Interface OrganizationsClient
- All Superinterfaces:
AutoCloseable
,AwsClient
,SdkAutoCloseable
,SdkClient
builder()
method.
Organizations is a web service that enables you to consolidate your multiple Amazon Web Services accounts into an organization and centrally manage your accounts and their resources.
This guide provides descriptions of the Organizations operations. For more information about using this service, see the Organizations User Guide.
Support and feedback for Organizations
We welcome your feedback. Send your comments to feedback-awsorganizations@amazon.com or post your feedback and questions in the Organizations support forum. For more information about the Amazon Web Services support forums, see Forums Help.
Endpoint to call When using the CLI or the Amazon Web Services SDK
For the current release of Organizations, specify the us-east-1
region for all Amazon Web Services API
and CLI calls made from the commercial Amazon Web Services Regions outside of China. If calling from one of the
Amazon Web Services Regions in China, then specify cn-northwest-1
. You can do this in the CLI by using
these parameters and commands:
-
Use the following parameter with each command to specify both the endpoint and its region:
--endpoint-url https://organizations.us-east-1.amazonaws.com
(from commercial Amazon Web Services Regions outside of China)or
--endpoint-url https://organizations.cn-northwest-1.amazonaws.com.cn
(from Amazon Web Services Regions in China) -
Use the default endpoint, but configure your default region with this command:
aws configure set default.region us-east-1
(from commercial Amazon Web Services Regions outside of China)or
aws configure set default.region cn-northwest-1
(from Amazon Web Services Regions in China) -
Use the following parameter with each command to specify the endpoint:
--region us-east-1
(from commercial Amazon Web Services Regions outside of China)or
--region cn-northwest-1
(from Amazon Web Services Regions in China)
Recording API Requests
Organizations supports CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the Organizations service received, who made the request and when, and so on. For more about Organizations and its support for CloudTrail, see Logging Organizations API calls with CloudTrail in the Organizations User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
Value for looking up the service's metadata from theServiceMetadataProvider
.static final String
-
Method Summary
Modifier and TypeMethodDescriptiondefault AcceptHandshakeResponse
acceptHandshake
(Consumer<AcceptHandshakeRequest.Builder> acceptHandshakeRequest) Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request.default AcceptHandshakeResponse
acceptHandshake
(AcceptHandshakeRequest acceptHandshakeRequest) Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request.default AttachPolicyResponse
attachPolicy
(Consumer<AttachPolicyRequest.Builder> attachPolicyRequest) Attaches a policy to a root, an organizational unit (OU), or an individual account.default AttachPolicyResponse
attachPolicy
(AttachPolicyRequest attachPolicyRequest) Attaches a policy to a root, an organizational unit (OU), or an individual account.static OrganizationsClientBuilder
builder()
Create a builder that can be used to configure and create aOrganizationsClient
.default CancelHandshakeResponse
cancelHandshake
(Consumer<CancelHandshakeRequest.Builder> cancelHandshakeRequest) Cancels a handshake.default CancelHandshakeResponse
cancelHandshake
(CancelHandshakeRequest cancelHandshakeRequest) Cancels a handshake.default CloseAccountResponse
closeAccount
(Consumer<CloseAccountRequest.Builder> closeAccountRequest) Closes an Amazon Web Services member account within an organization.default CloseAccountResponse
closeAccount
(CloseAccountRequest closeAccountRequest) Closes an Amazon Web Services member account within an organization.static OrganizationsClient
create()
Create aOrganizationsClient
with the region loaded from theDefaultAwsRegionProviderChain
and credentials loaded from theDefaultCredentialsProvider
.default CreateAccountResponse
createAccount
(Consumer<CreateAccountRequest.Builder> createAccountRequest) Creates an Amazon Web Services account that is automatically a member of the organization whose credentials made the request.default CreateAccountResponse
createAccount
(CreateAccountRequest createAccountRequest) Creates an Amazon Web Services account that is automatically a member of the organization whose credentials made the request.default CreateGovCloudAccountResponse
createGovCloudAccount
(Consumer<CreateGovCloudAccountRequest.Builder> createGovCloudAccountRequest) This action is available if all of the following are true:default CreateGovCloudAccountResponse
createGovCloudAccount
(CreateGovCloudAccountRequest createGovCloudAccountRequest) This action is available if all of the following are true:default CreateOrganizationResponse
Creates an Amazon Web Services organization.default CreateOrganizationResponse
createOrganization
(Consumer<CreateOrganizationRequest.Builder> createOrganizationRequest) Creates an Amazon Web Services organization.default CreateOrganizationResponse
createOrganization
(CreateOrganizationRequest createOrganizationRequest) Creates an Amazon Web Services organization.default CreateOrganizationalUnitResponse
createOrganizationalUnit
(Consumer<CreateOrganizationalUnitRequest.Builder> createOrganizationalUnitRequest) Creates an organizational unit (OU) within a root or parent OU.default CreateOrganizationalUnitResponse
createOrganizationalUnit
(CreateOrganizationalUnitRequest createOrganizationalUnitRequest) Creates an organizational unit (OU) within a root or parent OU.default CreatePolicyResponse
createPolicy
(Consumer<CreatePolicyRequest.Builder> createPolicyRequest) Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual Amazon Web Services account.default CreatePolicyResponse
createPolicy
(CreatePolicyRequest createPolicyRequest) Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual Amazon Web Services account.default DeclineHandshakeResponse
declineHandshake
(Consumer<DeclineHandshakeRequest.Builder> declineHandshakeRequest) Declines a handshake request.default DeclineHandshakeResponse
declineHandshake
(DeclineHandshakeRequest declineHandshakeRequest) Declines a handshake request.default DeleteOrganizationResponse
Deletes the organization.default DeleteOrganizationResponse
deleteOrganization
(Consumer<DeleteOrganizationRequest.Builder> deleteOrganizationRequest) Deletes the organization.default DeleteOrganizationResponse
deleteOrganization
(DeleteOrganizationRequest deleteOrganizationRequest) Deletes the organization.default DeleteOrganizationalUnitResponse
deleteOrganizationalUnit
(Consumer<DeleteOrganizationalUnitRequest.Builder> deleteOrganizationalUnitRequest) Deletes an organizational unit (OU) from a root or another OU.default DeleteOrganizationalUnitResponse
deleteOrganizationalUnit
(DeleteOrganizationalUnitRequest deleteOrganizationalUnitRequest) Deletes an organizational unit (OU) from a root or another OU.default DeletePolicyResponse
deletePolicy
(Consumer<DeletePolicyRequest.Builder> deletePolicyRequest) Deletes the specified policy from your organization.default DeletePolicyResponse
deletePolicy
(DeletePolicyRequest deletePolicyRequest) Deletes the specified policy from your organization.default DeleteResourcePolicyResponse
deleteResourcePolicy
(Consumer<DeleteResourcePolicyRequest.Builder> deleteResourcePolicyRequest) Deletes the resource policy from your organization.default DeleteResourcePolicyResponse
deleteResourcePolicy
(DeleteResourcePolicyRequest deleteResourcePolicyRequest) Deletes the resource policy from your organization.deregisterDelegatedAdministrator
(Consumer<DeregisterDelegatedAdministratorRequest.Builder> deregisterDelegatedAdministratorRequest) Removes the specified member Amazon Web Services account as a delegated administrator for the specified Amazon Web Services service.deregisterDelegatedAdministrator
(DeregisterDelegatedAdministratorRequest deregisterDelegatedAdministratorRequest) Removes the specified member Amazon Web Services account as a delegated administrator for the specified Amazon Web Services service.default DescribeAccountResponse
describeAccount
(Consumer<DescribeAccountRequest.Builder> describeAccountRequest) Retrieves Organizations-related information about the specified account.default DescribeAccountResponse
describeAccount
(DescribeAccountRequest describeAccountRequest) Retrieves Organizations-related information about the specified account.describeCreateAccountStatus
(Consumer<DescribeCreateAccountStatusRequest.Builder> describeCreateAccountStatusRequest) Retrieves the current status of an asynchronous request to create an account.describeCreateAccountStatus
(DescribeCreateAccountStatusRequest describeCreateAccountStatusRequest) Retrieves the current status of an asynchronous request to create an account.default DescribeEffectivePolicyResponse
describeEffectivePolicy
(Consumer<DescribeEffectivePolicyRequest.Builder> describeEffectivePolicyRequest) Returns the contents of the effective policy for specified policy type and account.default DescribeEffectivePolicyResponse
describeEffectivePolicy
(DescribeEffectivePolicyRequest describeEffectivePolicyRequest) Returns the contents of the effective policy for specified policy type and account.default DescribeHandshakeResponse
describeHandshake
(Consumer<DescribeHandshakeRequest.Builder> describeHandshakeRequest) Retrieves information about a previously requested handshake.default DescribeHandshakeResponse
describeHandshake
(DescribeHandshakeRequest describeHandshakeRequest) Retrieves information about a previously requested handshake.default DescribeOrganizationResponse
Retrieves information about the organization that the user's account belongs to.default DescribeOrganizationResponse
describeOrganization
(Consumer<DescribeOrganizationRequest.Builder> describeOrganizationRequest) Retrieves information about the organization that the user's account belongs to.default DescribeOrganizationResponse
describeOrganization
(DescribeOrganizationRequest describeOrganizationRequest) Retrieves information about the organization that the user's account belongs to.describeOrganizationalUnit
(Consumer<DescribeOrganizationalUnitRequest.Builder> describeOrganizationalUnitRequest) Retrieves information about an organizational unit (OU).describeOrganizationalUnit
(DescribeOrganizationalUnitRequest describeOrganizationalUnitRequest) Retrieves information about an organizational unit (OU).default DescribePolicyResponse
describePolicy
(Consumer<DescribePolicyRequest.Builder> describePolicyRequest) Retrieves information about a policy.default DescribePolicyResponse
describePolicy
(DescribePolicyRequest describePolicyRequest) Retrieves information about a policy.default DescribeResourcePolicyResponse
describeResourcePolicy
(Consumer<DescribeResourcePolicyRequest.Builder> describeResourcePolicyRequest) Retrieves information about a resource policy.default DescribeResourcePolicyResponse
describeResourcePolicy
(DescribeResourcePolicyRequest describeResourcePolicyRequest) Retrieves information about a resource policy.default DetachPolicyResponse
detachPolicy
(Consumer<DetachPolicyRequest.Builder> detachPolicyRequest) Detaches a policy from a target root, organizational unit (OU), or account.default DetachPolicyResponse
detachPolicy
(DetachPolicyRequest detachPolicyRequest) Detaches a policy from a target root, organizational unit (OU), or account.default DisableAwsServiceAccessResponse
disableAWSServiceAccess
(Consumer<DisableAwsServiceAccessRequest.Builder> disableAwsServiceAccessRequest) Disables the integration of an Amazon Web Services service (the service that is specified byServicePrincipal
) with Organizations.default DisableAwsServiceAccessResponse
disableAWSServiceAccess
(DisableAwsServiceAccessRequest disableAwsServiceAccessRequest) Disables the integration of an Amazon Web Services service (the service that is specified byServicePrincipal
) with Organizations.default DisablePolicyTypeResponse
disablePolicyType
(Consumer<DisablePolicyTypeRequest.Builder> disablePolicyTypeRequest) Disables an organizational policy type in a root.default DisablePolicyTypeResponse
disablePolicyType
(DisablePolicyTypeRequest disablePolicyTypeRequest) Disables an organizational policy type in a root.default EnableAllFeaturesResponse
Enables all features in an organization.default EnableAllFeaturesResponse
enableAllFeatures
(Consumer<EnableAllFeaturesRequest.Builder> enableAllFeaturesRequest) Enables all features in an organization.default EnableAllFeaturesResponse
enableAllFeatures
(EnableAllFeaturesRequest enableAllFeaturesRequest) Enables all features in an organization.default EnableAwsServiceAccessResponse
enableAWSServiceAccess
(Consumer<EnableAwsServiceAccessRequest.Builder> enableAwsServiceAccessRequest) Enables the integration of an Amazon Web Services service (the service that is specified byServicePrincipal
) with Organizations.default EnableAwsServiceAccessResponse
enableAWSServiceAccess
(EnableAwsServiceAccessRequest enableAwsServiceAccessRequest) Enables the integration of an Amazon Web Services service (the service that is specified byServicePrincipal
) with Organizations.default EnablePolicyTypeResponse
enablePolicyType
(Consumer<EnablePolicyTypeRequest.Builder> enablePolicyTypeRequest) Enables a policy type in a root.default EnablePolicyTypeResponse
enablePolicyType
(EnablePolicyTypeRequest enablePolicyTypeRequest) Enables a policy type in a root.inviteAccountToOrganization
(Consumer<InviteAccountToOrganizationRequest.Builder> inviteAccountToOrganizationRequest) Sends an invitation to another account to join your organization as a member account.inviteAccountToOrganization
(InviteAccountToOrganizationRequest inviteAccountToOrganizationRequest) Sends an invitation to another account to join your organization as a member account.default LeaveOrganizationResponse
Removes a member account from its parent organization.default LeaveOrganizationResponse
leaveOrganization
(Consumer<LeaveOrganizationRequest.Builder> leaveOrganizationRequest) Removes a member account from its parent organization.default LeaveOrganizationResponse
leaveOrganization
(LeaveOrganizationRequest leaveOrganizationRequest) Removes a member account from its parent organization.default ListAccountsResponse
Lists all the accounts in the organization.default ListAccountsResponse
listAccounts
(Consumer<ListAccountsRequest.Builder> listAccountsRequest) Lists all the accounts in the organization.default ListAccountsResponse
listAccounts
(ListAccountsRequest listAccountsRequest) Lists all the accounts in the organization.default ListAccountsForParentResponse
listAccountsForParent
(Consumer<ListAccountsForParentRequest.Builder> listAccountsForParentRequest) Lists the accounts in an organization that are contained by the specified target root or organizational unit (OU).default ListAccountsForParentResponse
listAccountsForParent
(ListAccountsForParentRequest listAccountsForParentRequest) Lists the accounts in an organization that are contained by the specified target root or organizational unit (OU).default ListAccountsForParentIterable
listAccountsForParentPaginator
(Consumer<ListAccountsForParentRequest.Builder> listAccountsForParentRequest) This is a variant oflistAccountsForParent(software.amazon.awssdk.services.organizations.model.ListAccountsForParentRequest)
operation.default ListAccountsForParentIterable
listAccountsForParentPaginator
(ListAccountsForParentRequest listAccountsForParentRequest) This is a variant oflistAccountsForParent(software.amazon.awssdk.services.organizations.model.ListAccountsForParentRequest)
operation.default ListAccountsIterable
This is a variant oflistAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)
operation.default ListAccountsIterable
listAccountsPaginator
(Consumer<ListAccountsRequest.Builder> listAccountsRequest) This is a variant oflistAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)
operation.default ListAccountsIterable
listAccountsPaginator
(ListAccountsRequest listAccountsRequest) This is a variant oflistAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)
operation.Returns a list of the Amazon Web Services services that you enabled to integrate with your organization.listAWSServiceAccessForOrganization
(Consumer<ListAwsServiceAccessForOrganizationRequest.Builder> listAwsServiceAccessForOrganizationRequest) Returns a list of the Amazon Web Services services that you enabled to integrate with your organization.listAWSServiceAccessForOrganization
(ListAwsServiceAccessForOrganizationRequest listAwsServiceAccessForOrganizationRequest) Returns a list of the Amazon Web Services services that you enabled to integrate with your organization.listAWSServiceAccessForOrganizationPaginator
(Consumer<ListAwsServiceAccessForOrganizationRequest.Builder> listAwsServiceAccessForOrganizationRequest) listAWSServiceAccessForOrganizationPaginator
(ListAwsServiceAccessForOrganizationRequest listAwsServiceAccessForOrganizationRequest) default ListChildrenResponse
listChildren
(Consumer<ListChildrenRequest.Builder> listChildrenRequest) Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root.default ListChildrenResponse
listChildren
(ListChildrenRequest listChildrenRequest) Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root.default ListChildrenIterable
listChildrenPaginator
(Consumer<ListChildrenRequest.Builder> listChildrenRequest) This is a variant oflistChildren(software.amazon.awssdk.services.organizations.model.ListChildrenRequest)
operation.default ListChildrenIterable
listChildrenPaginator
(ListChildrenRequest listChildrenRequest) This is a variant oflistChildren(software.amazon.awssdk.services.organizations.model.ListChildrenRequest)
operation.default ListCreateAccountStatusResponse
Lists the account creation requests that match the specified status that is currently being tracked for the organization.default ListCreateAccountStatusResponse
listCreateAccountStatus
(Consumer<ListCreateAccountStatusRequest.Builder> listCreateAccountStatusRequest) Lists the account creation requests that match the specified status that is currently being tracked for the organization.default ListCreateAccountStatusResponse
listCreateAccountStatus
(ListCreateAccountStatusRequest listCreateAccountStatusRequest) Lists the account creation requests that match the specified status that is currently being tracked for the organization.default ListCreateAccountStatusIterable
This is a variant oflistCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)
operation.default ListCreateAccountStatusIterable
listCreateAccountStatusPaginator
(Consumer<ListCreateAccountStatusRequest.Builder> listCreateAccountStatusRequest) This is a variant oflistCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)
operation.default ListCreateAccountStatusIterable
listCreateAccountStatusPaginator
(ListCreateAccountStatusRequest listCreateAccountStatusRequest) This is a variant oflistCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)
operation.listDelegatedAdministrators
(Consumer<ListDelegatedAdministratorsRequest.Builder> listDelegatedAdministratorsRequest) Lists the Amazon Web Services accounts that are designated as delegated administrators in this organization.listDelegatedAdministrators
(ListDelegatedAdministratorsRequest listDelegatedAdministratorsRequest) Lists the Amazon Web Services accounts that are designated as delegated administrators in this organization.listDelegatedAdministratorsPaginator
(Consumer<ListDelegatedAdministratorsRequest.Builder> listDelegatedAdministratorsRequest) This is a variant oflistDelegatedAdministrators(software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsRequest)
operation.listDelegatedAdministratorsPaginator
(ListDelegatedAdministratorsRequest listDelegatedAdministratorsRequest) This is a variant oflistDelegatedAdministrators(software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsRequest)
operation.listDelegatedServicesForAccount
(Consumer<ListDelegatedServicesForAccountRequest.Builder> listDelegatedServicesForAccountRequest) List the Amazon Web Services services for which the specified account is a delegated administrator.listDelegatedServicesForAccount
(ListDelegatedServicesForAccountRequest listDelegatedServicesForAccountRequest) List the Amazon Web Services services for which the specified account is a delegated administrator.listDelegatedServicesForAccountPaginator
(Consumer<ListDelegatedServicesForAccountRequest.Builder> listDelegatedServicesForAccountRequest) This is a variant oflistDelegatedServicesForAccount(software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountRequest)
operation.listDelegatedServicesForAccountPaginator
(ListDelegatedServicesForAccountRequest listDelegatedServicesForAccountRequest) This is a variant oflistDelegatedServicesForAccount(software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountRequest)
operation.default ListHandshakesForAccountResponse
Lists the current handshakes that are associated with the account of the requesting user.default ListHandshakesForAccountResponse
listHandshakesForAccount
(Consumer<ListHandshakesForAccountRequest.Builder> listHandshakesForAccountRequest) Lists the current handshakes that are associated with the account of the requesting user.default ListHandshakesForAccountResponse
listHandshakesForAccount
(ListHandshakesForAccountRequest listHandshakesForAccountRequest) Lists the current handshakes that are associated with the account of the requesting user.default ListHandshakesForAccountIterable
This is a variant oflistHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)
operation.default ListHandshakesForAccountIterable
listHandshakesForAccountPaginator
(Consumer<ListHandshakesForAccountRequest.Builder> listHandshakesForAccountRequest) This is a variant oflistHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)
operation.default ListHandshakesForAccountIterable
listHandshakesForAccountPaginator
(ListHandshakesForAccountRequest listHandshakesForAccountRequest) This is a variant oflistHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)
operation.Lists the handshakes that are associated with the organization that the requesting user is part of.listHandshakesForOrganization
(Consumer<ListHandshakesForOrganizationRequest.Builder> listHandshakesForOrganizationRequest) Lists the handshakes that are associated with the organization that the requesting user is part of.listHandshakesForOrganization
(ListHandshakesForOrganizationRequest listHandshakesForOrganizationRequest) Lists the handshakes that are associated with the organization that the requesting user is part of.This is a variant oflistHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)
operation.listHandshakesForOrganizationPaginator
(Consumer<ListHandshakesForOrganizationRequest.Builder> listHandshakesForOrganizationRequest) This is a variant oflistHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)
operation.listHandshakesForOrganizationPaginator
(ListHandshakesForOrganizationRequest listHandshakesForOrganizationRequest) This is a variant oflistHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)
