information, see Considerations before removing an account from an organization\n in the Organizations User Guide.

      \n
      • \n
    • \n

      The account that you want to leave must not be a delegated administrator\n account for any Amazon Web Services service enabled for your organization. If the account\n is a delegated administrator, you must first change the delegated\n administrator account to another account that is remaining in the\n organization.

      \n
      • \n
    • \n

      You can leave an organization only after you enable IAM user access to\n billing in your account. For more information, see About IAM access to the Billing and Cost Management console in the\n Amazon Web Services Billing and Cost Management User Guide.

      \n
      • \n
    • \n

      After the account leaves the organization, all tags that were attached to\n the account object in the organization are deleted. Amazon Web Services accounts outside\n of an organization do not support tags.

      \n
      • \n
    • \n

      A newly created account has a waiting period before it can be removed from\n its organization.\n You must wait until at least seven days after the account was created. Invited accounts aren't subject to this waiting period.

      \n
      • \n
    • \n

      If you are using an organization principal to call\n LeaveOrganization across multiple accounts, you can only do\n this up to 5 accounts per second in a single organization.

      \n
      • \n
    \n     ", "smithy.api#examples": [ { "title": "To leave an organization as a member account",