Copyright | (c) 2013-2017 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
- Service Configuration
- Errors
- AccountJoinedMethod
- AccountStatus
- ActionType
- ChildType
- CreateAccountFailureReason
- CreateAccountState
- HandshakePartyType
- HandshakeResourceType
- HandshakeState
- IAMUserAccessToBilling
- OrganizationFeatureSet
- ParentType
- PolicyType
- PolicyTypeStatus
- TargetType
- Account
- Child
- CreateAccountStatus
- Handshake
- HandshakeFilter
- HandshakeParty
- HandshakeResource
- Organization
- OrganizationalUnit
- Parent
- Policy
- PolicySummary
- PolicyTargetSummary
- PolicyTypeSummary
- Root
- organizations :: Service
- _PolicyNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyTypeAlreadyEnabledException :: AsError a => Getting (First ServiceError) a ServiceError
- _HandshakeConstraintViolationException :: AsError a => Getting (First ServiceError) a ServiceError
- _AccessDeniedException :: AsError a => Getting (First ServiceError) a ServiceError
- _MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError
- _RootNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _MasterCannotLeaveOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError
- _AccountNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicatePolicyException :: AsError a => Getting (First ServiceError) a ServiceError
- _ConstraintViolationException :: AsError a => Getting (First ServiceError) a ServiceError
- _FinalizingOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError
- _HandshakeNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyTypeNotAvailableForOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError
- _ChildNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _OrganizationalUnitNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _DestinationParentNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _OrganizationNotEmptyException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyTypeNotEnabledException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicateHandshakeException :: AsError a => Getting (First ServiceError) a ServiceError
- _OrganizationalUnitNotEmptyException :: AsError a => Getting (First ServiceError) a ServiceError
- _TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError
- _ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError
- _ServiceException :: AsError a => Getting (First ServiceError) a ServiceError
- _SourceParentNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _TargetNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _CreateAccountStatusNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _AlreadyInOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicateOrganizationalUnitException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyNotAttachedException :: AsError a => Getting (First ServiceError) a ServiceError
- _ParentNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _AccessDeniedForDependencyException :: AsError a => Getting (First ServiceError) a ServiceError
- _AWSOrganizationsNotInUseException :: AsError a => Getting (First ServiceError) a ServiceError
- _PolicyInUseException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidHandshakeTransitionException :: AsError a => Getting (First ServiceError) a ServiceError
- _HandshakeAlreadyInStateException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicateAccountException :: AsError a => Getting (First ServiceError) a ServiceError
- _DuplicatePolicyAttachmentException :: AsError a => Getting (First ServiceError) a ServiceError
- data AccountJoinedMethod
- data AccountStatus
- data ActionType
- data ChildType
- data CreateAccountFailureReason
- data CreateAccountState
- data HandshakePartyType
- data HandshakeResourceType
- data HandshakeState
- data IAMUserAccessToBilling
- data OrganizationFeatureSet
- data ParentType
- data PolicyType = ServiceControlPolicy
- data PolicyTypeStatus
- data TargetType
- data Account
- account :: Account