operation.listOrganizationalUnitsForParent
(Consumer<ListOrganizationalUnitsForParentRequest.Builder> listOrganizationalUnitsForParentRequest) Lists the organizational units (OUs) in a parent organizational unit or root.listOrganizationalUnitsForParent
(ListOrganizationalUnitsForParentRequest listOrganizationalUnitsForParentRequest) Lists the organizational units (OUs) in a parent organizational unit or root.listOrganizationalUnitsForParentPaginator
(Consumer<ListOrganizationalUnitsForParentRequest.Builder> listOrganizationalUnitsForParentRequest) This is a variant oflistOrganizationalUnitsForParent(software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentRequest)
operation.listOrganizationalUnitsForParentPaginator
(ListOrganizationalUnitsForParentRequest listOrganizationalUnitsForParentRequest) This is a variant oflistOrganizationalUnitsForParent(software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentRequest)
operation.default ListParentsResponse
listParents
(Consumer<ListParentsRequest.Builder> listParentsRequest) Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or account.default ListParentsResponse
listParents
(ListParentsRequest listParentsRequest) Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or account.default ListParentsIterable
listParentsPaginator
(Consumer<ListParentsRequest.Builder> listParentsRequest) This is a variant oflistParents(software.amazon.awssdk.services.organizations.model.ListParentsRequest)
operation.default ListParentsIterable
listParentsPaginator
(ListParentsRequest listParentsRequest) This is a variant oflistParents(software.amazon.awssdk.services.organizations.model.ListParentsRequest)
operation.default ListPoliciesResponse
listPolicies
(Consumer<ListPoliciesRequest.Builder> listPoliciesRequest) Retrieves the list of all policies in an organization of a specified type.default ListPoliciesResponse
listPolicies
(ListPoliciesRequest listPoliciesRequest) Retrieves the list of all policies in an organization of a specified type.default ListPoliciesForTargetResponse
listPoliciesForTarget
(Consumer<ListPoliciesForTargetRequest.Builder> listPoliciesForTargetRequest) Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account.default ListPoliciesForTargetResponse
listPoliciesForTarget
(ListPoliciesForTargetRequest listPoliciesForTargetRequest) Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account.default ListPoliciesForTargetIterable
listPoliciesForTargetPaginator
(Consumer<ListPoliciesForTargetRequest.Builder> listPoliciesForTargetRequest) This is a variant oflistPoliciesForTarget(software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetRequest)
operation.default ListPoliciesForTargetIterable
listPoliciesForTargetPaginator
(ListPoliciesForTargetRequest listPoliciesForTargetRequest) This is a variant oflistPoliciesForTarget(software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetRequest)
operation.default ListPoliciesIterable
listPoliciesPaginator
(Consumer<ListPoliciesRequest.Builder> listPoliciesRequest) This is a variant oflistPolicies(software.amazon.awssdk.services.organizations.model.ListPoliciesRequest)
operation.default ListPoliciesIterable
listPoliciesPaginator
(ListPoliciesRequest listPoliciesRequest) This is a variant oflistPolicies(software.amazon.awssdk.services.organizations.model.ListPoliciesRequest)
operation.default ListRootsResponse
Lists the roots that are defined in the current organization.default ListRootsResponse
listRoots
(Consumer<ListRootsRequest.Builder> listRootsRequest) Lists the roots that are defined in the current organization.default ListRootsResponse
listRoots
(ListRootsRequest listRootsRequest) Lists the roots that are defined in the current organization.default ListRootsIterable
This is a variant oflistRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)
operation.default ListRootsIterable
listRootsPaginator
(Consumer<ListRootsRequest.Builder> listRootsRequest) This is a variant oflistRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)
operation.default ListRootsIterable
listRootsPaginator
(ListRootsRequest listRootsRequest) This is a variant oflistRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)
operation.default ListTagsForResourceResponse
listTagsForResource
(Consumer<ListTagsForResourceRequest.Builder> listTagsForResourceRequest) Lists tags that are attached to the specified resource.default ListTagsForResourceResponse
listTagsForResource
(ListTagsForResourceRequest listTagsForResourceRequest) Lists tags that are attached to the specified resource.default ListTagsForResourceIterable
listTagsForResourcePaginator
(Consumer<ListTagsForResourceRequest.Builder> listTagsForResourceRequest) This is a variant oflistTagsForResource(software.amazon.awssdk.services.organizations.model.ListTagsForResourceRequest)
operation.default ListTagsForResourceIterable
listTagsForResourcePaginator
(ListTagsForResourceRequest listTagsForResourceRequest) This is a variant oflistTagsForResource(software.amazon.awssdk.services.organizations.model.ListTagsForResourceRequest)
operation.default ListTargetsForPolicyResponse
listTargetsForPolicy
(Consumer<ListTargetsForPolicyRequest.Builder> listTargetsForPolicyRequest) Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to.default ListTargetsForPolicyResponse
listTargetsForPolicy
(ListTargetsForPolicyRequest listTargetsForPolicyRequest) Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to.default ListTargetsForPolicyIterable
listTargetsForPolicyPaginator
(Consumer<ListTargetsForPolicyRequest.Builder> listTargetsForPolicyRequest) This is a variant oflistTargetsForPolicy(software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyRequest)
operation.default ListTargetsForPolicyIterable
listTargetsForPolicyPaginator
(ListTargetsForPolicyRequest listTargetsForPolicyRequest) This is a variant oflistTargetsForPolicy(software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyRequest)
operation.default MoveAccountResponse
moveAccount
(Consumer<MoveAccountRequest.Builder> moveAccountRequest) Moves an account from its current source parent root or organizational unit (OU) to the specified destination parent root or OU.default MoveAccountResponse
moveAccount
(MoveAccountRequest moveAccountRequest) Moves an account from its current source parent root or organizational unit (OU) to the specified destination parent root or OU.default PutResourcePolicyResponse
putResourcePolicy
(Consumer<PutResourcePolicyRequest.Builder> putResourcePolicyRequest) Creates or updates a resource policy.default PutResourcePolicyResponse
putResourcePolicy
(PutResourcePolicyRequest putResourcePolicyRequest) Creates or updates a resource policy.registerDelegatedAdministrator
(Consumer<RegisterDelegatedAdministratorRequest.Builder> registerDelegatedAdministratorRequest) Enables the specified member account to administer the Organizations features of the specified Amazon Web Services service.registerDelegatedAdministrator
(RegisterDelegatedAdministratorRequest registerDelegatedAdministratorRequest) Enables the specified member account to administer the Organizations features of the specified Amazon Web Services service.removeAccountFromOrganization
(Consumer<RemoveAccountFromOrganizationRequest.Builder> removeAccountFromOrganizationRequest) Removes the specified account from the organization.removeAccountFromOrganization
(RemoveAccountFromOrganizationRequest removeAccountFromOrganizationRequest) Removes the specified account from the organization.The SDK service client configuration exposes client settings to the user, e.g., ClientOverrideConfigurationstatic ServiceMetadata
default TagResourceResponse
tagResource
(Consumer<TagResourceRequest.Builder> tagResourceRequest) Adds one or more tags to the specified resource.default TagResourceResponse
tagResource
(TagResourceRequest tagResourceRequest) Adds one or more tags to the specified resource.default UntagResourceResponse
untagResource
(Consumer<UntagResourceRequest.Builder> untagResourceRequest) Removes any tags with the specified keys from the specified resource.default UntagResourceResponse
untagResource
(UntagResourceRequest untagResourceRequest) Removes any tags with the specified keys from the specified resource.default UpdateOrganizationalUnitResponse
updateOrganizationalUnit
(Consumer<UpdateOrganizationalUnitRequest.Builder> updateOrganizationalUnitRequest) Renames the specified organizational unit (OU).default UpdateOrganizationalUnitResponse
updateOrganizationalUnit
(UpdateOrganizationalUnitRequest updateOrganizationalUnitRequest) Renames the specified organizational unit (OU).default UpdatePolicyResponse
updatePolicy
(Consumer<UpdatePolicyRequest.Builder> updatePolicyRequest) Updates an existing policy with a new name, description, or content.default UpdatePolicyResponse
updatePolicy
(UpdatePolicyRequest updatePolicyRequest) Updates an existing policy with a new name, description, or content.Methods inherited from interface software.amazon.awssdk.utils.SdkAutoCloseable
close
Methods inherited from interface software.amazon.awssdk.core.SdkClient
serviceName
-
Field Details
-
SERVICE_NAME
- See Also:
-
SERVICE_METADATA_ID
Value for looking up the service's metadata from theServiceMetadataProvider
.- See Also:
-
-
Method Details
-
acceptHandshake
default AcceptHandshakeResponse acceptHandshake(AcceptHandshakeRequest acceptHandshakeRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, HandshakeConstraintViolationException, HandshakeNotFoundException, InvalidHandshakeTransitionException, HandshakeAlreadyInStateException, InvalidInputException, ConcurrentModificationException, ServiceException, TooManyRequestsException, AccessDeniedForDependencyException, AwsServiceException, SdkClientException, OrganizationsException Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request.
You can only call this operation by the following principals when they also have the relevant IAM permissions:
-
Invitation to join or Approve all features request handshakes: only a principal from the member account.
The user who calls the API for an invitation to join must have the
organizations:AcceptHandshake
permission. If you enabled all features in the organization, the user must also have theiam:CreateServiceLinkedRole
permission so that Organizations can create the required service-linked role namedAWSServiceRoleForOrganizations
. For more information, see Organizations and service-linked roles in the Organizations User Guide. -
Enable all features final confirmation handshake: only a principal from the management account.
For more information about invitations, see Inviting an Amazon Web Services account to join your organization in the Organizations User Guide. For more information about requests to enable all features in the organization, see Enabling all features in your organization in the Organizations User Guide.
After you accept a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
- Parameters:
acceptHandshakeRequest
-- Returns:
- Result of the AcceptHandshake operation returned by the service.
- See Also:
-
-
acceptHandshake
default AcceptHandshakeResponse acceptHandshake(Consumer<AcceptHandshakeRequest.Builder> acceptHandshakeRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, HandshakeConstraintViolationException, HandshakeNotFoundException, InvalidHandshakeTransitionException, HandshakeAlreadyInStateException, InvalidInputException, ConcurrentModificationException, ServiceException, TooManyRequestsException, AccessDeniedForDependencyException, AwsServiceException, SdkClientException, OrganizationsException Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request.
You can only call this operation by the following principals when they also have the relevant IAM permissions:
-
Invitation to join or Approve all features request handshakes: only a principal from the member account.
The user who calls the API for an invitation to join must have the
organizations:AcceptHandshake
permission. If you enabled all features in the organization, the user must also have theiam:CreateServiceLinkedRole
permission so that Organizations can create the required service-linked role namedAWSServiceRoleForOrganizations
. For more information, see Organizations and service-linked roles in the Organizations User Guide. -
Enable all features final confirmation handshake: only a principal from the management account.
For more information about invitations, see Inviting an Amazon Web Services account to join your organization in the Organizations User Guide. For more information about requests to enable all features in the organization, see Enabling all features in your organization in the Organizations User Guide.
After you accept a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
This is a convenience which creates an instance of the
AcceptHandshakeRequest.Builder
avoiding the need to create one manually viaAcceptHandshakeRequest.builder()
- Parameters:
acceptHandshakeRequest
- AConsumer
that will call methods onAcceptHandshakeRequest.Builder
to create a request.- Returns:
- Result of the AcceptHandshake operation returned by the service.
- See Also:
-
-
attachPolicy
default AttachPolicyResponse attachPolicy(AttachPolicyRequest attachPolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, DuplicatePolicyAttachmentException, InvalidInputException, PolicyNotFoundException, PolicyTypeNotEnabledException, ServiceException, TargetNotFoundException, TooManyRequestsException, UnsupportedApiEndpointException, PolicyChangesInProgressException, AwsServiceException, SdkClientException, OrganizationsException Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
attachPolicyRequest
-- Returns:
- Result of the AttachPolicy operation returned by the service.
- See Also:
-
attachPolicy
default AttachPolicyResponse attachPolicy(Consumer<AttachPolicyRequest.Builder> attachPolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, DuplicatePolicyAttachmentException, InvalidInputException, PolicyNotFoundException, PolicyTypeNotEnabledException, ServiceException, TargetNotFoundException, TooManyRequestsException, UnsupportedApiEndpointException, PolicyChangesInProgressException, AwsServiceException, SdkClientException, OrganizationsException Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
AttachPolicyRequest.Builder
avoiding the need to create one manually viaAttachPolicyRequest.builder()
- Parameters:
attachPolicyRequest
- AConsumer
that will call methods onAttachPolicyRequest.Builder
to create a request.- Returns:
- Result of the AttachPolicy operation returned by the service.
- See Also:
-
cancelHandshake
default CancelHandshakeResponse cancelHandshake(CancelHandshakeRequest cancelHandshakeRequest) throws AccessDeniedException, ConcurrentModificationException, HandshakeNotFoundException, InvalidHandshakeTransitionException, HandshakeAlreadyInStateException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Cancels a handshake. Canceling a handshake sets the handshake state to
CANCELED
.This operation can be called only from the account that originated the handshake. The recipient of the handshake can't cancel it, but can use DeclineHandshake instead. After a handshake is canceled, the recipient can no longer respond to that handshake.
After you cancel a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
- Parameters:
cancelHandshakeRequest
-- Returns:
- Result of the CancelHandshake operation returned by the service.
- See Also:
-
cancelHandshake
default CancelHandshakeResponse cancelHandshake(Consumer<CancelHandshakeRequest.Builder> cancelHandshakeRequest) throws AccessDeniedException, ConcurrentModificationException, HandshakeNotFoundException, InvalidHandshakeTransitionException, HandshakeAlreadyInStateException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Cancels a handshake. Canceling a handshake sets the handshake state to
CANCELED
.This operation can be called only from the account that originated the handshake. The recipient of the handshake can't cancel it, but can use DeclineHandshake instead. After a handshake is canceled, the recipient can no longer respond to that handshake.
After you cancel a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
This is a convenience which creates an instance of the
CancelHandshakeRequest.Builder
avoiding the need to create one manually viaCancelHandshakeRequest.builder()
- Parameters:
cancelHandshakeRequest
- AConsumer
that will call methods onCancelHandshakeRequest.Builder
to create a request.- Returns:
- Result of the CancelHandshake operation returned by the service.
- See Also:
-
closeAccount
default CloseAccountResponse closeAccount(CloseAccountRequest closeAccountRequest) throws AccessDeniedException, AccountAlreadyClosedException, AccountNotFoundException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConflictException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Closes an Amazon Web Services member account within an organization. You can close an account when all features are enabled . You can't close the management account with this API. This is an asynchronous request that Amazon Web Services performs in the background. Because
CloseAccount
operates asynchronously, it can return a successful completion message even though account closure might still be in progress. You need to wait a few minutes before the account is fully closed. To check the status of the request, do one of the following:-
Use the
AccountId
that you sent in theCloseAccount
request to provide as a parameter to the DescribeAccount operation.While the close account request is in progress, Account status will indicate PENDING_CLOSURE. When the close account request completes, the status will change to SUSPENDED.
-
Check the CloudTrail log for the
CloseAccountResult
event that gets published after the account closes successfully. For information on using CloudTrail with Organizations, see Logging and monitoring in Organizations in the Organizations User Guide.
-
You can close only 10% of member accounts, between 10 and 1000, within a rolling 30 day period. This quota is not bound by a calendar month, but starts when you close an account. After you reach this limit, you can close additional accounts. For more information, see Closing a member account in your organization and Quotas for Organizationsin the Organizations User Guide.
-
To reinstate a closed account, contact Amazon Web Services Support within the 90-day grace period while the account is in SUSPENDED status.
-
If the Amazon Web Services account you attempt to close is linked to an Amazon Web Services GovCloud (US) account, the
CloseAccount
request will close both accounts. To learn important pre-closure details, see Closing an Amazon Web Services GovCloud (US) account in the Amazon Web Services GovCloud User Guide.
- Parameters:
closeAccountRequest
-- Returns:
- Result of the CloseAccount operation returned by the service.
- See Also:
-
-
closeAccount
default CloseAccountResponse closeAccount(Consumer<CloseAccountRequest.Builder> closeAccountRequest) throws AccessDeniedException, AccountAlreadyClosedException, AccountNotFoundException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConflictException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Closes an Amazon Web Services member account within an organization. You can close an account when all features are enabled . You can't close the management account with this API. This is an asynchronous request that Amazon Web Services performs in the background. Because
CloseAccount
operates asynchronously, it can return a successful completion message even though account closure might still be in progress. You need to wait a few minutes before the account is fully closed. To check the status of the request, do one of the following:-
Use the
AccountId
that you sent in theCloseAccount
request to provide as a parameter to the DescribeAccount operation.While the close account request is in progress, Account status will indicate PENDING_CLOSURE. When the close account request completes, the status will change to SUSPENDED.
-
Check the CloudTrail log for the
CloseAccountResult
event that gets published after the account closes successfully. For information on using CloudTrail with Organizations, see Logging and monitoring in Organizations in the Organizations User Guide.
-
You can close only 10% of member accounts, between 10 and 1000, within a rolling 30 day period. This quota is not bound by a calendar month, but starts when you close an account. After you reach this limit, you can close additional accounts. For more information, see Closing a member account in your organization and Quotas for Organizationsin the Organizations User Guide.
-
To reinstate a closed account, contact Amazon Web Services Support within the 90-day grace period while the account is in SUSPENDED status.
-
If the Amazon Web Services account you attempt to close is linked to an Amazon Web Services GovCloud (US) account, the
CloseAccount
request will close both accounts. To learn important pre-closure details, see Closing an Amazon Web Services GovCloud (US) account in the Amazon Web Services GovCloud User Guide.
This is a convenience which creates an instance of the
CloseAccountRequest.Builder
avoiding the need to create one manually viaCloseAccountRequest.builder()
- Parameters:
closeAccountRequest
- AConsumer
that will call methods onCloseAccountRequest.Builder
to create a request.- Returns:
- Result of the CloseAccount operation returned by the service.
- See Also:
-
-
createAccount
default CreateAccountResponse createAccount(CreateAccountRequest createAccountRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, FinalizingOrganizationException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Creates an Amazon Web Services account that is automatically a member of the organization whose credentials made the request. This is an asynchronous request that Amazon Web Services performs in the background. Because
CreateAccount
operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:-
Use the
Id
value of theCreateAccountStatus
response element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation. -
Check the CloudTrail log for the
CreateAccountResult
event. For information on using CloudTrail with Organizations, see Logging and monitoring in Organizations in the Organizations User Guide.
The user who calls the API to create an account must have the
organizations:CreateAccount
permission. If you enabled all features in the organization, Organizations creates the required service-linked role namedAWSServiceRoleForOrganizations
. For more information, see Organizations and service-linked roles in the Organizations User Guide.If the request includes tags, then the requester must have the
organizations:TagResource
permission.Organizations preconfigures the new member account with a role (named
OrganizationAccountAccessRole
by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. Organizations clones the company name and address information for the new account from the organization's management account.This operation can be called only from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the Organizations User Guide.
-
When you create an account in an organization using the Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account, such as a payment method and signing the end user license agreement (EULA) is not automatically collected. If you must remove an account from your organization later, you can do so only after you provide the missing information. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
-
If you get an exception that indicates that you exceeded your account limits for the organization, contact Amazon Web Services Support.
-
If you get an exception that indicates that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists, contact Amazon Web Services Support.
-
Using
CreateAccount
to create multiple temporary accounts isn't recommended. You can only close an account from the Billing and Cost Management console, and you must be signed in as the root user. For information on the requirements and process for closing an account, see Closing a member account in your organization in the Organizations User Guide.
When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable it, only the account root user can access billing information. For information about how to disable this switch for an account, see Granting access to your billing information and tools.
- Parameters:
createAccountRequest
-- Returns:
- Result of the CreateAccount operation returned by the service.
- See Also:
-
-
createAccount
default CreateAccountResponse createAccount(Consumer<CreateAccountRequest.Builder> createAccountRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, FinalizingOrganizationException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Creates an Amazon Web Services account that is automatically a member of the organization whose credentials made the request. This is an asynchronous request that Amazon Web Services performs in the background. Because
CreateAccount
operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:-
Use the
Id
value of theCreateAccountStatus
response element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation. -
Check the CloudTrail log for the
CreateAccountResult
event. For information on using CloudTrail with Organizations, see Logging and monitoring in Organizations in the Organizations User Guide.
The user who calls the API to create an account must have the
organizations:CreateAccount
permission. If you enabled all features in the organization, Organizations creates the required service-linked role namedAWSServiceRoleForOrganizations
. For more information, see Organizations and service-linked roles in the Organizations User Guide.If the request includes tags, then the requester must have the
organizations:TagResource
permission.Organizations preconfigures the new member account with a role (named
OrganizationAccountAccessRole
by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. Organizations clones the company name and address information for the new account from the organization's management account.This operation can be called only from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the Organizations User Guide.
-
When you create an account in an organization using the Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account, such as a payment method and signing the end user license agreement (EULA) is not automatically collected. If you must remove an account from your organization later, you can do so only after you provide the missing information. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
-
If you get an exception that indicates that you exceeded your account limits for the organization, contact Amazon Web Services Support.
-
If you get an exception that indicates that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists, contact Amazon Web Services Support.
-
Using
CreateAccount
to create multiple temporary accounts isn't recommended. You can only close an account from the Billing and Cost Management console, and you must be signed in as the root user. For information on the requirements and process for closing an account, see Closing a member account in your organization in the Organizations User Guide.
When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable it, only the account root user can access billing information. For information about how to disable this switch for an account, see Granting access to your billing information and tools.
This is a convenience which creates an instance of the
CreateAccountRequest.Builder
avoiding the need to create one manually viaCreateAccountRequest.builder()
- Parameters:
createAccountRequest
- AConsumer
that will call methods onCreateAccountRequest.Builder
to create a request.- Returns:
- Result of the CreateAccount operation returned by the service.
- See Also:
-
-
createGovCloudAccount
default CreateGovCloudAccountResponse createGovCloudAccount(CreateGovCloudAccountRequest createGovCloudAccountRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, FinalizingOrganizationException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This action is available if all of the following are true:
-
You're authorized to create accounts in the Amazon Web Services GovCloud (US) Region. For more information on the Amazon Web Services GovCloud (US) Region, see the Amazon Web Services GovCloud User Guide.
-
You already have an account in the Amazon Web Services GovCloud (US) Region that is paired with a management account of an organization in the commercial Region.
-
You call this action from the management account of your organization in the commercial Region.
-
You have the
organizations:CreateGovCloudAccount
permission.
Organizations automatically creates the required service-linked role named
AWSServiceRoleForOrganizations
. For more information, see Organizations and service-linked roles in the Organizations User Guide.Amazon Web Services automatically enables CloudTrail for Amazon Web Services GovCloud (US) accounts, but you should also do the following:
-
Verify that CloudTrail is enabled to store logs.
-
Create an Amazon S3 bucket for CloudTrail log storage.
For more information, see Verifying CloudTrail Is Enabled in the Amazon Web Services GovCloud User Guide.
If the request includes tags, then the requester must have the
organizations:TagResource
permission. The tags are attached to the commercial account associated with the GovCloud account, rather than the GovCloud account itself. To add tags to the GovCloud account, call the TagResource operation in the GovCloud Region after the new GovCloud account exists.You call this action from the management account of your organization in the commercial Region to create a standalone Amazon Web Services account in the Amazon Web Services GovCloud (US) Region. After the account is created, the management account of an organization in the Amazon Web Services GovCloud (US) Region can invite it to that organization. For more information on inviting standalone accounts in the Amazon Web Services GovCloud (US) to join an organization, see Organizations in the Amazon Web Services GovCloud User Guide.
Calling
CreateGovCloudAccount
is an asynchronous request that Amazon Web Services performs in the background. BecauseCreateGovCloudAccount
operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:-
Use the
OperationId
response element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation. -
Check the CloudTrail log for the
CreateAccountResult
event. For information on using CloudTrail with Organizations, see Logging and monitoring in Organizations in the Organizations User Guide.
When you call the
CreateGovCloudAccount
action, you create two accounts: a standalone account in the Amazon Web Services GovCloud (US) Region and an associated account in the commercial Region for billing and support purposes. The account in the commercial Region is automatically a member of the organization whose credentials made the request. Both accounts are associated with the same email address.A role is created in the new account in the commercial Region that allows the management account in the organization in the commercial Region to assume it. An Amazon Web Services GovCloud (US) account is then created and associated with the commercial account that you just created. A role is also created in the new Amazon Web Services GovCloud (US) account that can be assumed by the Amazon Web Services GovCloud (US) account that is associated with the management account of the commercial organization. For more information and to view a diagram that explains how account access works, see Organizations in the Amazon Web Services GovCloud User Guide.
For more information about creating accounts, see Creating a member account in your organization in the Organizations User Guide.
-
When you create an account in an organization using the Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account is not automatically collected. This includes a payment method and signing the end user license agreement (EULA). If you must remove an account from your organization later, you can do so only after you provide the missing information. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
-
If you get an exception that indicates that you exceeded your account limits for the organization, contact Amazon Web Services Support.
-
If you get an exception that indicates that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists, contact Amazon Web Services Support.
-
Using
CreateGovCloudAccount
to create multiple temporary accounts isn't recommended. You can only close an account from the Amazon Web Services Billing and Cost Management console, and you must be signed in as the root user. For information on the requirements and process for closing an account, see Closing a member account in your organization in the Organizations User Guide.
When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable it, only the account root user can access billing information. For information about how to disable this switch for an account, see Granting access to your billing information and tools.
- Parameters:
createGovCloudAccountRequest
-- Returns:
- Result of the CreateGovCloudAccount operation returned by the service.
- See Also:
-
-
createGovCloudAccount
default CreateGovCloudAccountResponse createGovCloudAccount(Consumer<CreateGovCloudAccountRequest.Builder> createGovCloudAccountRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, FinalizingOrganizationException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This action is available if all of the following are true:
-
You're authorized to create accounts in the Amazon Web Services GovCloud (US) Region. For more information on the Amazon Web Services GovCloud (US) Region, see the Amazon Web Services GovCloud User Guide.
-
You already have an account in the Amazon Web Services GovCloud (US) Region that is paired with a management account of an organization in the commercial Region.
-
You call this action from the management account of your organization in the commercial Region.
-
You have the
organizations:CreateGovCloudAccount
permission.
Organizations automatically creates the required service-linked role named
AWSServiceRoleForOrganizations
. For more information, see Organizations and service-linked roles in the Organizations User Guide.Amazon Web Services automatically enables CloudTrail for Amazon Web Services GovCloud (US) accounts, but you should also do the following:
-
Verify that CloudTrail is enabled to store logs.
-
Create an Amazon S3 bucket for CloudTrail log storage.
For more information, see Verifying CloudTrail Is Enabled in the Amazon Web Services GovCloud User Guide.
If the request includes tags, then the requester must have the
organizations:TagResource
permission. The tags are attached to the commercial account associated with the GovCloud account, rather than the GovCloud account itself. To add tags to the GovCloud account, call the TagResource operation in the GovCloud Region after the new GovCloud account exists.You call this action from the management account of your organization in the commercial Region to create a standalone Amazon Web Services account in the Amazon Web Services GovCloud (US) Region. After the account is created, the management account of an organization in the Amazon Web Services GovCloud (US) Region can invite it to that organization. For more information on inviting standalone accounts in the Amazon Web Services GovCloud (US) to join an organization, see Organizations in the Amazon Web Services GovCloud User Guide.
Calling
CreateGovCloudAccount
is an asynchronous request that Amazon Web Services performs in the background. BecauseCreateGovCloudAccount
operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:-
Use the
OperationId
response element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation. -
Check the CloudTrail log for the
CreateAccountResult
event. For information on using CloudTrail with Organizations, see Logging and monitoring in Organizations in the Organizations User Guide.
When you call the
CreateGovCloudAccount
action, you create two accounts: a standalone account in the Amazon Web Services GovCloud (US) Region and an associated account in the commercial Region for billing and support purposes. The account in the commercial Region is automatically a member of the organization whose credentials made the request. Both accounts are associated with the same email address.A role is created in the new account in the commercial Region that allows the management account in the organization in the commercial Region to assume it. An Amazon Web Services GovCloud (US) account is then created and associated with the commercial account that you just created. A role is also created in the new Amazon Web Services GovCloud (US) account that can be assumed by the Amazon Web Services GovCloud (US) account that is associated with the management account of the commercial organization. For more information and to view a diagram that explains how account access works, see Organizations in the Amazon Web Services GovCloud User Guide.
For more information about creating accounts, see Creating a member account in your organization in the Organizations User Guide.
-
When you create an account in an organization using the Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account is not automatically collected. This includes a payment method and signing the end user license agreement (EULA). If you must remove an account from your organization later, you can do so only after you provide the missing information. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
-
If you get an exception that indicates that you exceeded your account limits for the organization, contact Amazon Web Services Support.
-
If you get an exception that indicates that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists, contact Amazon Web Services Support.
-
Using
CreateGovCloudAccount
to create multiple temporary accounts isn't recommended. You can only close an account from the Amazon Web Services Billing and Cost Management console, and you must be signed in as the root user. For information on the requirements and process for closing an account, see Closing a member account in your organization in the Organizations User Guide.
When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable it, only the account root user can access billing information. For information about how to disable this switch for an account, see Granting access to your billing information and tools.
This is a convenience which creates an instance of the
CreateGovCloudAccountRequest.Builder
avoiding the need to create one manually viaCreateGovCloudAccountRequest.builder()
- Parameters:
createGovCloudAccountRequest
- AConsumer
that will call methods onCreateGovCloudAccountRequest.Builder
to create a request.- Returns:
- Result of the CreateGovCloudAccount operation returned by the service.
- See Also:
-
-
createOrganization
default CreateOrganizationResponse createOrganization(CreateOrganizationRequest createOrganizationRequest) throws AccessDeniedException, AlreadyInOrganizationException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, AccessDeniedForDependencyException, AwsServiceException, SdkClientException, OrganizationsException Creates an Amazon Web Services organization. The account whose user is calling the
CreateOrganization
operation automatically becomes the management account of the new organization.This operation must be called using credentials from the account that is to become the new organization's management account. The principal must also have the relevant IAM permissions.
By default (or if you set the
FeatureSet
parameter toALL
), the new organization is created with all features enabled and service control policies automatically enabled in the root. If you instead choose to create the organization supporting only the consolidated billing features by setting theFeatureSet
parameter toCONSOLIDATED_BILLING
, no policy types are enabled by default and you can't use organization policies.- Parameters:
createOrganizationRequest
-- Returns:
- Result of the CreateOrganization operation returned by the service.
- See Also:
-
createOrganization
default CreateOrganizationResponse createOrganization(Consumer<CreateOrganizationRequest.Builder> createOrganizationRequest) throws AccessDeniedException, AlreadyInOrganizationException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, AccessDeniedForDependencyException, AwsServiceException, SdkClientException, OrganizationsException Creates an Amazon Web Services organization. The account whose user is calling the
CreateOrganization
operation automatically becomes the management account of the new organization.This operation must be called using credentials from the account that is to become the new organization's management account. The principal must also have the relevant IAM permissions.
By default (or if you set the
FeatureSet
parameter toALL
), the new organization is created with all features enabled and service control policies automatically enabled in the root. If you instead choose to create the organization supporting only the consolidated billing features by setting theFeatureSet
parameter toCONSOLIDATED_BILLING
, no policy types are enabled by default and you can't use organization policies.
This is a convenience which creates an instance of the
CreateOrganizationRequest.Builder
avoiding the need to create one manually viaCreateOrganizationRequest.builder()
- Parameters:
createOrganizationRequest
- AConsumer
that will call methods onCreateOrganizationRequest.Builder
to create a request.- Returns:
- Result of the CreateOrganization operation returned by the service.
- See Also:
-
createOrganization
default CreateOrganizationResponse createOrganization() throws AccessDeniedException, AlreadyInOrganizationException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, AccessDeniedForDependencyException, AwsServiceException, SdkClientException, OrganizationsExceptionCreates an Amazon Web Services organization. The account whose user is calling the
CreateOrganization
operation automatically becomes the management account of the new organization.This operation must be called using credentials from the account that is to become the new organization's management account. The principal must also have the relevant IAM permissions.
By default (or if you set the
FeatureSet
parameter toALL
), the new organization is created with all features enabled and service control policies automatically enabled in the root. If you instead choose to create the organization supporting only the consolidated billing features by setting theFeatureSet
parameter toCONSOLIDATED_BILLING
, no policy types are enabled by default and you can't use organization policies.- Returns:
- Result of the CreateOrganization operation returned by the service.
- See Also:
-
createOrganizationalUnit
default CreateOrganizationalUnitResponse createOrganizationalUnit(CreateOrganizationalUnitRequest createOrganizationalUnitRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, DuplicateOrganizationalUnitException, InvalidInputException, ParentNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Creates an organizational unit (OU) within a root or parent OU. An OU is a container for accounts that enables you to organize your accounts to apply policies according to your business requirements. The number of levels deep that you can nest OUs is dependent upon the policy types enabled for that root. For service control policies, the limit is five.
For more information about OUs, see Managing organizational units (OUs) in the Organizations User Guide.
If the request includes tags, then the requester must have the
organizations:TagResource
permission.This operation can be called only from the organization's management account.
- Parameters:
createOrganizationalUnitRequest
-- Returns:
- Result of the CreateOrganizationalUnit operation returned by the service.
- See Also:
-
createOrganizationalUnit
default CreateOrganizationalUnitResponse createOrganizationalUnit(Consumer<CreateOrganizationalUnitRequest.Builder> createOrganizationalUnitRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, DuplicateOrganizationalUnitException, InvalidInputException, ParentNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Creates an organizational unit (OU) within a root or parent OU. An OU is a container for accounts that enables you to organize your accounts to apply policies according to your business requirements. The number of levels deep that you can nest OUs is dependent upon the policy types enabled for that root. For service control policies, the limit is five.
For more information about OUs, see Managing organizational units (OUs) in the Organizations User Guide.
If the request includes tags, then the requester must have the
organizations:TagResource
permission.This operation can be called only from the organization's management account.
This is a convenience which creates an instance of the
CreateOrganizationalUnitRequest.Builder
avoiding the need to create one manually viaCreateOrganizationalUnitRequest.builder()
- Parameters:
createOrganizationalUnitRequest
- AConsumer
that will call methods onCreateOrganizationalUnitRequest.Builder
to create a request.- Returns:
- Result of the CreateOrganizationalUnit operation returned by the service.
- See Also:
-
createPolicy
default CreatePolicyResponse createPolicy(CreatePolicyRequest createPolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, DuplicatePolicyException, InvalidInputException, MalformedPolicyDocumentException, PolicyTypeNotAvailableForOrganizationException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual Amazon Web Services account.
For more information about policies and their use, see Managing Organizations policies.
If the request includes tags, then the requester must have the
organizations:TagResource
permission.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
createPolicyRequest
-- Returns:
- Result of the CreatePolicy operation returned by the service.
- See Also:
-
createPolicy
default CreatePolicyResponse createPolicy(Consumer<CreatePolicyRequest.Builder> createPolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, DuplicatePolicyException, InvalidInputException, MalformedPolicyDocumentException, PolicyTypeNotAvailableForOrganizationException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual Amazon Web Services account.
For more information about policies and their use, see Managing Organizations policies.
If the request includes tags, then the requester must have the
organizations:TagResource
permission.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
CreatePolicyRequest.Builder
avoiding the need to create one manually viaCreatePolicyRequest.builder()
- Parameters:
createPolicyRequest
- AConsumer
that will call methods onCreatePolicyRequest.Builder
to create a request.- Returns:
- Result of the CreatePolicy operation returned by the service.
- See Also:
-
declineHandshake
default DeclineHandshakeResponse declineHandshake(DeclineHandshakeRequest declineHandshakeRequest) throws AccessDeniedException, ConcurrentModificationException, HandshakeNotFoundException, InvalidHandshakeTransitionException, HandshakeAlreadyInStateException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Declines a handshake request. This sets the handshake state to
DECLINED
and effectively deactivates the request.This operation can be called only from the account that received the handshake. The originator of the handshake can use CancelHandshake instead. The originator can't reactivate a declined request, but can reinitiate the process with a new handshake request.
After you decline a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
- Parameters:
declineHandshakeRequest
-- Returns:
- Result of the DeclineHandshake operation returned by the service.
- See Also:
-
declineHandshake
default DeclineHandshakeResponse declineHandshake(Consumer<DeclineHandshakeRequest.Builder> declineHandshakeRequest) throws AccessDeniedException, ConcurrentModificationException, HandshakeNotFoundException, InvalidHandshakeTransitionException, HandshakeAlreadyInStateException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Declines a handshake request. This sets the handshake state to
DECLINED
and effectively deactivates the request.This operation can be called only from the account that received the handshake. The originator of the handshake can use CancelHandshake instead. The originator can't reactivate a declined request, but can reinitiate the process with a new handshake request.
After you decline a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
This is a convenience which creates an instance of the
DeclineHandshakeRequest.Builder
avoiding the need to create one manually viaDeclineHandshakeRequest.builder()
- Parameters:
declineHandshakeRequest
- AConsumer
that will call methods onDeclineHandshakeRequest.Builder
to create a request.- Returns:
- Result of the DeclineHandshake operation returned by the service.
- See Also:
-
deleteOrganization
default DeleteOrganizationResponse deleteOrganization(DeleteOrganizationRequest deleteOrganizationRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, OrganizationNotEmptyException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Deletes the organization. You can delete an organization only by using credentials from the management account. The organization must be empty of member accounts.
- Parameters:
deleteOrganizationRequest
-- Returns:
- Result of the DeleteOrganization operation returned by the service.
- See Also:
-
deleteOrganization
default DeleteOrganizationResponse deleteOrganization(Consumer<DeleteOrganizationRequest.Builder> deleteOrganizationRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, OrganizationNotEmptyException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Deletes the organization. You can delete an organization only by using credentials from the management account. The organization must be empty of member accounts.
This is a convenience which creates an instance of the
DeleteOrganizationRequest.Builder
avoiding the need to create one manually viaDeleteOrganizationRequest.builder()
- Parameters:
deleteOrganizationRequest
- AConsumer
that will call methods onDeleteOrganizationRequest.Builder
to create a request.- Returns:
- Result of the DeleteOrganization operation returned by the service.
- See Also:
-
deleteOrganization
default DeleteOrganizationResponse deleteOrganization() throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, OrganizationNotEmptyException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsExceptionDeletes the organization. You can delete an organization only by using credentials from the management account. The organization must be empty of member accounts.
- Returns:
- Result of the DeleteOrganization operation returned by the service.