- aStatus :: Lens' Account (Maybe AccountStatus)
- aJoinedMethod :: Lens' Account (Maybe AccountJoinedMethod)
- aEmail :: Lens' Account (Maybe Text)
- aARN :: Lens' Account (Maybe Text)
- aJoinedTimestamp :: Lens' Account (Maybe UTCTime)
- aName :: Lens' Account (Maybe Text)
- aId :: Lens' Account (Maybe Text)
- data Child
- child :: Child
- cId :: Lens' Child (Maybe Text)
- cType :: Lens' Child (Maybe ChildType)
- data CreateAccountStatus
- createAccountStatus :: CreateAccountStatus
- casFailureReason :: Lens' CreateAccountStatus (Maybe CreateAccountFailureReason)
- casState :: Lens' CreateAccountStatus (Maybe CreateAccountState)
- casCompletedTimestamp :: Lens' CreateAccountStatus (Maybe UTCTime)
- casAccountName :: Lens' CreateAccountStatus (Maybe Text)
- casAccountId :: Lens' CreateAccountStatus (Maybe Text)
- casId :: Lens' CreateAccountStatus (Maybe Text)
- casRequestedTimestamp :: Lens' CreateAccountStatus (Maybe UTCTime)
- data Handshake
- handshake :: Handshake
- hState :: Lens' Handshake (Maybe HandshakeState)
- hARN :: Lens' Handshake (Maybe Text)
- hAction :: Lens' Handshake (Maybe ActionType)
- hResources :: Lens' Handshake [HandshakeResource]
- hId :: Lens' Handshake (Maybe Text)
- hExpirationTimestamp :: Lens' Handshake (Maybe UTCTime)
- hParties :: Lens' Handshake [HandshakeParty]
- hRequestedTimestamp :: Lens' Handshake (Maybe UTCTime)
- data HandshakeFilter
- handshakeFilter :: HandshakeFilter
- hfParentHandshakeId :: Lens' HandshakeFilter (Maybe Text)
- hfActionType :: Lens' HandshakeFilter (Maybe ActionType)
- data HandshakeParty
- handshakeParty :: Text -> HandshakePartyType -> HandshakeParty
- hpId :: Lens' HandshakeParty Text
- hpType :: Lens' HandshakeParty HandshakePartyType
- data HandshakeResource
- handshakeResource :: HandshakeResource
- hrValue :: Lens' HandshakeResource (Maybe Text)
- hrResources :: Lens' HandshakeResource [HandshakeResource]
- hrType :: Lens' HandshakeResource (Maybe HandshakeResourceType)
- data Organization
- organization :: Organization
- oARN :: Lens' Organization (Maybe Text)
- oMasterAccountId :: Lens' Organization (Maybe Text)
- oMasterAccountARN :: Lens' Organization (Maybe Text)
- oMasterAccountEmail :: Lens' Organization (Maybe Text)
- oAvailablePolicyTypes :: Lens' Organization [PolicyTypeSummary]
- oId :: Lens' Organization (Maybe Text)
- oFeatureSet :: Lens' Organization (Maybe OrganizationFeatureSet)
- data OrganizationalUnit
- organizationalUnit :: OrganizationalUnit
- ouARN :: Lens' OrganizationalUnit (Maybe Text)
- ouName :: Lens' OrganizationalUnit (Maybe Text)
- ouId :: Lens' OrganizationalUnit (Maybe Text)
- data Parent
- parent :: Parent
- pId :: Lens' Parent (Maybe Text)
- pType :: Lens' Parent (Maybe ParentType)
- data Policy
- policy :: Policy
- pContent :: Lens' Policy (Maybe Text)
- pPolicySummary :: Lens' Policy (Maybe PolicySummary)
- data PolicySummary
- policySummary :: PolicySummary
- psARN :: Lens' PolicySummary (Maybe Text)
- psName :: Lens' PolicySummary (Maybe Text)
- psId :: Lens' PolicySummary (Maybe Text)
- psAWSManaged :: Lens' PolicySummary (Maybe Bool)
- psType :: Lens' PolicySummary (Maybe PolicyType)
- psDescription :: Lens' PolicySummary (Maybe Text)
- data PolicyTargetSummary
- policyTargetSummary :: PolicyTargetSummary
- polTargetId :: Lens' PolicyTargetSummary (Maybe Text)
- polARN :: Lens' PolicyTargetSummary (Maybe Text)
- polName :: Lens' PolicyTargetSummary (Maybe Text)
- polType :: Lens' PolicyTargetSummary (Maybe TargetType)
- data PolicyTypeSummary
- policyTypeSummary :: PolicyTypeSummary
- ptsStatus :: Lens' PolicyTypeSummary (Maybe PolicyTypeStatus)
- ptsType :: Lens' PolicyTypeSummary (Maybe PolicyType)
- data Root
- root :: Root
- rARN :: Lens' Root (Maybe Text)
- rName :: Lens' Root (Maybe Text)
- rId :: Lens' Root (Maybe Text)
- rPolicyTypes :: Lens' Root [PolicyTypeSummary]
Service Configuration
organizations :: Service Source #
API version 2016-11-28
of the Amazon Organizations SDK configuration.