- See Also:
-
deleteOrganizationalUnit
default DeleteOrganizationalUnitResponse deleteOrganizationalUnit(DeleteOrganizationalUnitRequest deleteOrganizationalUnitRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, OrganizationalUnitNotEmptyException, OrganizationalUnitNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Deletes an organizational unit (OU) from a root or another OU. You must first remove all accounts and child OUs from the OU that you want to delete.
This operation can be called only from the organization's management account.
- Parameters:
deleteOrganizationalUnitRequest
-- Returns:
- Result of the DeleteOrganizationalUnit operation returned by the service.
- See Also:
-
deleteOrganizationalUnit
default DeleteOrganizationalUnitResponse deleteOrganizationalUnit(Consumer<DeleteOrganizationalUnitRequest.Builder> deleteOrganizationalUnitRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, OrganizationalUnitNotEmptyException, OrganizationalUnitNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Deletes an organizational unit (OU) from a root or another OU. You must first remove all accounts and child OUs from the OU that you want to delete.
This operation can be called only from the organization's management account.
This is a convenience which creates an instance of the
DeleteOrganizationalUnitRequest.Builder
avoiding the need to create one manually viaDeleteOrganizationalUnitRequest.builder()
- Parameters:
deleteOrganizationalUnitRequest
- AConsumer
that will call methods onDeleteOrganizationalUnitRequest.Builder
to create a request.- Returns:
- Result of the DeleteOrganizationalUnit operation returned by the service.
- See Also:
-
deletePolicy
default DeletePolicyResponse deletePolicy(DeletePolicyRequest deletePolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, PolicyInUseException, PolicyNotFoundException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Deletes the specified policy from your organization. Before you perform this operation, you must first detach the policy from all organizational units (OUs), roots, and accounts.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
deletePolicyRequest
-- Returns:
- Result of the DeletePolicy operation returned by the service.
- See Also:
-
deletePolicy
default DeletePolicyResponse deletePolicy(Consumer<DeletePolicyRequest.Builder> deletePolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, PolicyInUseException, PolicyNotFoundException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Deletes the specified policy from your organization. Before you perform this operation, you must first detach the policy from all organizational units (OUs), roots, and accounts.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
DeletePolicyRequest.Builder
avoiding the need to create one manually viaDeletePolicyRequest.builder()
- Parameters:
deletePolicyRequest
- AConsumer
that will call methods onDeletePolicyRequest.Builder
to create a request.- Returns:
- Result of the DeletePolicy operation returned by the service.
- See Also:
-
deleteResourcePolicy
default DeleteResourcePolicyResponse deleteResourcePolicy(DeleteResourcePolicyRequest deleteResourcePolicyRequest) throws AccessDeniedException, ServiceException, UnsupportedApiEndpointException, TooManyRequestsException, ConcurrentModificationException, ConstraintViolationException, AwsOrganizationsNotInUseException, ResourcePolicyNotFoundException, AwsServiceException, SdkClientException, OrganizationsException Deletes the resource policy from your organization.
You can only call this operation from the organization's management account.
- Parameters:
deleteResourcePolicyRequest
-- Returns:
- Result of the DeleteResourcePolicy operation returned by the service.
- See Also:
-
deleteResourcePolicy
default DeleteResourcePolicyResponse deleteResourcePolicy(Consumer<DeleteResourcePolicyRequest.Builder> deleteResourcePolicyRequest) throws AccessDeniedException, ServiceException, UnsupportedApiEndpointException, TooManyRequestsException, ConcurrentModificationException, ConstraintViolationException, AwsOrganizationsNotInUseException, ResourcePolicyNotFoundException, AwsServiceException, SdkClientException, OrganizationsException Deletes the resource policy from your organization.
You can only call this operation from the organization's management account.
This is a convenience which creates an instance of the
DeleteResourcePolicyRequest.Builder
avoiding the need to create one manually viaDeleteResourcePolicyRequest.builder()
- Parameters:
deleteResourcePolicyRequest
- AConsumer
that will call methods onDeleteResourcePolicyRequest.Builder
to create a request.- Returns:
- Result of the DeleteResourcePolicy operation returned by the service.
- See Also:
-
deregisterDelegatedAdministrator
default DeregisterDelegatedAdministratorResponse deregisterDelegatedAdministrator(DeregisterDelegatedAdministratorRequest deregisterDelegatedAdministratorRequest) throws AccessDeniedException, AccountNotFoundException, AccountNotRegisteredException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, TooManyRequestsException, ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Removes the specified member Amazon Web Services account as a delegated administrator for the specified Amazon Web Services service.
Deregistering a delegated administrator can have unintended impacts on the functionality of the enabled Amazon Web Services service. See the documentation for the enabled service before you deregister a delegated administrator so that you understand any potential impacts.
You can run this action only for Amazon Web Services services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at Amazon Web Services Services that you can use with Organizations in the Organizations User Guide.
This operation can be called only from the organization's management account.
- Parameters:
deregisterDelegatedAdministratorRequest
-- Returns:
- Result of the DeregisterDelegatedAdministrator operation returned by the service.
- See Also:
-
deregisterDelegatedAdministrator
default DeregisterDelegatedAdministratorResponse deregisterDelegatedAdministrator(Consumer<DeregisterDelegatedAdministratorRequest.Builder> deregisterDelegatedAdministratorRequest) throws AccessDeniedException, AccountNotFoundException, AccountNotRegisteredException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, TooManyRequestsException, ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Removes the specified member Amazon Web Services account as a delegated administrator for the specified Amazon Web Services service.
Deregistering a delegated administrator can have unintended impacts on the functionality of the enabled Amazon Web Services service. See the documentation for the enabled service before you deregister a delegated administrator so that you understand any potential impacts.
You can run this action only for Amazon Web Services services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at Amazon Web Services Services that you can use with Organizations in the Organizations User Guide.
This operation can be called only from the organization's management account.
This is a convenience which creates an instance of the
DeregisterDelegatedAdministratorRequest.Builder
avoiding the need to create one manually viaDeregisterDelegatedAdministratorRequest.builder()
- Parameters:
deregisterDelegatedAdministratorRequest
- AConsumer
that will call methods onDeregisterDelegatedAdministratorRequest.Builder
to create a request.- Returns:
- Result of the DeregisterDelegatedAdministrator operation returned by the service.
- See Also:
-
describeAccount
default DescribeAccountResponse describeAccount(DescribeAccountRequest describeAccountRequest) throws AccessDeniedException, AccountNotFoundException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Retrieves Organizations-related information about the specified account.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
describeAccountRequest
-- Returns:
- Result of the DescribeAccount operation returned by the service.
- See Also:
-
describeAccount
default DescribeAccountResponse describeAccount(Consumer<DescribeAccountRequest.Builder> describeAccountRequest) throws AccessDeniedException, AccountNotFoundException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Retrieves Organizations-related information about the specified account.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
DescribeAccountRequest.Builder
avoiding the need to create one manually viaDescribeAccountRequest.builder()
- Parameters:
describeAccountRequest
- AConsumer
that will call methods onDescribeAccountRequest.Builder
to create a request.- Returns:
- Result of the DescribeAccount operation returned by the service.
- See Also:
-
describeCreateAccountStatus
default DescribeCreateAccountStatusResponse describeCreateAccountStatus(DescribeCreateAccountStatusRequest describeCreateAccountStatusRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, CreateAccountStatusNotFoundException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Retrieves the current status of an asynchronous request to create an account.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
describeCreateAccountStatusRequest
-- Returns:
- Result of the DescribeCreateAccountStatus operation returned by the service.
- See Also:
-
describeCreateAccountStatus
default DescribeCreateAccountStatusResponse describeCreateAccountStatus(Consumer<DescribeCreateAccountStatusRequest.Builder> describeCreateAccountStatusRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, CreateAccountStatusNotFoundException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Retrieves the current status of an asynchronous request to create an account.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
DescribeCreateAccountStatusRequest.Builder
avoiding the need to create one manually viaDescribeCreateAccountStatusRequest.builder()
- Parameters:
describeCreateAccountStatusRequest
- AConsumer
that will call methods onDescribeCreateAccountStatusRequest.Builder
to create a request.- Returns:
- Result of the DescribeCreateAccountStatus operation returned by the service.
- See Also:
-
describeEffectivePolicy
default DescribeEffectivePolicyResponse describeEffectivePolicy(DescribeEffectivePolicyRequest describeEffectivePolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, ServiceException, TooManyRequestsException, TargetNotFoundException, EffectivePolicyNotFoundException, InvalidInputException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Returns the contents of the effective policy for specified policy type and account. The effective policy is the aggregation of any policies of the specified type that the account inherits, plus any policy of that type that is directly attached to the account.
This operation applies only to policy types other than service control policies (SCPs).
For more information about policy inheritance, see Understanding management policy inheritance in the Organizations User Guide.
This operation can be called from any account in the organization.
- Parameters:
describeEffectivePolicyRequest
-- Returns:
- Result of the DescribeEffectivePolicy operation returned by the service.
- See Also:
-
describeEffectivePolicy
default DescribeEffectivePolicyResponse describeEffectivePolicy(Consumer<DescribeEffectivePolicyRequest.Builder> describeEffectivePolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, ServiceException, TooManyRequestsException, TargetNotFoundException, EffectivePolicyNotFoundException, InvalidInputException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Returns the contents of the effective policy for specified policy type and account. The effective policy is the aggregation of any policies of the specified type that the account inherits, plus any policy of that type that is directly attached to the account.
This operation applies only to policy types other than service control policies (SCPs).
For more information about policy inheritance, see Understanding management policy inheritance in the Organizations User Guide.
This operation can be called from any account in the organization.
This is a convenience which creates an instance of the
DescribeEffectivePolicyRequest.Builder
avoiding the need to create one manually viaDescribeEffectivePolicyRequest.builder()
- Parameters:
describeEffectivePolicyRequest
- AConsumer
that will call methods onDescribeEffectivePolicyRequest.Builder
to create a request.- Returns:
- Result of the DescribeEffectivePolicy operation returned by the service.
- See Also:
-
describeHandshake
default DescribeHandshakeResponse describeHandshake(DescribeHandshakeRequest describeHandshakeRequest) throws AccessDeniedException, ConcurrentModificationException, HandshakeNotFoundException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Retrieves information about a previously requested handshake. The handshake ID comes from the response to the original InviteAccountToOrganization operation that generated the handshake.
You can access handshakes that are
ACCEPTED
,DECLINED
, orCANCELED
for only 30 days after they change to that state. They're then deleted and no longer accessible.This operation can be called from any account in the organization.
- Parameters:
describeHandshakeRequest
-- Returns:
- Result of the DescribeHandshake operation returned by the service.
- See Also:
-
describeHandshake
default DescribeHandshakeResponse describeHandshake(Consumer<DescribeHandshakeRequest.Builder> describeHandshakeRequest) throws AccessDeniedException, ConcurrentModificationException, HandshakeNotFoundException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Retrieves information about a previously requested handshake. The handshake ID comes from the response to the original InviteAccountToOrganization operation that generated the handshake.
You can access handshakes that are
ACCEPTED
,DECLINED
, orCANCELED
for only 30 days after they change to that state. They're then deleted and no longer accessible.This operation can be called from any account in the organization.
This is a convenience which creates an instance of the
DescribeHandshakeRequest.Builder
avoiding the need to create one manually viaDescribeHandshakeRequest.builder()
- Parameters:
describeHandshakeRequest
- AConsumer
that will call methods onDescribeHandshakeRequest.Builder
to create a request.- Returns:
- Result of the DescribeHandshake operation returned by the service.
- See Also:
-
describeOrganization
default DescribeOrganizationResponse describeOrganization(DescribeOrganizationRequest describeOrganizationRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Retrieves information about the organization that the user's account belongs to.
This operation can be called from any account in the organization.
Even if a policy type is shown as available in the organization, you can disable it separately at the root level with DisablePolicyType. Use ListRoots to see the status of policy types for a specified root.
- Parameters:
describeOrganizationRequest
-- Returns:
- Result of the DescribeOrganization operation returned by the service.
- See Also:
-
describeOrganization
default DescribeOrganizationResponse describeOrganization(Consumer<DescribeOrganizationRequest.Builder> describeOrganizationRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Retrieves information about the organization that the user's account belongs to.
This operation can be called from any account in the organization.
Even if a policy type is shown as available in the organization, you can disable it separately at the root level with DisablePolicyType. Use ListRoots to see the status of policy types for a specified root.
This is a convenience which creates an instance of the
DescribeOrganizationRequest.Builder
avoiding the need to create one manually viaDescribeOrganizationRequest.builder()
- Parameters:
describeOrganizationRequest
- AConsumer
that will call methods onDescribeOrganizationRequest.Builder
to create a request.- Returns:
- Result of the DescribeOrganization operation returned by the service.
- See Also:
-
describeOrganization
default DescribeOrganizationResponse describeOrganization() throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsExceptionRetrieves information about the organization that the user's account belongs to.
This operation can be called from any account in the organization.
Even if a policy type is shown as available in the organization, you can disable it separately at the root level with DisablePolicyType. Use ListRoots to see the status of policy types for a specified root.
- Returns:
- Result of the DescribeOrganization operation returned by the service.
- See Also:
-
describeOrganizationalUnit
default DescribeOrganizationalUnitResponse describeOrganizationalUnit(DescribeOrganizationalUnitRequest describeOrganizationalUnitRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, OrganizationalUnitNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Retrieves information about an organizational unit (OU).
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
describeOrganizationalUnitRequest
-- Returns:
- Result of the DescribeOrganizationalUnit operation returned by the service.
- See Also:
-
describeOrganizationalUnit
default DescribeOrganizationalUnitResponse describeOrganizationalUnit(Consumer<DescribeOrganizationalUnitRequest.Builder> describeOrganizationalUnitRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, OrganizationalUnitNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Retrieves information about an organizational unit (OU).
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
DescribeOrganizationalUnitRequest.Builder
avoiding the need to create one manually viaDescribeOrganizationalUnitRequest.builder()
- Parameters:
describeOrganizationalUnitRequest
- AConsumer
that will call methods onDescribeOrganizationalUnitRequest.Builder
to create a request.- Returns:
- Result of the DescribeOrganizationalUnit operation returned by the service.
- See Also:
-
describePolicy
default DescribePolicyResponse describePolicy(DescribePolicyRequest describePolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, PolicyNotFoundException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Retrieves information about a policy.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
describePolicyRequest
-- Returns:
- Result of the DescribePolicy operation returned by the service.
- See Also:
-
describePolicy
default DescribePolicyResponse describePolicy(Consumer<DescribePolicyRequest.Builder> describePolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, PolicyNotFoundException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Retrieves information about a policy.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
DescribePolicyRequest.Builder
avoiding the need to create one manually viaDescribePolicyRequest.builder()
- Parameters:
describePolicyRequest
- AConsumer
that will call methods onDescribePolicyRequest.Builder
to create a request.- Returns:
- Result of the DescribePolicy operation returned by the service.
- See Also:
-
describeResourcePolicy
default DescribeResourcePolicyResponse describeResourcePolicy(DescribeResourcePolicyRequest describeResourcePolicyRequest) throws AccessDeniedException, ServiceException, UnsupportedApiEndpointException, TooManyRequestsException, AwsOrganizationsNotInUseException, ResourcePolicyNotFoundException, ConstraintViolationException, AwsServiceException, SdkClientException, OrganizationsException Retrieves information about a resource policy.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
describeResourcePolicyRequest
-- Returns:
- Result of the DescribeResourcePolicy operation returned by the service.
- See Also:
-
describeResourcePolicy
default DescribeResourcePolicyResponse describeResourcePolicy(Consumer<DescribeResourcePolicyRequest.Builder> describeResourcePolicyRequest) throws AccessDeniedException, ServiceException, UnsupportedApiEndpointException, TooManyRequestsException, AwsOrganizationsNotInUseException, ResourcePolicyNotFoundException, ConstraintViolationException, AwsServiceException, SdkClientException, OrganizationsException Retrieves information about a resource policy.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
DescribeResourcePolicyRequest.Builder
avoiding the need to create one manually viaDescribeResourcePolicyRequest.builder()
- Parameters:
describeResourcePolicyRequest
- AConsumer
that will call methods onDescribeResourcePolicyRequest.Builder
to create a request.- Returns:
- Result of the DescribeResourcePolicy operation returned by the service.
- See Also:
-
detachPolicy
default DetachPolicyResponse detachPolicy(DetachPolicyRequest detachPolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, PolicyNotAttachedException, PolicyNotFoundException, ServiceException, TargetNotFoundException, TooManyRequestsException, UnsupportedApiEndpointException, PolicyChangesInProgressException, AwsServiceException, SdkClientException, OrganizationsException Detaches a policy from a target root, organizational unit (OU), or account.
If the policy being detached is a service control policy (SCP), the changes to permissions for Identity and Access Management (IAM) users and roles in affected accounts are immediate.
Every root, OU, and account must have at least one SCP attached. If you want to replace the default
FullAWSAccess
policy with an SCP that limits the permissions that can be delegated, you must attach the replacement SCP before you can remove the default SCP. This is the authorization strategy of an "allow list". If you instead attach a second SCP and leave theFullAWSAccess
SCP still attached, and specify"Effect": "Deny"
in the second SCP to override the"Effect": "Allow"
in theFullAWSAccess
policy (or any other attached SCP), you're using the authorization strategy of a "deny list".This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
detachPolicyRequest
-- Returns:
- Result of the DetachPolicy operation returned by the service.
- See Also:
-
detachPolicy
default DetachPolicyResponse detachPolicy(Consumer<DetachPolicyRequest.Builder> detachPolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, PolicyNotAttachedException, PolicyNotFoundException, ServiceException, TargetNotFoundException, TooManyRequestsException, UnsupportedApiEndpointException, PolicyChangesInProgressException, AwsServiceException, SdkClientException, OrganizationsException Detaches a policy from a target root, organizational unit (OU), or account.
If the policy being detached is a service control policy (SCP), the changes to permissions for Identity and Access Management (IAM) users and roles in affected accounts are immediate.
Every root, OU, and account must have at least one SCP attached. If you want to replace the default
FullAWSAccess
policy with an SCP that limits the permissions that can be delegated, you must attach the replacement SCP before you can remove the default SCP. This is the authorization strategy of an "allow list". If you instead attach a second SCP and leave theFullAWSAccess
SCP still attached, and specify"Effect": "Deny"
in the second SCP to override the"Effect": "Allow"
in theFullAWSAccess
policy (or any other attached SCP), you're using the authorization strategy of a "deny list".This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
DetachPolicyRequest.Builder
avoiding the need to create one manually viaDetachPolicyRequest.builder()
- Parameters:
detachPolicyRequest
- AConsumer
that will call methods onDetachPolicyRequest.Builder
to create a request.- Returns:
- Result of the DetachPolicy operation returned by the service.
- See Also:
-
disableAWSServiceAccess
default DisableAwsServiceAccessResponse disableAWSServiceAccess(DisableAwsServiceAccessRequest disableAwsServiceAccessRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Disables the integration of an Amazon Web Services service (the service that is specified by
ServicePrincipal
) with Organizations. When you disable integration, the specified service no longer can create a service-linked role in new accounts in your organization. This means the service can't perform operations on your behalf on any new accounts in your organization. The service can still perform operations in older accounts until the service completes its clean-up from Organizations.We strongly recommend that you don't use this command to disable integration between Organizations and the specified Amazon Web Services service. Instead, use the console or commands that are provided by the specified service. This lets the trusted service perform any required initialization when enabling trusted access, such as creating any required resources and any required clean up of resources when disabling trusted access.
For information about how to disable trusted service access to your organization using the trusted service, see the Learn more link under the Supports Trusted Access column at Amazon Web Services services that you can use with Organizations. on this page.
If you disable access by using this command, it causes the following actions to occur:
-
The service can no longer create a service-linked role in the accounts in your organization. This means that the service can't perform operations on your behalf on any new accounts in your organization. The service can still perform operations in older accounts until the service completes its clean-up from Organizations.
-
The service can no longer perform tasks in the member accounts in the organization, unless those operations are explicitly permitted by the IAM policies that are attached to your roles. This includes any data aggregation from the member accounts to the management account, or to a delegated administrator account, where relevant.
-
Some services detect this and clean up any remaining data or resources related to the integration, while other services stop accessing the organization but leave any historical data and configuration in place to support a possible re-enabling of the integration.
Using the other service's console or commands to disable the integration ensures that the other service is aware that it can clean up any resources that are required only for the integration. How the service cleans up its resources in the organization's accounts depends on that service. For more information, see the documentation for the other Amazon Web Services service.
After you perform the
DisableAWSServiceAccess
operation, the specified service can no longer perform operations in your organization's accountsFor more information about integrating other services with Organizations, including the list of services that work with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.
This operation can be called only from the organization's management account.
- Parameters:
disableAwsServiceAccessRequest
-- Returns:
- Result of the DisableAWSServiceAccess operation returned by the service.
- See Also:
-
-
disableAWSServiceAccess
default DisableAwsServiceAccessResponse disableAWSServiceAccess(Consumer<DisableAwsServiceAccessRequest.Builder> disableAwsServiceAccessRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Disables the integration of an Amazon Web Services service (the service that is specified by
ServicePrincipal
) with Organizations. When you disable integration, the specified service no longer can create a service-linked role in new accounts in your organization. This means the service can't perform operations on your behalf on any new accounts in your organization. The service can still perform operations in older accounts until the service completes its clean-up from Organizations.We strongly recommend that you don't use this command to disable integration between Organizations and the specified Amazon Web Services service. Instead, use the console or commands that are provided by the specified service. This lets the trusted service perform any required initialization when enabling trusted access, such as creating any required resources and any required clean up of resources when disabling trusted access.
For information about how to disable trusted service access to your organization using the trusted service, see the Learn more link under the Supports Trusted Access column at Amazon Web Services services that you can use with Organizations. on this page.
If you disable access by using this command, it causes the following actions to occur:
-
The service can no longer create a service-linked role in the accounts in your organization. This means that the service can't perform operations on your behalf on any new accounts in your organization. The service can still perform operations in older accounts until the service completes its clean-up from Organizations.
-
The service can no longer perform tasks in the member accounts in the organization, unless those operations are explicitly permitted by the IAM policies that are attached to your roles. This includes any data aggregation from the member accounts to the management account, or to a delegated administrator account, where relevant.
-
Some services detect this and clean up any remaining data or resources related to the integration, while other services stop accessing the organization but leave any historical data and configuration in place to support a possible re-enabling of the integration.
Using the other service's console or commands to disable the integration ensures that the other service is aware that it can clean up any resources that are required only for the integration. How the service cleans up its resources in the organization's accounts depends on that service. For more information, see the documentation for the other Amazon Web Services service.
After you perform the
DisableAWSServiceAccess
operation, the specified service can no longer perform operations in your organization's accountsFor more information about integrating other services with Organizations, including the list of services that work with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.
This operation can be called only from the organization's management account.
This is a convenience which creates an instance of the
DisableAwsServiceAccessRequest.Builder
avoiding the need to create one manually viaDisableAwsServiceAccessRequest.builder()
- Parameters:
disableAwsServiceAccessRequest
- AConsumer
that will call methods onDisableAwsServiceAccessRequest.Builder
to create a request.- Returns:
- Result of the DisableAWSServiceAccess operation returned by the service.
- See Also:
-
-
disablePolicyType
default DisablePolicyTypeResponse disablePolicyType(DisablePolicyTypeRequest disablePolicyTypeRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, PolicyTypeNotEnabledException, RootNotFoundException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, PolicyChangesInProgressException, AwsServiceException, SdkClientException, OrganizationsException Disables an organizational policy type in a root. A policy of a certain type can be attached to entities in a root only if that type is enabled in the root. After you perform this operation, you no longer can attach policies of the specified type to that root or to any organizational unit (OU) or account in that root. You can undo this by using the EnablePolicyType operation.
This is an asynchronous request that Amazon Web Services performs in the background. If you disable a policy type for a root, it still appears enabled for the organization if all features are enabled for the organization. Amazon Web Services recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
To view the status of available policy types in the organization, use DescribeOrganization.
- Parameters:
disablePolicyTypeRequest
-- Returns:
- Result of the DisablePolicyType operation returned by the service.
- See Also:
-
disablePolicyType
default DisablePolicyTypeResponse disablePolicyType(Consumer<DisablePolicyTypeRequest.Builder> disablePolicyTypeRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, PolicyTypeNotEnabledException, RootNotFoundException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, PolicyChangesInProgressException, AwsServiceException, SdkClientException, OrganizationsException Disables an organizational policy type in a root. A policy of a certain type can be attached to entities in a root only if that type is enabled in the root. After you perform this operation, you no longer can attach policies of the specified type to that root or to any organizational unit (OU) or account in that root. You can undo this by using the EnablePolicyType operation.
This is an asynchronous request that Amazon Web Services performs in the background. If you disable a policy type for a root, it still appears enabled for the organization if all features are enabled for the organization. Amazon Web Services recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
To view the status of available policy types in the organization, use DescribeOrganization.
This is a convenience which creates an instance of the
DisablePolicyTypeRequest.Builder
avoiding the need to create one manually viaDisablePolicyTypeRequest.builder()
- Parameters:
disablePolicyTypeRequest
- AConsumer
that will call methods onDisablePolicyTypeRequest.Builder
to create a request.- Returns:
- Result of the DisablePolicyType operation returned by the service.
- See Also:
-
enableAWSServiceAccess
default EnableAwsServiceAccessResponse enableAWSServiceAccess(EnableAwsServiceAccessRequest enableAwsServiceAccessRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Enables the integration of an Amazon Web Services service (the service that is specified by
ServicePrincipal
) with Organizations. When you enable integration, you allow the specified service to create a service-linked role in all the accounts in your organization. This allows the service to perform operations on your behalf in your organization and its accounts.We recommend that you enable integration between Organizations and the specified Amazon Web Services service by using the console or commands that are provided by the specified service. Doing so ensures that the service is aware that it can create the resources that are required for the integration. How the service creates those resources in the organization's accounts depends on that service. For more information, see the documentation for the other Amazon Web Services service.
For more information about enabling services to integrate with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.
You can only call this operation from the organization's management account and only if the organization has enabled all features.
- Parameters:
enableAwsServiceAccessRequest
-- Returns:
- Result of the EnableAWSServiceAccess operation returned by the service.
- See Also:
-
enableAWSServiceAccess
default EnableAwsServiceAccessResponse enableAWSServiceAccess(Consumer<EnableAwsServiceAccessRequest.Builder> enableAwsServiceAccessRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Enables the integration of an Amazon Web Services service (the service that is specified by
ServicePrincipal
) with Organizations. When you enable integration, you allow the specified service to create a service-linked role in all the accounts in your organization. This allows the service to perform operations on your behalf in your organization and its accounts.We recommend that you enable integration between Organizations and the specified Amazon Web Services service by using the console or commands that are provided by the specified service. Doing so ensures that the service is aware that it can create the resources that are required for the integration. How the service creates those resources in the organization's accounts depends on that service. For more information, see the documentation for the other Amazon Web Services service.
For more information about enabling services to integrate with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.
You can only call this operation from the organization's management account and only if the organization has enabled all features.
This is a convenience which creates an instance of the
EnableAwsServiceAccessRequest.Builder
avoiding the need to create one manually viaEnableAwsServiceAccessRequest.builder()
- Parameters:
enableAwsServiceAccessRequest
- AConsumer
that will call methods onEnableAwsServiceAccessRequest.Builder
to create a request.- Returns:
- Result of the EnableAWSServiceAccess operation returned by the service.
- See Also:
-
enableAllFeatures
default EnableAllFeaturesResponse enableAllFeatures(EnableAllFeaturesRequest enableAllFeaturesRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, HandshakeConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Enables all features in an organization. This enables the use of organization policies that can restrict the services and actions that can be called in each account. Until you enable all features, you have access only to consolidated billing, and you can't use any of the advanced account administration features that Organizations supports. For more information, see Enabling all features in your organization in the Organizations User Guide.
This operation is required only for organizations that were created explicitly with only the consolidated billing features enabled. Calling this operation sends a handshake to every invited account in the organization. The feature set change can be finalized and the additional features enabled only after all administrators in the invited accounts approve the change by accepting the handshake.
After you enable all features, you can separately enable or disable individual policy types in a root using EnablePolicyType and DisablePolicyType. To see the status of policy types in a root, use ListRoots.
After all invited member accounts accept the handshake, you finalize the feature set change by accepting the handshake that contains
"Action": "ENABLE_ALL_FEATURES"
. This completes the change.After you enable all features in your organization, the management account in the organization can apply policies on all member accounts. These policies can restrict what users and even administrators in those accounts can do. The management account can apply policies that prevent accounts from leaving the organization. Ensure that your account administrators are aware of this.
This operation can be called only from the organization's management account.
- Parameters:
enableAllFeaturesRequest
-- Returns:
- Result of the EnableAllFeatures operation returned by the service.
- See Also:
-
enableAllFeatures
default EnableAllFeaturesResponse enableAllFeatures(Consumer<EnableAllFeaturesRequest.Builder> enableAllFeaturesRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, HandshakeConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Enables all features in an organization. This enables the use of organization policies that can restrict the services and actions that can be called in each account. Until you enable all features, you have access only to consolidated billing, and you can't use any of the advanced account administration features that Organizations supports. For more information, see Enabling all features in your organization in the Organizations User Guide.
This operation is required only for organizations that were created explicitly with only the consolidated billing features enabled. Calling this operation sends a handshake to every invited account in the organization. The feature set change can be finalized and the additional features enabled only after all administrators in the invited accounts approve the change by accepting the handshake.
After you enable all features, you can separately enable or disable individual policy types in a root using EnablePolicyType and DisablePolicyType. To see the status of policy types in a root, use ListRoots.
After all invited member accounts accept the handshake, you finalize the feature set change by accepting the handshake that contains
"Action": "ENABLE_ALL_FEATURES"
. This completes the change.After you enable all features in your organization, the management account in the organization can apply policies on all member accounts. These policies can restrict what users and even administrators in those accounts can do. The management account can apply policies that prevent accounts from leaving the organization. Ensure that your account administrators are aware of this.
This operation can be called only from the organization's management account.
This is a convenience which creates an instance of the
EnableAllFeaturesRequest.Builder
avoiding the need to create one manually viaEnableAllFeaturesRequest.builder()
- Parameters:
enableAllFeaturesRequest
- AConsumer
that will call methods onEnableAllFeaturesRequest.Builder
to create a request.- Returns:
- Result of the EnableAllFeatures operation returned by the service.
- See Also:
-
enableAllFeatures
default EnableAllFeaturesResponse enableAllFeatures() throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, HandshakeConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsExceptionEnables all features in an organization. This enables the use of organization policies that can restrict the services and actions that can be called in each account. Until you enable all features, you have access only to consolidated billing, and you can't use any of the advanced account administration features that Organizations supports. For more information, see Enabling all features in your organization in the Organizations User Guide.
This operation is required only for organizations that were created explicitly with only the consolidated billing features enabled. Calling this operation sends a handshake to every invited account in the organization. The feature set change can be finalized and the additional features enabled only after all administrators in the invited accounts approve the change by accepting the handshake.
After you enable all features, you can separately enable or disable individual policy types in a root using EnablePolicyType and DisablePolicyType. To see the status of policy types in a root, use ListRoots.
After all invited member accounts accept the handshake, you finalize the feature set change by accepting the handshake that contains
"Action": "ENABLE_ALL_FEATURES"
. This completes the change.After you enable all features in your organization, the management account in the organization can apply policies on all member accounts. These policies can restrict what users and even administrators in those accounts can do. The management account can apply policies that prevent accounts from leaving the organization. Ensure that your account administrators are aware of this.
This operation can be called only from the organization's management account.
- Returns:
- Result of the EnableAllFeatures operation returned by the service.
- See Also:
-
enablePolicyType
default EnablePolicyTypeResponse enablePolicyType(EnablePolicyTypeRequest enablePolicyTypeRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, PolicyTypeAlreadyEnabledException, RootNotFoundException, ServiceException, TooManyRequestsException, PolicyTypeNotAvailableForOrganizationException, UnsupportedApiEndpointException, PolicyChangesInProgressException, AwsServiceException, SdkClientException, OrganizationsException Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root. You can undo this by using the DisablePolicyType operation.
This is an asynchronous request that Amazon Web Services performs in the background. Amazon Web Services recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
You can enable a policy type in a root only if that policy type is available in the organization. To view the status of available policy types in the organization, use DescribeOrganization.
- Parameters:
enablePolicyTypeRequest
-- Returns:
- Result of the EnablePolicyType operation returned by the service.
- See Also:
-
enablePolicyType
default EnablePolicyTypeResponse enablePolicyType(Consumer<EnablePolicyTypeRequest.Builder> enablePolicyTypeRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, PolicyTypeAlreadyEnabledException, RootNotFoundException, ServiceException, TooManyRequestsException, PolicyTypeNotAvailableForOrganizationException, UnsupportedApiEndpointException, PolicyChangesInProgressException, AwsServiceException, SdkClientException, OrganizationsException Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root. You can undo this by using the DisablePolicyType operation.
This is an asynchronous request that Amazon Web Services performs in the background. Amazon Web Services recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
You can enable a policy type in a root only if that policy type is available in the organization. To view the status of available policy types in the organization, use DescribeOrganization.
This is a convenience which creates an instance of the
EnablePolicyTypeRequest.Builder
avoiding the need to create one manually viaEnablePolicyTypeRequest.builder()
- Parameters:
enablePolicyTypeRequest
- AConsumer
that will call methods onEnablePolicyTypeRequest.Builder
to create a request.- Returns:
- Result of the EnablePolicyType operation returned by the service.
- See Also:
-
inviteAccountToOrganization
default InviteAccountToOrganizationResponse inviteAccountToOrganization(InviteAccountToOrganizationRequest inviteAccountToOrganizationRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, AccountOwnerNotVerifiedException, ConcurrentModificationException, HandshakeConstraintViolationException, DuplicateHandshakeException, ConstraintViolationException, InvalidInputException, FinalizingOrganizationException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Sends an invitation to another account to join your organization as a member account. Organizations sends email on your behalf to the email address that is associated with the other account's owner. The invitation is implemented as a Handshake whose details are in the response.
-
You can invite Amazon Web Services accounts only from the same seller as the management account. For example, if your organization's management account was created by Amazon Internet Services Pvt. Ltd (AISPL), an Amazon Web Services seller in India, you can invite only other AISPL accounts to your organization. You can't combine accounts from AISPL and Amazon Web Services or from any other Amazon Web Services seller. For more information, see Consolidated billing in India.
-
If you receive an exception that indicates that you exceeded your account limits for the organization or that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists after an hour, contact Amazon Web Services Support.
If the request includes tags, then the requester must have the
organizations:TagResource
permission.This operation can be called only from the organization's management account.
- Parameters:
inviteAccountToOrganizationRequest
-- Returns:
- Result of the InviteAccountToOrganization operation returned by the service.
- See Also:
-
-
inviteAccountToOrganization
default InviteAccountToOrganizationResponse inviteAccountToOrganization(Consumer<InviteAccountToOrganizationRequest.Builder> inviteAccountToOrganizationRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, AccountOwnerNotVerifiedException, ConcurrentModificationException, HandshakeConstraintViolationException, DuplicateHandshakeException, ConstraintViolationException, InvalidInputException, FinalizingOrganizationException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Sends an invitation to another account to join your organization as a member account. Organizations sends email on your behalf to the email address that is associated with the other account's owner. The invitation is implemented as a Handshake whose details are in the response.
-
You can invite Amazon Web Services accounts only from the same seller as the management account. For example, if your organization's management account was created by Amazon Internet Services Pvt. Ltd (AISPL), an Amazon Web Services seller in India, you can invite only other AISPL accounts to your organization. You can't combine accounts from AISPL and Amazon Web Services or from any other Amazon Web Services seller. For more information, see Consolidated billing in India.
-
If you receive an exception that indicates that you exceeded your account limits for the organization or that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists after an hour, contact Amazon Web Services Support.
If the request includes tags, then the requester must have the
organizations:TagResource
permission.This operation can be called only from the organization's management account.
This is a convenience which creates an instance of the
InviteAccountToOrganizationRequest.Builder
avoiding the need to create one manually viaInviteAccountToOrganizationRequest.builder()
- Parameters:
inviteAccountToOrganizationRequest
- AConsumer
that will call methods onInviteAccountToOrganizationRequest.Builder
to create a request.- Returns:
- Result of the InviteAccountToOrganization operation returned by the service.
- See Also:
-
-
leaveOrganization
default LeaveOrganizationResponse leaveOrganization(LeaveOrganizationRequest leaveOrganizationRequest) throws AccessDeniedException, AccountNotFoundException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, MasterCannotLeaveOrganizationException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Removes a member account from its parent organization. This version of the operation is performed by the account that wants to leave. To remove a member account as a user in the management account, use RemoveAccountFromOrganization instead.
This operation can be called only from a member account in the organization.
-
The management account in an organization with all features enabled can set service control policies (SCPs) that can restrict what administrators of member accounts can do. This includes preventing them from successfully calling
LeaveOrganization
and leaving the organization. -
You can leave an organization as a member account only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For each account that you want to make standalone, you must perform the following steps. If any of the steps are already completed for this account, that step doesn't appear.
-
Choose a support plan
-
Provide and verify the required contact information
-
Provide a current payment method
Amazon Web Services uses the payment method to charge for any billable (not free tier) Amazon Web Services activity that occurs while the account isn't attached to an organization. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
-
-
The account that you want to leave must not be a delegated administrator account for any Amazon Web Services service enabled for your organization. If the account is a delegated administrator, you must first change the delegated administrator account to another account that is remaining in the organization.
-
You can leave an organization only after you enable IAM user access to billing in your account. For more information, see About IAM access to the Billing and Cost Management console in the Amazon Web Services Billing and Cost Management User Guide.
-
After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. Amazon Web Services accounts outside of an organization do not support tags.
-
A newly created account has a waiting period before it can be removed from its organization. If you get an error that indicates that a wait period is required, then try again in a few days.
-
If you are using an organization principal to call
LeaveOrganization
across multiple accounts, you can only do this up to 5 accounts per second in a single organization.
- Parameters:
leaveOrganizationRequest
-- Returns:
- Result of the LeaveOrganization operation returned by the service.
- See Also:
-
-
leaveOrganization
default LeaveOrganizationResponse leaveOrganization(Consumer<LeaveOrganizationRequest.Builder> leaveOrganizationRequest) throws AccessDeniedException, AccountNotFoundException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, MasterCannotLeaveOrganizationException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Removes a member account from its parent organization. This version of the operation is performed by the account that wants to leave. To remove a member account as a user in the management account, use RemoveAccountFromOrganization instead.
This operation can be called only from a member account in the organization.
-
The management account in an organization with all features enabled can set service control policies (SCPs) that can restrict what administrators of member accounts can do. This includes preventing them from successfully calling
LeaveOrganization
and leaving the organization. -
You can leave an organization as a member account only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For each account that you want to make standalone, you must perform the following steps. If any of the steps are already completed for this account, that step doesn't appear.
-
Choose a support plan
-
Provide and verify the required contact information
-
Provide a current payment method
Amazon Web Services uses the payment method to charge for any billable (not free tier) Amazon Web Services activity that occurs while the account isn't attached to an organization. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
-
-
The account that you want to leave must not be a delegated administrator account for any Amazon Web Services service enabled for your organization. If the account is a delegated administrator, you must first change the delegated administrator account to another account that is remaining in the organization.
-
You can leave an organization only after you enable IAM user access to billing in your account. For more information, see About IAM access to the Billing and Cost Management console in the Amazon Web Services Billing and Cost Management User Guide.
-
After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. Amazon Web Services accounts outside of an organization do not support tags.
-
A newly created account has a waiting period before it can be removed from its organization. If you get an error that indicates that a wait period is required, then try again in a few days.
-
If you are using an organization principal to call
LeaveOrganization
across multiple accounts, you can only do this up to 5 accounts per second in a single organization.
This is a convenience which creates an instance of the
LeaveOrganizationRequest.Builder
avoiding the need to create one manually viaLeaveOrganizationRequest.builder()
- Parameters:
leaveOrganizationRequest
- AConsumer
that will call methods onLeaveOrganizationRequest.Builder
to create a request.- Returns:
- Result of the LeaveOrganization operation returned by the service.
- See Also:
-
-
leaveOrganization
default LeaveOrganizationResponse leaveOrganization() throws AccessDeniedException, AccountNotFoundException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, MasterCannotLeaveOrganizationException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsExceptionRemoves a member account from its parent organization. This version of the operation is performed by the account that wants to leave. To remove a member account as a user in the management account, use RemoveAccountFromOrganization instead.
This operation can be called only from a member account in the organization.
-
The management account in an organization with all features enabled can set service control policies (SCPs) that can restrict what administrators of member accounts can do. This includes preventing them from successfully calling
LeaveOrganization
and leaving the organization. -
You can leave an organization as a member account only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For each account that you want to make standalone, you must perform the following steps. If any of the steps are already completed for this account, that step doesn't appear.
-
Choose a support plan
-
Provide and verify the required contact information
-
Provide a current payment method
Amazon Web Services uses the payment method to charge for any billable (not free tier) Amazon Web Services activity that occurs while the account isn't attached to an organization. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
-
-
The account that you want to leave must not be a delegated administrator account for any Amazon Web Services service enabled for your organization. If the account is a delegated administrator, you must first change the delegated administrator account to another account that is remaining in the organization.
-
You can leave an organization only after you enable IAM user access to billing in your account. For more information, see About IAM access to the Billing and Cost Management console in the Amazon Web Services Billing and Cost Management User Guide.
-
After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. Amazon Web Services accounts outside of an organization do not support tags.
-
A newly created account has a waiting period before it can be removed from its organization. If you get an error that indicates that a wait period is required, then try again in a few days.
-
If you are using an organization principal to call
LeaveOrganization
across multiple accounts, you can only do this up to 5 accounts per second in a single organization.
- Returns:
- Result of the LeaveOrganization operation returned by the service.
- See Also:
-
-
listAWSServiceAccessForOrganization
default ListAwsServiceAccessForOrganizationResponse listAWSServiceAccessForOrganization(ListAwsServiceAccessForOrganizationRequest listAwsServiceAccessForOrganizationRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Returns a list of the Amazon Web Services services that you enabled to integrate with your organization. After a service on this list creates the resources that it requires for the integration, it can perform operations on your organization and its accounts.
For more information about integrating other services with Organizations, including the list of services that currently work with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
listAwsServiceAccessForOrganizationRequest
-- Returns:
- Result of the ListAWSServiceAccessForOrganization operation returned by the service.
- See Also:
-
listAWSServiceAccessForOrganization
default ListAwsServiceAccessForOrganizationResponse listAWSServiceAccessForOrganization(Consumer<ListAwsServiceAccessForOrganizationRequest.Builder> listAwsServiceAccessForOrganizationRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Returns a list of the Amazon Web Services services that you enabled to integrate with your organization. After a service on this list creates the resources that it requires for the integration, it can perform operations on your organization and its accounts.
For more information about integrating other services with Organizations, including the list of services that currently work with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
ListAwsServiceAccessForOrganizationRequest.Builder
avoiding the need to create one manually viaListAwsServiceAccessForOrganizationRequest.builder()
- Parameters:
listAwsServiceAccessForOrganizationRequest
- AConsumer
that will call methods onListAwsServiceAccessForOrganizationRequest.Builder
to create a request.- Returns:
- Result of the ListAWSServiceAccessForOrganization operation returned by the service.
- See Also:
-
listAWSServiceAccessForOrganization
default ListAwsServiceAccessForOrganizationResponse listAWSServiceAccessForOrganization() throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsExceptionReturns a list of the Amazon Web Services services that you enabled to integrate with your organization. After a service on this list creates the resources that it requires for the integration, it can perform operations on your organization and its accounts.
For more information about integrating other services with Organizations, including the list of services that currently work with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Returns:
- Result of the ListAWSServiceAccessForOrganization operation returned by the service.
- See Also:
-
listAWSServiceAccessForOrganizationPaginator
default ListAWSServiceAccessForOrganizationIterable listAWSServiceAccessForOrganizationPaginator() throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsExceptionThis is a variant of
listAWSServiceAccessForOrganization(software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client.listAWSServiceAccessForOrganizationPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client .listAWSServiceAccessForOrganizationPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client.listAWSServiceAccessForOrganizationPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listAWSServiceAccessForOrganization(software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationRequest)
operation.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listAWSServiceAccessForOrganizationPaginator
default ListAWSServiceAccessForOrganizationIterable listAWSServiceAccessForOrganizationPaginator(ListAwsServiceAccessForOrganizationRequest listAwsServiceAccessForOrganizationRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listAWSServiceAccessForOrganization(software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client.listAWSServiceAccessForOrganizationPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client .listAWSServiceAccessForOrganizationPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client.listAWSServiceAccessForOrganizationPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listAWSServiceAccessForOrganization(software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationRequest)
operation.- Parameters:
listAwsServiceAccessForOrganizationRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listAWSServiceAccessForOrganizationPaginator
default ListAWSServiceAccessForOrganizationIterable listAWSServiceAccessForOrganizationPaginator(Consumer<ListAwsServiceAccessForOrganizationRequest.Builder> listAwsServiceAccessForOrganizationRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listAWSServiceAccessForOrganization(software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client.listAWSServiceAccessForOrganizationPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client .listAWSServiceAccessForOrganizationPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListAWSServiceAccessForOrganizationIterable responses = client.listAWSServiceAccessForOrganizationPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listAWSServiceAccessForOrganization(software.amazon.awssdk.services.organizations.model.ListAwsServiceAccessForOrganizationRequest)
operation.
This is a convenience which creates an instance of the
ListAwsServiceAccessForOrganizationRequest.Builder
avoiding the need to create one manually viaListAwsServiceAccessForOrganizationRequest.builder()
- Parameters:
listAwsServiceAccessForOrganizationRequest
- AConsumer
that will call methods onListAwsServiceAccessForOrganizationRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listAccounts
default ListAccountsResponse listAccounts(ListAccountsRequest listAccountsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists all the accounts in the organization. To request only the accounts in a specified root or organizational unit (OU), use the ListAccountsForParent operation instead.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
listAccountsRequest
-- Returns:
- Result of the ListAccounts operation returned by the service.
- See Also:
-
listAccounts
default ListAccountsResponse listAccounts(Consumer<ListAccountsRequest.Builder> listAccountsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists all the accounts in the organization. To request only the accounts in a specified root or organizational unit (OU), use the ListAccountsForParent operation instead.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
ListAccountsRequest.Builder
avoiding the need to create one manually viaListAccountsRequest.builder()
- Parameters:
listAccountsRequest
- AConsumer
that will call methods onListAccountsRequest.Builder
to create a request.- Returns:
- Result of the ListAccounts operation returned by the service.
- See Also:
-
listAccounts
default ListAccountsResponse listAccounts() throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsExceptionLists all the accounts in the organization. To request only the accounts in a specified root or organizational unit (OU), use the ListAccountsForParent operation instead.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Returns:
- Result of the ListAccounts operation returned by the service.
- See Also:
-
listAccountsPaginator
default ListAccountsIterable listAccountsPaginator() throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsExceptionThis is a variant of
listAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client .listAccountsPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListAccountsResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)
operation.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listAccountsPaginator
default ListAccountsIterable listAccountsPaginator(ListAccountsRequest listAccountsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client .listAccountsPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListAccountsResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)
operation.- Parameters:
listAccountsRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listAccountsPaginator
default ListAccountsIterable listAccountsPaginator(Consumer<ListAccountsRequest.Builder> listAccountsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client .listAccountsPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListAccountsResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListAccountsIterable responses = client.listAccountsPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listAccounts(software.amazon.awssdk.services.organizations.model.ListAccountsRequest)
operation.
This is a convenience which creates an instance of the
ListAccountsRequest.Builder
avoiding the need to create one manually viaListAccountsRequest.builder()
- Parameters:
listAccountsRequest
- AConsumer
that will call methods onListAccountsRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listAccountsForParent
default ListAccountsForParentResponse listAccountsForParent(ListAccountsForParentRequest listAccountsForParentRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists the accounts in an organization that are contained by the specified target root or organizational unit (OU). If you specify the root, you get a list of all the accounts that aren't in any OU. If you specify an OU, you get a list of all the accounts in only that OU and not in any child OUs. To get a list of all accounts in the organization, use the ListAccounts operation.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
listAccountsForParentRequest
-- Returns:
- Result of the ListAccountsForParent operation returned by the service.
- See Also:
-
listAccountsForParent
default ListAccountsForParentResponse listAccountsForParent(Consumer<ListAccountsForParentRequest.Builder> listAccountsForParentRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists the accounts in an organization that are contained by the specified target root or organizational unit (OU). If you specify the root, you get a list of all the accounts that aren't in any OU. If you specify an OU, you get a list of all the accounts in only that OU and not in any child OUs. To get a list of all accounts in the organization, use the ListAccounts operation.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
ListAccountsForParentRequest.Builder
avoiding the need to create one manually viaListAccountsForParentRequest.builder()
- Parameters:
listAccountsForParentRequest
- AConsumer
that will call methods onListAccountsForParentRequest.Builder
to create a request.- Returns:
- Result of the ListAccountsForParent operation returned by the service.
- See Also:
-
listAccountsForParentPaginator
default ListAccountsForParentIterable listAccountsForParentPaginator(ListAccountsForParentRequest listAccountsForParentRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listAccountsForParent(software.amazon.awssdk.services.organizations.model.ListAccountsForParentRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListAccountsForParentIterable responses = client.listAccountsForParentPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListAccountsForParentIterable responses = client .listAccountsForParentPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListAccountsForParentResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListAccountsForParentIterable responses = client.listAccountsForParentPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listAccountsForParent(software.amazon.awssdk.services.organizations.model.ListAccountsForParentRequest)
operation.- Parameters:
listAccountsForParentRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listAccountsForParentPaginator
default ListAccountsForParentIterable listAccountsForParentPaginator(Consumer<ListAccountsForParentRequest.Builder> listAccountsForParentRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listAccountsForParent(software.amazon.awssdk.services.organizations.model.ListAccountsForParentRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListAccountsForParentIterable responses = client.listAccountsForParentPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListAccountsForParentIterable responses = client .listAccountsForParentPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListAccountsForParentResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListAccountsForParentIterable responses = client.listAccountsForParentPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listAccountsForParent(software.amazon.awssdk.services.organizations.model.ListAccountsForParentRequest)
operation.
This is a convenience which creates an instance of the
ListAccountsForParentRequest.Builder
avoiding the need to create one manually viaListAccountsForParentRequest.builder()
- Parameters:
listAccountsForParentRequest
- AConsumer
that will call methods onListAccountsForParentRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listChildren
default ListChildrenResponse listChildren(ListChildrenRequest listChildrenRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root. This operation, along with ListParents enables you to traverse the tree structure that makes up this root.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
listChildrenRequest
-- Returns:
- Result of the ListChildren operation returned by the service.
- See Also:
-
listChildren
default ListChildrenResponse listChildren(Consumer<ListChildrenRequest.Builder> listChildrenRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root. This operation, along with ListParents enables you to traverse the tree structure that makes up this root.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
ListChildrenRequest.Builder
avoiding the need to create one manually viaListChildrenRequest.builder()
- Parameters:
listChildrenRequest
- AConsumer
that will call methods onListChildrenRequest.Builder
to create a request.- Returns:
- Result of the ListChildren operation returned by the service.
- See Also:
-
listChildrenPaginator
default ListChildrenIterable listChildrenPaginator(ListChildrenRequest listChildrenRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listChildren(software.amazon.awssdk.services.organizations.model.ListChildrenRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListChildrenIterable responses = client.listChildrenPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListChildrenIterable responses = client .listChildrenPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListChildrenResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListChildrenIterable responses = client.listChildrenPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listChildren(software.amazon.awssdk.services.organizations.model.ListChildrenRequest)
operation.- Parameters:
listChildrenRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listChildrenPaginator
default ListChildrenIterable listChildrenPaginator(Consumer<ListChildrenRequest.Builder> listChildrenRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listChildren(software.amazon.awssdk.services.organizations.model.ListChildrenRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListChildrenIterable responses = client.listChildrenPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListChildrenIterable responses = client .listChildrenPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListChildrenResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListChildrenIterable responses = client.listChildrenPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listChildren(software.amazon.awssdk.services.organizations.model.ListChildrenRequest)
operation.
This is a convenience which creates an instance of the
ListChildrenRequest.Builder
avoiding the need to create one manually viaListChildrenRequest.builder()
- Parameters:
listChildrenRequest
- AConsumer
that will call methods onListChildrenRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listCreateAccountStatus
default ListCreateAccountStatusResponse listCreateAccountStatus(ListCreateAccountStatusRequest listCreateAccountStatusRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Lists the account creation requests that match the specified status that is currently being tracked for the organization.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
listCreateAccountStatusRequest
-- Returns:
- Result of the ListCreateAccountStatus operation returned by the service.
- See Also:
-
listCreateAccountStatus
default ListCreateAccountStatusResponse listCreateAccountStatus(Consumer<ListCreateAccountStatusRequest.Builder> listCreateAccountStatusRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Lists the account creation requests that match the specified status that is currently being tracked for the organization.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
ListCreateAccountStatusRequest.Builder
avoiding the need to create one manually viaListCreateAccountStatusRequest.builder()
- Parameters:
listCreateAccountStatusRequest
- AConsumer
that will call methods onListCreateAccountStatusRequest.Builder
to create a request.- Returns:
- Result of the ListCreateAccountStatus operation returned by the service.
- See Also:
-
listCreateAccountStatus
default ListCreateAccountStatusResponse listCreateAccountStatus() throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsExceptionLists the account creation requests that match the specified status that is currently being tracked for the organization.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Returns:
- Result of the ListCreateAccountStatus operation returned by the service.
- See Also:
-
listCreateAccountStatusPaginator
default ListCreateAccountStatusIterable listCreateAccountStatusPaginator() throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsExceptionThis is a variant of
listCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client.listCreateAccountStatusPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client .listCreateAccountStatusPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client.listCreateAccountStatusPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)
operation.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listCreateAccountStatusPaginator
default ListCreateAccountStatusIterable listCreateAccountStatusPaginator(ListCreateAccountStatusRequest listCreateAccountStatusRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client.listCreateAccountStatusPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client .listCreateAccountStatusPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client.listCreateAccountStatusPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)
operation.- Parameters:
listCreateAccountStatusRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listCreateAccountStatusPaginator
default ListCreateAccountStatusIterable listCreateAccountStatusPaginator(Consumer<ListCreateAccountStatusRequest.Builder> listCreateAccountStatusRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client.listCreateAccountStatusPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client .listCreateAccountStatusPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListCreateAccountStatusIterable responses = client.listCreateAccountStatusPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listCreateAccountStatus(software.amazon.awssdk.services.organizations.model.ListCreateAccountStatusRequest)
operation.
This is a convenience which creates an instance of the
ListCreateAccountStatusRequest.Builder
avoiding the need to create one manually viaListCreateAccountStatusRequest.builder()
- Parameters:
listCreateAccountStatusRequest
- AConsumer
that will call methods onListCreateAccountStatusRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listDelegatedAdministrators
default ListDelegatedAdministratorsResponse listDelegatedAdministrators(ListDelegatedAdministratorsRequest listDelegatedAdministratorsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, TooManyRequestsException, ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Lists the Amazon Web Services accounts that are designated as delegated administrators in this organization.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
listDelegatedAdministratorsRequest
-- Returns:
- Result of the ListDelegatedAdministrators operation returned by the service.
- See Also:
-
listDelegatedAdministrators
default ListDelegatedAdministratorsResponse listDelegatedAdministrators(Consumer<ListDelegatedAdministratorsRequest.Builder> listDelegatedAdministratorsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, TooManyRequestsException, ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Lists the Amazon Web Services accounts that are designated as delegated administrators in this organization.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
ListDelegatedAdministratorsRequest.Builder
avoiding the need to create one manually viaListDelegatedAdministratorsRequest.builder()
- Parameters:
listDelegatedAdministratorsRequest
- AConsumer
that will call methods onListDelegatedAdministratorsRequest.Builder
to create a request.- Returns:
- Result of the ListDelegatedAdministrators operation returned by the service.
- See Also:
-
listDelegatedAdministratorsPaginator
default ListDelegatedAdministratorsIterable listDelegatedAdministratorsPaginator(ListDelegatedAdministratorsRequest listDelegatedAdministratorsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, TooManyRequestsException, ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listDelegatedAdministrators(software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListDelegatedAdministratorsIterable responses = client.listDelegatedAdministratorsPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListDelegatedAdministratorsIterable responses = client .listDelegatedAdministratorsPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListDelegatedAdministratorsIterable responses = client.listDelegatedAdministratorsPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listDelegatedAdministrators(software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsRequest)
operation.- Parameters:
listDelegatedAdministratorsRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listDelegatedAdministratorsPaginator
default ListDelegatedAdministratorsIterable listDelegatedAdministratorsPaginator(Consumer<ListDelegatedAdministratorsRequest.Builder> listDelegatedAdministratorsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, TooManyRequestsException, ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listDelegatedAdministrators(software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListDelegatedAdministratorsIterable responses = client.listDelegatedAdministratorsPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListDelegatedAdministratorsIterable responses = client .listDelegatedAdministratorsPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListDelegatedAdministratorsIterable responses = client.listDelegatedAdministratorsPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listDelegatedAdministrators(software.amazon.awssdk.services.organizations.model.ListDelegatedAdministratorsRequest)
operation.
This is a convenience which creates an instance of the
ListDelegatedAdministratorsRequest.Builder
avoiding the need to create one manually viaListDelegatedAdministratorsRequest.builder()
- Parameters:
listDelegatedAdministratorsRequest
- AConsumer
that will call methods onListDelegatedAdministratorsRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listDelegatedServicesForAccount
default ListDelegatedServicesForAccountResponse listDelegatedServicesForAccount(ListDelegatedServicesForAccountRequest listDelegatedServicesForAccountRequest) throws AccessDeniedException, AccountNotFoundException, AccountNotRegisteredException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, TooManyRequestsException, ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException List the Amazon Web Services services for which the specified account is a delegated administrator.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
listDelegatedServicesForAccountRequest
-- Returns:
- Result of the ListDelegatedServicesForAccount operation returned by the service.
- See Also:
-
listDelegatedServicesForAccount
default ListDelegatedServicesForAccountResponse listDelegatedServicesForAccount(Consumer<ListDelegatedServicesForAccountRequest.Builder> listDelegatedServicesForAccountRequest) throws AccessDeniedException, AccountNotFoundException, AccountNotRegisteredException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, TooManyRequestsException, ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException List the Amazon Web Services services for which the specified account is a delegated administrator.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
ListDelegatedServicesForAccountRequest.Builder
avoiding the need to create one manually viaListDelegatedServicesForAccountRequest.builder()
- Parameters:
listDelegatedServicesForAccountRequest
- AConsumer
that will call methods onListDelegatedServicesForAccountRequest.Builder
to create a request.- Returns:
- Result of the ListDelegatedServicesForAccount operation returned by the service.
- See Also:
-
listDelegatedServicesForAccountPaginator
default ListDelegatedServicesForAccountIterable listDelegatedServicesForAccountPaginator(ListDelegatedServicesForAccountRequest listDelegatedServicesForAccountRequest) throws AccessDeniedException, AccountNotFoundException, AccountNotRegisteredException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, TooManyRequestsException, ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listDelegatedServicesForAccount(software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListDelegatedServicesForAccountIterable responses = client.listDelegatedServicesForAccountPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListDelegatedServicesForAccountIterable responses = client .listDelegatedServicesForAccountPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListDelegatedServicesForAccountIterable responses = client.listDelegatedServicesForAccountPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listDelegatedServicesForAccount(software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountRequest)
operation.- Parameters:
listDelegatedServicesForAccountRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listDelegatedServicesForAccountPaginator
default ListDelegatedServicesForAccountIterable listDelegatedServicesForAccountPaginator(Consumer<ListDelegatedServicesForAccountRequest.Builder> listDelegatedServicesForAccountRequest) throws AccessDeniedException, AccountNotFoundException, AccountNotRegisteredException, AwsOrganizationsNotInUseException, ConstraintViolationException, InvalidInputException, TooManyRequestsException, ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listDelegatedServicesForAccount(software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListDelegatedServicesForAccountIterable responses = client.listDelegatedServicesForAccountPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListDelegatedServicesForAccountIterable responses = client .listDelegatedServicesForAccountPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListDelegatedServicesForAccountIterable responses = client.listDelegatedServicesForAccountPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listDelegatedServicesForAccount(software.amazon.awssdk.services.organizations.model.ListDelegatedServicesForAccountRequest)
operation.
This is a convenience which creates an instance of the
ListDelegatedServicesForAccountRequest.Builder
avoiding the need to create one manually viaListDelegatedServicesForAccountRequest.builder()
- Parameters:
listDelegatedServicesForAccountRequest
- AConsumer
that will call methods onListDelegatedServicesForAccountRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listHandshakesForAccount
default ListHandshakesForAccountResponse listHandshakesForAccount(ListHandshakesForAccountRequest listHandshakesForAccountRequest) throws AccessDeniedException, ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists the current handshakes that are associated with the account of the requesting user.
Handshakes that are
ACCEPTED
,DECLINED
,CANCELED
, orEXPIRED
appear in the results of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called from any account in the organization.
- Parameters:
listHandshakesForAccountRequest
-- Returns:
- Result of the ListHandshakesForAccount operation returned by the service.
- See Also:
-
listHandshakesForAccount
default ListHandshakesForAccountResponse listHandshakesForAccount(Consumer<ListHandshakesForAccountRequest.Builder> listHandshakesForAccountRequest) throws AccessDeniedException, ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists the current handshakes that are associated with the account of the requesting user.
Handshakes that are
ACCEPTED
,DECLINED
,CANCELED
, orEXPIRED
appear in the results of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called from any account in the organization.
This is a convenience which creates an instance of the
ListHandshakesForAccountRequest.Builder
avoiding the need to create one manually viaListHandshakesForAccountRequest.builder()
- Parameters:
listHandshakesForAccountRequest
- AConsumer
that will call methods onListHandshakesForAccountRequest.Builder
to create a request.- Returns:
- Result of the ListHandshakesForAccount operation returned by the service.
- See Also:
-
listHandshakesForAccount
default ListHandshakesForAccountResponse listHandshakesForAccount() throws AccessDeniedException, ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsExceptionLists the current handshakes that are associated with the account of the requesting user.
Handshakes that are
ACCEPTED
,DECLINED
,CANCELED
, orEXPIRED
appear in the results of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called from any account in the organization.
- Returns:
- Result of the ListHandshakesForAccount operation returned by the service.
- See Also:
-
listHandshakesForAccountPaginator
default ListHandshakesForAccountIterable listHandshakesForAccountPaginator() throws AccessDeniedException, ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsExceptionThis is a variant of
listHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client.listHandshakesForAccountPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client .listHandshakesForAccountPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client.listHandshakesForAccountPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)
operation.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listHandshakesForAccountPaginator
default ListHandshakesForAccountIterable listHandshakesForAccountPaginator(ListHandshakesForAccountRequest listHandshakesForAccountRequest) throws AccessDeniedException, ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client.listHandshakesForAccountPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client .listHandshakesForAccountPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client.listHandshakesForAccountPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)
operation.- Parameters:
listHandshakesForAccountRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listHandshakesForAccountPaginator
default ListHandshakesForAccountIterable listHandshakesForAccountPaginator(Consumer<ListHandshakesForAccountRequest.Builder> listHandshakesForAccountRequest) throws AccessDeniedException, ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client.listHandshakesForAccountPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client .listHandshakesForAccountPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListHandshakesForAccountIterable responses = client.listHandshakesForAccountPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listHandshakesForAccount(software.amazon.awssdk.services.organizations.model.ListHandshakesForAccountRequest)
operation.
This is a convenience which creates an instance of the
ListHandshakesForAccountRequest.Builder
avoiding the need to create one manually viaListHandshakesForAccountRequest.builder()
- Parameters:
listHandshakesForAccountRequest
- AConsumer
that will call methods onListHandshakesForAccountRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listHandshakesForOrganization
default ListHandshakesForOrganizationResponse listHandshakesForOrganization(ListHandshakesForOrganizationRequest listHandshakesForOrganizationRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists the handshakes that are associated with the organization that the requesting user is part of. The
ListHandshakesForOrganization
operation returns a list of handshake structures. Each structure contains details and status about a handshake.Handshakes that are
ACCEPTED
,DECLINED
,CANCELED
, orEXPIRED
appear in the results of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
listHandshakesForOrganizationRequest
-- Returns:
- Result of the ListHandshakesForOrganization operation returned by the service.
- See Also:
-
listHandshakesForOrganization
default ListHandshakesForOrganizationResponse listHandshakesForOrganization(Consumer<ListHandshakesForOrganizationRequest.Builder> listHandshakesForOrganizationRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists the handshakes that are associated with the organization that the requesting user is part of. The
ListHandshakesForOrganization
operation returns a list of handshake structures. Each structure contains details and status about a handshake.Handshakes that are
ACCEPTED
,DECLINED
,CANCELED
, orEXPIRED
appear in the results of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
ListHandshakesForOrganizationRequest.Builder
avoiding the need to create one manually viaListHandshakesForOrganizationRequest.builder()
- Parameters:
listHandshakesForOrganizationRequest
- AConsumer
that will call methods onListHandshakesForOrganizationRequest.Builder
to create a request.- Returns:
- Result of the ListHandshakesForOrganization operation returned by the service.
- See Also:
-
listHandshakesForOrganization
default ListHandshakesForOrganizationResponse listHandshakesForOrganization() throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsExceptionLists the handshakes that are associated with the organization that the requesting user is part of. The
ListHandshakesForOrganization
operation returns a list of handshake structures. Each structure contains details and status about a handshake.Handshakes that are
ACCEPTED
,DECLINED
,CANCELED
, orEXPIRED
appear in the results of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Returns:
- Result of the ListHandshakesForOrganization operation returned by the service.
- See Also:
-
listHandshakesForOrganizationPaginator
default ListHandshakesForOrganizationIterable listHandshakesForOrganizationPaginator() throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsExceptionThis is a variant of
listHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client.listHandshakesForOrganizationPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client .listHandshakesForOrganizationPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client.listHandshakesForOrganizationPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)
operation.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listHandshakesForOrganizationPaginator
default ListHandshakesForOrganizationIterable listHandshakesForOrganizationPaginator(ListHandshakesForOrganizationRequest listHandshakesForOrganizationRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client.listHandshakesForOrganizationPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client .listHandshakesForOrganizationPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client.listHandshakesForOrganizationPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)
operation.- Parameters:
listHandshakesForOrganizationRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listHandshakesForOrganizationPaginator
default ListHandshakesForOrganizationIterable listHandshakesForOrganizationPaginator(Consumer<ListHandshakesForOrganizationRequest.Builder> listHandshakesForOrganizationRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client.listHandshakesForOrganizationPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client .listHandshakesForOrganizationPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListHandshakesForOrganizationIterable responses = client.listHandshakesForOrganizationPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listHandshakesForOrganization(software.amazon.awssdk.services.organizations.model.ListHandshakesForOrganizationRequest)
operation.
This is a convenience which creates an instance of the
ListHandshakesForOrganizationRequest.Builder
avoiding the need to create one manually viaListHandshakesForOrganizationRequest.builder()
- Parameters:
listHandshakesForOrganizationRequest
- AConsumer
that will call methods onListHandshakesForOrganizationRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listOrganizationalUnitsForParent
default ListOrganizationalUnitsForParentResponse listOrganizationalUnitsForParent(ListOrganizationalUnitsForParentRequest listOrganizationalUnitsForParentRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists the organizational units (OUs) in a parent organizational unit or root.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
listOrganizationalUnitsForParentRequest
-- Returns:
- Result of the ListOrganizationalUnitsForParent operation returned by the service.
- See Also:
-
listOrganizationalUnitsForParent
default ListOrganizationalUnitsForParentResponse listOrganizationalUnitsForParent(Consumer<ListOrganizationalUnitsForParentRequest.Builder> listOrganizationalUnitsForParentRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists the organizational units (OUs) in a parent organizational unit or root.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
ListOrganizationalUnitsForParentRequest.Builder
avoiding the need to create one manually viaListOrganizationalUnitsForParentRequest.builder()
- Parameters:
listOrganizationalUnitsForParentRequest
- AConsumer
that will call methods onListOrganizationalUnitsForParentRequest.Builder
to create a request.- Returns:
- Result of the ListOrganizationalUnitsForParent operation returned by the service.
- See Also:
-
listOrganizationalUnitsForParentPaginator
default ListOrganizationalUnitsForParentIterable listOrganizationalUnitsForParentPaginator(ListOrganizationalUnitsForParentRequest listOrganizationalUnitsForParentRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listOrganizationalUnitsForParent(software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListOrganizationalUnitsForParentIterable responses = client.listOrganizationalUnitsForParentPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListOrganizationalUnitsForParentIterable responses = client .listOrganizationalUnitsForParentPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListOrganizationalUnitsForParentIterable responses = client.listOrganizationalUnitsForParentPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listOrganizationalUnitsForParent(software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentRequest)
operation.- Parameters:
listOrganizationalUnitsForParentRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listOrganizationalUnitsForParentPaginator
default ListOrganizationalUnitsForParentIterable listOrganizationalUnitsForParentPaginator(Consumer<ListOrganizationalUnitsForParentRequest.Builder> listOrganizationalUnitsForParentRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ParentNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listOrganizationalUnitsForParent(software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListOrganizationalUnitsForParentIterable responses = client.listOrganizationalUnitsForParentPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListOrganizationalUnitsForParentIterable responses = client .listOrganizationalUnitsForParentPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListOrganizationalUnitsForParentIterable responses = client.listOrganizationalUnitsForParentPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listOrganizationalUnitsForParent(software.amazon.awssdk.services.organizations.model.ListOrganizationalUnitsForParentRequest)
operation.
This is a convenience which creates an instance of the
ListOrganizationalUnitsForParentRequest.Builder
avoiding the need to create one manually viaListOrganizationalUnitsForParentRequest.builder()
- Parameters:
listOrganizationalUnitsForParentRequest
- AConsumer
that will call methods onListOrganizationalUnitsForParentRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listParents
default ListParentsResponse listParents(ListParentsRequest listParentsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ChildNotFoundException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or account. This operation, along with ListChildren enables you to traverse the tree structure that makes up this root.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
In the current release, a child can have only a single parent.
- Parameters:
listParentsRequest
-- Returns:
- Result of the ListParents operation returned by the service.
- See Also:
-
listParents
default ListParentsResponse listParents(Consumer<ListParentsRequest.Builder> listParentsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ChildNotFoundException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or account. This operation, along with ListChildren enables you to traverse the tree structure that makes up this root.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
In the current release, a child can have only a single parent.
This is a convenience which creates an instance of the
ListParentsRequest.Builder
avoiding the need to create one manually viaListParentsRequest.builder()
- Parameters:
listParentsRequest
- AConsumer
that will call methods onListParentsRequest.Builder
to create a request.- Returns:
- Result of the ListParents operation returned by the service.
- See Also:
-
listParentsPaginator
default ListParentsIterable listParentsPaginator(ListParentsRequest listParentsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ChildNotFoundException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listParents(software.amazon.awssdk.services.organizations.model.ListParentsRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListParentsIterable responses = client.listParentsPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListParentsIterable responses = client.listParentsPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListParentsResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListParentsIterable responses = client.listParentsPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listParents(software.amazon.awssdk.services.organizations.model.ListParentsRequest)
operation.- Parameters:
listParentsRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listParentsPaginator
default ListParentsIterable listParentsPaginator(Consumer<ListParentsRequest.Builder> listParentsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ChildNotFoundException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listParents(software.amazon.awssdk.services.organizations.model.ListParentsRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListParentsIterable responses = client.listParentsPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListParentsIterable responses = client.listParentsPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListParentsResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListParentsIterable responses = client.listParentsPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listParents(software.amazon.awssdk.services.organizations.model.ListParentsRequest)
operation.
This is a convenience which creates an instance of the
ListParentsRequest.Builder
avoiding the need to create one manually viaListParentsRequest.builder()
- Parameters:
listParentsRequest
- AConsumer
that will call methods onListParentsRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listPolicies
default ListPoliciesResponse listPolicies(ListPoliciesRequest listPoliciesRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Retrieves the list of all policies in an organization of a specified type.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
listPoliciesRequest
-- Returns:
- Result of the ListPolicies operation returned by the service.
- See Also:
-
listPolicies
default ListPoliciesResponse listPolicies(Consumer<ListPoliciesRequest.Builder> listPoliciesRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Retrieves the list of all policies in an organization of a specified type.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
ListPoliciesRequest.Builder
avoiding the need to create one manually viaListPoliciesRequest.builder()
- Parameters:
listPoliciesRequest
- AConsumer
that will call methods onListPoliciesRequest.Builder
to create a request.- Returns:
- Result of the ListPolicies operation returned by the service.
- See Also:
-
listPoliciesPaginator
default ListPoliciesIterable listPoliciesPaginator(ListPoliciesRequest listPoliciesRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listPolicies(software.amazon.awssdk.services.organizations.model.ListPoliciesRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListPoliciesIterable responses = client.listPoliciesPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListPoliciesIterable responses = client .listPoliciesPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListPoliciesResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListPoliciesIterable responses = client.listPoliciesPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listPolicies(software.amazon.awssdk.services.organizations.model.ListPoliciesRequest)
operation.- Parameters:
listPoliciesRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listPoliciesPaginator
default ListPoliciesIterable listPoliciesPaginator(Consumer<ListPoliciesRequest.Builder> listPoliciesRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listPolicies(software.amazon.awssdk.services.organizations.model.ListPoliciesRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListPoliciesIterable responses = client.listPoliciesPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListPoliciesIterable responses = client .listPoliciesPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListPoliciesResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListPoliciesIterable responses = client.listPoliciesPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listPolicies(software.amazon.awssdk.services.organizations.model.ListPoliciesRequest)
operation.
This is a convenience which creates an instance of the
ListPoliciesRequest.Builder
avoiding the need to create one manually viaListPoliciesRequest.builder()
- Parameters:
listPoliciesRequest
- AConsumer
that will call methods onListPoliciesRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listPoliciesForTarget
default ListPoliciesForTargetResponse listPoliciesForTarget(ListPoliciesForTargetRequest listPoliciesForTargetRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TargetNotFoundException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account. You must specify the policy type that you want included in the returned list.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
listPoliciesForTargetRequest
-- Returns:
- Result of the ListPoliciesForTarget operation returned by the service.
- See Also:
-
listPoliciesForTarget
default ListPoliciesForTargetResponse listPoliciesForTarget(Consumer<ListPoliciesForTargetRequest.Builder> listPoliciesForTargetRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TargetNotFoundException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account. You must specify the policy type that you want included in the returned list.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
ListPoliciesForTargetRequest.Builder
avoiding the need to create one manually viaListPoliciesForTargetRequest.builder()
- Parameters:
listPoliciesForTargetRequest
- AConsumer
that will call methods onListPoliciesForTargetRequest.Builder
to create a request.- Returns:
- Result of the ListPoliciesForTarget operation returned by the service.
- See Also:
-
listPoliciesForTargetPaginator
default ListPoliciesForTargetIterable listPoliciesForTargetPaginator(ListPoliciesForTargetRequest listPoliciesForTargetRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TargetNotFoundException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listPoliciesForTarget(software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListPoliciesForTargetIterable responses = client.listPoliciesForTargetPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListPoliciesForTargetIterable responses = client .listPoliciesForTargetPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListPoliciesForTargetIterable responses = client.listPoliciesForTargetPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listPoliciesForTarget(software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetRequest)
operation.- Parameters:
listPoliciesForTargetRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listPoliciesForTargetPaginator
default ListPoliciesForTargetIterable listPoliciesForTargetPaginator(Consumer<ListPoliciesForTargetRequest.Builder> listPoliciesForTargetRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TargetNotFoundException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listPoliciesForTarget(software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListPoliciesForTargetIterable responses = client.listPoliciesForTargetPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListPoliciesForTargetIterable responses = client .listPoliciesForTargetPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListPoliciesForTargetIterable responses = client.listPoliciesForTargetPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listPoliciesForTarget(software.amazon.awssdk.services.organizations.model.ListPoliciesForTargetRequest)
operation.
This is a convenience which creates an instance of the
ListPoliciesForTargetRequest.Builder
avoiding the need to create one manually viaListPoliciesForTargetRequest.builder()
- Parameters:
listPoliciesForTargetRequest
- AConsumer
that will call methods onListPoliciesForTargetRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listRoots
default ListRootsResponse listRoots(ListRootsRequest listRootsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists the roots that are defined in the current organization.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
Policy types can be enabled and disabled in roots. This is distinct from whether they're available in the organization. When you enable all features, you make policy types available for use in that organization. Individual policy types can then be enabled and disabled in a root. To see the availability of a policy type in an organization, use DescribeOrganization.
- Parameters:
listRootsRequest
-- Returns:
- Result of the ListRoots operation returned by the service.
- See Also:
-
listRoots
default ListRootsResponse listRoots(Consumer<ListRootsRequest.Builder> listRootsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists the roots that are defined in the current organization.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
Policy types can be enabled and disabled in roots. This is distinct from whether they're available in the organization. When you enable all features, you make policy types available for use in that organization. Individual policy types can then be enabled and disabled in a root. To see the availability of a policy type in an organization, use DescribeOrganization.
This is a convenience which creates an instance of the
ListRootsRequest.Builder
avoiding the need to create one manually viaListRootsRequest.builder()
- Parameters:
listRootsRequest
- AConsumer
that will call methods onListRootsRequest.Builder
to create a request.- Returns:
- Result of the ListRoots operation returned by the service.
- See Also:
-
listRoots
default ListRootsResponse listRoots() throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsExceptionLists the roots that are defined in the current organization.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
Policy types can be enabled and disabled in roots. This is distinct from whether they're available in the organization. When you enable all features, you make policy types available for use in that organization. Individual policy types can then be enabled and disabled in a root. To see the availability of a policy type in an organization, use DescribeOrganization.
- Returns:
- Result of the ListRoots operation returned by the service.
- See Also:
-
listRootsPaginator
default ListRootsIterable listRootsPaginator() throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsExceptionThis is a variant of
listRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListRootsResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)
operation.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listRootsPaginator
default ListRootsIterable listRootsPaginator(ListRootsRequest listRootsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListRootsResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)
operation.- Parameters:
listRootsRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listRootsPaginator
default ListRootsIterable listRootsPaginator(Consumer<ListRootsRequest.Builder> listRootsRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListRootsResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListRootsIterable responses = client.listRootsPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listRoots(software.amazon.awssdk.services.organizations.model.ListRootsRequest)
operation.
This is a convenience which creates an instance of the
ListRootsRequest.Builder
avoiding the need to create one manually viaListRootsRequest.builder()
- Parameters:
listRootsRequest
- AConsumer
that will call methods onListRootsRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listTagsForResource
default ListTagsForResourceResponse listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, TargetNotFoundException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists tags that are attached to the specified resource.
You can attach tags to the following resources in Organizations.
-
Amazon Web Services account
-
Organization root
-
Organizational unit (OU)
-
Policy (any type)
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
listTagsForResourceRequest
-- Returns:
- Result of the ListTagsForResource operation returned by the service.
- See Also:
-
-
listTagsForResource
default ListTagsForResourceResponse listTagsForResource(Consumer<ListTagsForResourceRequest.Builder> listTagsForResourceRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, TargetNotFoundException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Lists tags that are attached to the specified resource.
You can attach tags to the following resources in Organizations.
-
Amazon Web Services account
-
Organization root
-
Organizational unit (OU)
-
Policy (any type)
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
ListTagsForResourceRequest.Builder
avoiding the need to create one manually viaListTagsForResourceRequest.builder()
- Parameters:
listTagsForResourceRequest
- AConsumer
that will call methods onListTagsForResourceRequest.Builder
to create a request.- Returns:
- Result of the ListTagsForResource operation returned by the service.
- See Also:
-
-
listTagsForResourcePaginator
default ListTagsForResourceIterable listTagsForResourcePaginator(ListTagsForResourceRequest listTagsForResourceRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, TargetNotFoundException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listTagsForResource(software.amazon.awssdk.services.organizations.model.ListTagsForResourceRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListTagsForResourceIterable responses = client.listTagsForResourcePaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListTagsForResourceIterable responses = client .listTagsForResourcePaginator(request); for (software.amazon.awssdk.services.organizations.model.ListTagsForResourceResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListTagsForResourceIterable responses = client.listTagsForResourcePaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of null won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listTagsForResource(software.amazon.awssdk.services.organizations.model.ListTagsForResourceRequest)
operation.- Parameters:
listTagsForResourceRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listTagsForResourcePaginator
default ListTagsForResourceIterable listTagsForResourcePaginator(Consumer<ListTagsForResourceRequest.Builder> listTagsForResourceRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, TargetNotFoundException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listTagsForResource(software.amazon.awssdk.services.organizations.model.ListTagsForResourceRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListTagsForResourceIterable responses = client.listTagsForResourcePaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListTagsForResourceIterable responses = client .listTagsForResourcePaginator(request); for (software.amazon.awssdk.services.organizations.model.ListTagsForResourceResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListTagsForResourceIterable responses = client.listTagsForResourcePaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of null won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listTagsForResource(software.amazon.awssdk.services.organizations.model.ListTagsForResourceRequest)
operation.
This is a convenience which creates an instance of the
ListTagsForResourceRequest.Builder
avoiding the need to create one manually viaListTagsForResourceRequest.builder()
- Parameters:
listTagsForResourceRequest
- AConsumer
that will call methods onListTagsForResourceRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listTargetsForPolicy
default ListTargetsForPolicyResponse listTargetsForPolicy(ListTargetsForPolicyRequest listTargetsForPolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, PolicyNotFoundException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
listTargetsForPolicyRequest
-- Returns:
- Result of the ListTargetsForPolicy operation returned by the service.
- See Also:
-
listTargetsForPolicy
default ListTargetsForPolicyResponse listTargetsForPolicy(Consumer<ListTargetsForPolicyRequest.Builder> listTargetsForPolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, PolicyNotFoundException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to.
Always check the
NextToken
response parameter for anull
value when calling aList*
operation. These operations can occasionally return an empty set of results even when there are more results available. TheNextToken
response parameter value isnull
only when there are no more results to display.This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
ListTargetsForPolicyRequest.Builder
avoiding the need to create one manually viaListTargetsForPolicyRequest.builder()
- Parameters:
listTargetsForPolicyRequest
- AConsumer
that will call methods onListTargetsForPolicyRequest.Builder
to create a request.- Returns:
- Result of the ListTargetsForPolicy operation returned by the service.
- See Also:
-
listTargetsForPolicyPaginator
default ListTargetsForPolicyIterable listTargetsForPolicyPaginator(ListTargetsForPolicyRequest listTargetsForPolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, PolicyNotFoundException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listTargetsForPolicy(software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListTargetsForPolicyIterable responses = client.listTargetsForPolicyPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListTargetsForPolicyIterable responses = client .listTargetsForPolicyPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListTargetsForPolicyIterable responses = client.listTargetsForPolicyPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listTargetsForPolicy(software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyRequest)
operation.- Parameters:
listTargetsForPolicyRequest
-- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
listTargetsForPolicyPaginator
default ListTargetsForPolicyIterable listTargetsForPolicyPaginator(Consumer<ListTargetsForPolicyRequest.Builder> listTargetsForPolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, InvalidInputException, PolicyNotFoundException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException This is a variant of
listTargetsForPolicy(software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyRequest)
operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle making service calls for you.When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response pages by making service calls until there are no pages left or your iteration stops. If there are errors in your request, you will see the failures only after you start iterating through the iterable.
The following are few ways to iterate through the response pages:
1) Using a Streamsoftware.amazon.awssdk.services.organizations.paginators.ListTargetsForPolicyIterable responses = client.listTargetsForPolicyPaginator(request); responses.stream().forEach(....);
{ @code software.amazon.awssdk.services.organizations.paginators.ListTargetsForPolicyIterable responses = client .listTargetsForPolicyPaginator(request); for (software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyResponse response : responses) { // do something; } }
3) Use iterator directlysoftware.amazon.awssdk.services.organizations.paginators.ListTargetsForPolicyIterable responses = client.listTargetsForPolicyPaginator(request); responses.iterator().forEachRemaining(....);
Please notice that the configuration of MaxResults won't limit the number of results you get with the paginator. It only limits the number of results in each page.
Note: If you prefer to have control on service calls, use the
listTargetsForPolicy(software.amazon.awssdk.services.organizations.model.ListTargetsForPolicyRequest)
operation.
This is a convenience which creates an instance of the
ListTargetsForPolicyRequest.Builder
avoiding the need to create one manually viaListTargetsForPolicyRequest.builder()
- Parameters:
listTargetsForPolicyRequest
- AConsumer
that will call methods onListTargetsForPolicyRequest.Builder
to create a request.- Returns:
- A custom iterable that can be used to iterate through all the response pages.
- See Also:
-
moveAccount
default MoveAccountResponse moveAccount(MoveAccountRequest moveAccountRequest) throws AccessDeniedException, InvalidInputException, SourceParentNotFoundException, DestinationParentNotFoundException, DuplicateAccountException, AccountNotFoundException, TooManyRequestsException, ConcurrentModificationException, AwsOrganizationsNotInUseException, ServiceException, AwsServiceException, SdkClientException, OrganizationsException Moves an account from its current source parent root or organizational unit (OU) to the specified destination parent root or OU.
This operation can be called only from the organization's management account.
- Parameters:
moveAccountRequest
-- Returns:
- Result of the MoveAccount operation returned by the service.
- See Also:
-
moveAccount
default MoveAccountResponse moveAccount(Consumer<MoveAccountRequest.Builder> moveAccountRequest) throws AccessDeniedException, InvalidInputException, SourceParentNotFoundException, DestinationParentNotFoundException, DuplicateAccountException, AccountNotFoundException, TooManyRequestsException, ConcurrentModificationException, AwsOrganizationsNotInUseException, ServiceException, AwsServiceException, SdkClientException, OrganizationsException Moves an account from its current source parent root or organizational unit (OU) to the specified destination parent root or OU.
This operation can be called only from the organization's management account.
This is a convenience which creates an instance of the
MoveAccountRequest.Builder
avoiding the need to create one manually viaMoveAccountRequest.builder()
- Parameters:
moveAccountRequest
- AConsumer
that will call methods onMoveAccountRequest.Builder
to create a request.- Returns:
- Result of the MoveAccount operation returned by the service.
- See Also:
-
putResourcePolicy
default PutResourcePolicyResponse putResourcePolicy(PutResourcePolicyRequest putResourcePolicyRequest) throws AccessDeniedException, ServiceException, UnsupportedApiEndpointException, TooManyRequestsException, ConcurrentModificationException, InvalidInputException, ConstraintViolationException, AwsOrganizationsNotInUseException, AwsServiceException, SdkClientException, OrganizationsException Creates or updates a resource policy.
You can only call this operation from the organization's management account.
- Parameters:
putResourcePolicyRequest
-- Returns:
- Result of the PutResourcePolicy operation returned by the service.
- See Also:
-
putResourcePolicy
default PutResourcePolicyResponse putResourcePolicy(Consumer<PutResourcePolicyRequest.Builder> putResourcePolicyRequest) throws AccessDeniedException, ServiceException, UnsupportedApiEndpointException, TooManyRequestsException, ConcurrentModificationException, InvalidInputException, ConstraintViolationException, AwsOrganizationsNotInUseException, AwsServiceException, SdkClientException, OrganizationsException Creates or updates a resource policy.
You can only call this operation from the organization's management account.
This is a convenience which creates an instance of the
PutResourcePolicyRequest.Builder
avoiding the need to create one manually viaPutResourcePolicyRequest.builder()
- Parameters:
putResourcePolicyRequest
- AConsumer
that will call methods onPutResourcePolicyRequest.Builder
to create a request.- Returns:
- Result of the PutResourcePolicy operation returned by the service.
- See Also:
-
registerDelegatedAdministrator
default RegisterDelegatedAdministratorResponse registerDelegatedAdministrator(RegisterDelegatedAdministratorRequest registerDelegatedAdministratorRequest) throws AccessDeniedException, AccountAlreadyRegisteredException, AccountNotFoundException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, TooManyRequestsException, ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Enables the specified member account to administer the Organizations features of the specified Amazon Web Services service. It grants read-only access to Organizations service data. The account still requires IAM permissions to access and administer the Amazon Web Services service.
You can run this action only for Amazon Web Services services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at Amazon Web Services Services that you can use with Organizations in the Organizations User Guide.
This operation can be called only from the organization's management account.
- Parameters:
registerDelegatedAdministratorRequest
-- Returns:
- Result of the RegisterDelegatedAdministrator operation returned by the service.
- See Also:
-
registerDelegatedAdministrator
default RegisterDelegatedAdministratorResponse registerDelegatedAdministrator(Consumer<RegisterDelegatedAdministratorRequest.Builder> registerDelegatedAdministratorRequest) throws AccessDeniedException, AccountAlreadyRegisteredException, AccountNotFoundException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, TooManyRequestsException, ServiceException, UnsupportedApiEndpointException, AwsServiceException, SdkClientException, OrganizationsException Enables the specified member account to administer the Organizations features of the specified Amazon Web Services service. It grants read-only access to Organizations service data. The account still requires IAM permissions to access and administer the Amazon Web Services service.
You can run this action only for Amazon Web Services services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at Amazon Web Services Services that you can use with Organizations in the Organizations User Guide.
This operation can be called only from the organization's management account.
This is a convenience which creates an instance of the
RegisterDelegatedAdministratorRequest.Builder
avoiding the need to create one manually viaRegisterDelegatedAdministratorRequest.builder()
- Parameters:
registerDelegatedAdministratorRequest
- AConsumer
that will call methods onRegisterDelegatedAdministratorRequest.Builder
to create a request.- Returns:
- Result of the RegisterDelegatedAdministrator operation returned by the service.
- See Also:
-
removeAccountFromOrganization
default RemoveAccountFromOrganizationResponse removeAccountFromOrganization(RemoveAccountFromOrganizationRequest removeAccountFromOrganizationRequest) throws AccessDeniedException, AccountNotFoundException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, MasterCannotLeaveOrganizationException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Removes the specified account from the organization.
The removed account becomes a standalone account that isn't a member of any organization. It's no longer subject to any policies and is responsible for its own bill payments. The organization's management account is no longer charged for any expenses accrued by the member account after it's removed from the organization.
This operation can be called only from the organization's management account. Member accounts can remove themselves with LeaveOrganization instead.
-
You can remove an account from your organization only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
-
The account that you want to leave must not be a delegated administrator account for any Amazon Web Services service enabled for your organization. If the account is a delegated administrator, you must first change the delegated administrator account to another account that is remaining in the organization.
-
After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. Amazon Web Services accounts outside of an organization do not support tags.
- Parameters:
removeAccountFromOrganizationRequest
-- Returns:
- Result of the RemoveAccountFromOrganization operation returned by the service.
- See Also:
-
-
removeAccountFromOrganization
default RemoveAccountFromOrganizationResponse removeAccountFromOrganization(Consumer<RemoveAccountFromOrganizationRequest.Builder> removeAccountFromOrganizationRequest) throws AccessDeniedException, AccountNotFoundException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, InvalidInputException, MasterCannotLeaveOrganizationException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Removes the specified account from the organization.
The removed account becomes a standalone account that isn't a member of any organization. It's no longer subject to any policies and is responsible for its own bill payments. The organization's management account is no longer charged for any expenses accrued by the member account after it's removed from the organization.
This operation can be called only from the organization's management account. Member accounts can remove themselves with LeaveOrganization instead.
-
You can remove an account from your organization only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
-
The account that you want to leave must not be a delegated administrator account for any Amazon Web Services service enabled for your organization. If the account is a delegated administrator, you must first change the delegated administrator account to another account that is remaining in the organization.
-
After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. Amazon Web Services accounts outside of an organization do not support tags.
This is a convenience which creates an instance of the
RemoveAccountFromOrganizationRequest.Builder
avoiding the need to create one manually viaRemoveAccountFromOrganizationRequest.builder()
- Parameters:
removeAccountFromOrganizationRequest
- AConsumer
that will call methods onRemoveAccountFromOrganizationRequest.Builder
to create a request.- Returns:
- Result of the RemoveAccountFromOrganization operation returned by the service.
- See Also:
-
-
tagResource
default TagResourceResponse tagResource(TagResourceRequest tagResourceRequest) throws AccessDeniedException, ConcurrentModificationException, AwsOrganizationsNotInUseException, TargetNotFoundException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Adds one or more tags to the specified resource.
Currently, you can attach tags to the following resources in Organizations.
-
Amazon Web Services account
-
Organization root
-
Organizational unit (OU)
-
Policy (any type)
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
tagResourceRequest
-- Returns:
- Result of the TagResource operation returned by the service.
- See Also:
-
-
tagResource
default TagResourceResponse tagResource(Consumer<TagResourceRequest.Builder> tagResourceRequest) throws AccessDeniedException, ConcurrentModificationException, AwsOrganizationsNotInUseException, TargetNotFoundException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Adds one or more tags to the specified resource.
Currently, you can attach tags to the following resources in Organizations.
-
Amazon Web Services account
-
Organization root
-
Organizational unit (OU)
-
Policy (any type)
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
TagResourceRequest.Builder
avoiding the need to create one manually viaTagResourceRequest.builder()
- Parameters:
tagResourceRequest
- AConsumer
that will call methods onTagResourceRequest.Builder
to create a request.- Returns:
- Result of the TagResource operation returned by the service.
- See Also:
-
-
untagResource
default UntagResourceResponse untagResource(UntagResourceRequest untagResourceRequest) throws AccessDeniedException, ConcurrentModificationException, AwsOrganizationsNotInUseException, TargetNotFoundException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Removes any tags with the specified keys from the specified resource.
You can attach tags to the following resources in Organizations.
-
Amazon Web Services account
-
Organization root
-
Organizational unit (OU)
-
Policy (any type)
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
untagResourceRequest
-- Returns:
- Result of the UntagResource operation returned by the service.
- See Also:
-
-
untagResource
default UntagResourceResponse untagResource(Consumer<UntagResourceRequest.Builder> untagResourceRequest) throws AccessDeniedException, ConcurrentModificationException, AwsOrganizationsNotInUseException, TargetNotFoundException, ConstraintViolationException, InvalidInputException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Removes any tags with the specified keys from the specified resource.
You can attach tags to the following resources in Organizations.
-
Amazon Web Services account
-
Organization root
-
Organizational unit (OU)
-
Policy (any type)
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
UntagResourceRequest.Builder
avoiding the need to create one manually viaUntagResourceRequest.builder()
- Parameters:
untagResourceRequest
- AConsumer
that will call methods onUntagResourceRequest.Builder
to create a request.- Returns:
- Result of the UntagResource operation returned by the service.
- See Also:
-
-
updateOrganizationalUnit
default UpdateOrganizationalUnitResponse updateOrganizationalUnit(UpdateOrganizationalUnitRequest updateOrganizationalUnitRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, DuplicateOrganizationalUnitException, InvalidInputException, OrganizationalUnitNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Renames the specified organizational unit (OU). The ID and ARN don't change. The child OUs and accounts remain in place, and any attached policies of the OU remain attached.
This operation can be called only from the organization's management account.
- Parameters:
updateOrganizationalUnitRequest
-- Returns:
- Result of the UpdateOrganizationalUnit operation returned by the service.
- See Also:
-
updateOrganizationalUnit
default UpdateOrganizationalUnitResponse updateOrganizationalUnit(Consumer<UpdateOrganizationalUnitRequest.Builder> updateOrganizationalUnitRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, DuplicateOrganizationalUnitException, InvalidInputException, OrganizationalUnitNotFoundException, ServiceException, TooManyRequestsException, AwsServiceException, SdkClientException, OrganizationsException Renames the specified organizational unit (OU). The ID and ARN don't change. The child OUs and accounts remain in place, and any attached policies of the OU remain attached.
This operation can be called only from the organization's management account.
This is a convenience which creates an instance of the
UpdateOrganizationalUnitRequest.Builder
avoiding the need to create one manually viaUpdateOrganizationalUnitRequest.builder()
- Parameters:
updateOrganizationalUnitRequest
- AConsumer
that will call methods onUpdateOrganizationalUnitRequest.Builder
to create a request.- Returns:
- Result of the UpdateOrganizationalUnit operation returned by the service.
- See Also:
-
updatePolicy
default UpdatePolicyResponse updatePolicy(UpdatePolicyRequest updatePolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, DuplicatePolicyException, InvalidInputException, MalformedPolicyDocumentException, PolicyNotFoundException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, PolicyChangesInProgressException, AwsServiceException, SdkClientException, OrganizationsException Updates an existing policy with a new name, description, or content. If you don't supply any parameter, that value remains unchanged. You can't change a policy's type.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
- Parameters:
updatePolicyRequest
-- Returns:
- Result of the UpdatePolicy operation returned by the service.
- See Also:
-
updatePolicy
default UpdatePolicyResponse updatePolicy(Consumer<UpdatePolicyRequest.Builder> updatePolicyRequest) throws AccessDeniedException, AwsOrganizationsNotInUseException, ConcurrentModificationException, ConstraintViolationException, DuplicatePolicyException, InvalidInputException, MalformedPolicyDocumentException, PolicyNotFoundException, ServiceException, TooManyRequestsException, UnsupportedApiEndpointException, PolicyChangesInProgressException, AwsServiceException, SdkClientException, OrganizationsException Updates an existing policy with a new name, description, or content. If you don't supply any parameter, that value remains unchanged. You can't change a policy's type.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.
This is a convenience which creates an instance of the
UpdatePolicyRequest.Builder
avoiding the need to create one manually viaUpdatePolicyRequest.builder()
- Parameters:
updatePolicyRequest
- AConsumer
that will call methods onUpdatePolicyRequest.Builder
to create a request.- Returns:
- Result of the UpdatePolicy operation returned by the service.
- See Also:
-
create
Create aOrganizationsClient
with the region loaded from theDefaultAwsRegionProviderChain
and credentials loaded from theDefaultCredentialsProvider
. -
builder
Create a builder that can be used to configure and create aOrganizationsClient
. -
serviceMetadata
-
serviceClientConfiguration
Description copied from interface:SdkClient
The SDK service client configuration exposes client settings to the user, e.g., ClientOverrideConfiguration- Specified by:
serviceClientConfiguration
in interfaceAwsClient
- Specified by:
serviceClientConfiguration
in interfaceSdkClient
- Returns:
- SdkServiceClientConfiguration
-