Errors
_PolicyNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find a policy with the PolicyId that you specified.
_PolicyTypeAlreadyEnabledException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The specified policy type is already enabled in the specified root.
_HandshakeConstraintViolationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The requested operation would violate the constraint identified in the reason code.
- ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. Note : deleted and closed accounts still count toward your limit.
Important: If you get an exception that indicates that you exceeded your account limits for the organization or that you can"t add an account because your organization is still initializing, please contact AWS Customer Support .
- HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes you can send in one day.
- ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a member of an organization.
- ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has already enabled all features.
- INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You cannot issue new invitations to join an organization while it is in the process of enabling all features. You can resume inviting accounts after you finalize the process when all accounts have agreed to the change.
- PAYMENT_INSTRUMENT_REQUIRED: You cannot complete the operation with an account that does not have a payment instrument, such as a credit card, associated with it.
- ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different marketplace than the accounts in the organization. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace.
- ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account too quickly after its previous change.
_AccessDeniedException :: AsError a => Getting (First ServiceError) a ServiceError Source #
You don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access Management in the IAM User Guide .
_MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The provided policy document does not meet the requirements of the specified policy type. For example, the syntax might be incorrect. For details about service control policy syntax, see Service Control Policy Syntax in the AWS Organizations User Guide .
_RootNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find a root with the RootId that you specified.
_MasterCannotLeaveOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
You can't remove a master account from an organization. If you want the master account to become a member account in another organization, you must first delete the current organization of the master account.
_AccountNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find an AWS account with the AccountId that you specified, or the account whose credentials you used to make this request is not a member of an organization.
_DuplicatePolicyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
A policy with the same name already exists.
_ConstraintViolationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Performing this operation violates a minimum or maximum value limit. For example, attempting to removing the last SCP from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit.
- ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. If you need more accounts, contact AWS Support to request an increase in your limit.
Or, The number of invitations that you tried to send would cause you to exceed the limit of accounts in your organization. Send fewer invitations, or contact AWS Support to request an increase in the number of accounts.
Note : deleted and closed accounts still count toward your limit.
Important: If you get an exception that indicates that you exceeded your account limits for the organization or that you can"t add an account because your organization is still initializing, please contact AWS Customer Support .
- HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes you can send in one day.
- OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of organizational units you can have in an organization.
- OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an organizational unit tree that is too many levels deep.
- POLICY_NUMBER_LIMIT_EXCEEDED. You attempted to exceed the number of policies that you can have in an organization.
- MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain type that can be attached to an entity at one time.
- MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would cause the entity to have fewer than the minimum number of policies of a certain type required.
- ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account from the organization that does not yet have enough information to exist as a stand-alone account. This account requires you to first agree to the AWS Customer Agreement. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide .
- ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization that does not yet have enough information to exist as a stand-alone account. This account requires you to first complete phone verification. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide .
- MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this account, you first must associate a payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide .
- MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you first must associate a payment instrument, such as a credit card, with the account. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide .
- ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create in one day.
- MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first must migrate the organization's master account to the marketplace that corresponds to the master account's address. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be associated with the same marketplace.
- MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide contact a valid address and phone number for the master account. Then try the operation again.
_FinalizingOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
AWS Organizations could not finalize the creation of your organization. Try again later. If this persists, contact AWS customer support.
_HandshakeNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find a handshake with the HandshakeId that you specified.
_PolicyTypeNotAvailableForOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
You can't use the specified policy type with the feature set currently enabled for this organization. For example, you can enable service control policies (SCPs) only after you enable all features in the organization. For more information, see Enabling and Disabling a Policy Type on a Root in the AWS Organizations User Guide .
_ChildNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find an organizational unit (OU) or AWS account with the ChildId that you specified.
_OrganizationalUnitNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find an organizational unit (OU) with the OrganizationalUnitId that you specified.
_DestinationParentNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find the destination container (a root or OU) with the ParentId that you specified.
_OrganizationNotEmptyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The organization isn't empty. To delete an organization, you must first remove all accounts except the master account, delete all organizational units (OUs), and delete all policies.
_PolicyTypeNotEnabledException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The specified policy type is not currently enabled in this root. You cannot attach policies of the specified type to entities in a root until you enable that type in the root. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide .
_DuplicateHandshakeException :: AsError a => Getting (First ServiceError) a ServiceError Source #
A handshake with the same action and target already exists. For example, if you invited an account to join your organization, the invited account might already have a pending invitation from this organization. If you intend to resend an invitation to an account, ensure that existing handshakes that might be considered duplicates are canceled or declined.
_OrganizationalUnitNotEmptyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The specified organizational unit (OU) is not empty. Move all accounts to another root or to other OUs, remove all child OUs, and then try the operation again.
_TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError Source #
You've sent too many requests in too short a period of time. The limit helps protect against denial-of-service attacks. Try again later.
_ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The target of the operation is currently being modified by a different request. Try again later.
_ServiceException :: AsError a => Getting (First ServiceError) a ServiceError Source #
AWS Organizations can't complete your request because of an internal service error. Try again later.
_SourceParentNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find a source root or OU with the ParentId that you specified.
_TargetNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find a root, OU, or account with the TargetId that you specified.
_CreateAccountStatusNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find an create account request with the CreateAccountRequestId that you specified.
_AlreadyInOrganizationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
This account is already a member of an organization. An account can belong to only one organization at a time.
_DuplicateOrganizationalUnitException :: AsError a => Getting (First ServiceError) a ServiceError Source #
An organizational unit (OU) with the same name already exists.
_InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit:
- INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.
- INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the organization.
- INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
- INVALID_ENUM: You specified a value that is not valid for that parameter.
- INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
- INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
- MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
- MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
- MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
- MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
- IMMUTABLE_POLICY: You specified a policy that is managed by AWS and cannot be modified.
- INVALID_PATTERN: You provided a value that doesn't match the required pattern.
- INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
- INPUT_REQUIRED: You must include a value for all required parameters.
- INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a previous call of the operation.
- MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
- MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
_PolicyNotAttachedException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The policy isn't attached to the specified target in the specified root.
_ParentNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
We can't find a root or organizational unit (OU) with the ParentId that you specified.
_AccessDeniedForDependencyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation you attempted requires you to have the iam:CreateServiceLinkedRole
so that Organizations can create the required service-linked role. You do not have that permission.
_AWSOrganizationsNotInUseException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Your account is not a member of an organization. To make this request, you must use the credentials of an account that belongs to an organization.
_PolicyInUseException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The policy is attached to one or more entities. You must detach it from all roots, organizational units (OUs), and accounts before performing this operation.
_InvalidHandshakeTransitionException :: AsError a => Getting (First ServiceError) a ServiceError Source #
You can't perform the operation on the handshake in its current state. For example, you can't cancel a handshake that was already accepted, or accept a handshake that was already declined.
_HandshakeAlreadyInStateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The specified handshake is already in the requested state. For example, you can't accept a handshake that was already accepted.
_DuplicateAccountException :: AsError a => Getting (First ServiceError) a ServiceError Source #
That account is already present in the specified destination.
_DuplicatePolicyAttachmentException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The selected policy is already attached to the specified target.
AccountJoinedMethod
data AccountJoinedMethod Source #
AccountStatus
data AccountStatus Source #
ActionType
data ActionType Source #
ChildType
CreateAccountFailureReason
data CreateAccountFailureReason Source #
AccountLimitExceeded | |
ConcurrentAccountModification | |
EmailAlreadyExists | |
InternalFailure | |
InvalidAddress | |
InvalidEmail |
CreateAccountState
data CreateAccountState Source #
HandshakePartyType
data HandshakePartyType Source #
HandshakeResourceType
data HandshakeResourceType Source #
HandshakeState
data HandshakeState Source #
IAMUserAccessToBilling
data IAMUserAccessToBilling Source #
OrganizationFeatureSet
data OrganizationFeatureSet Source #
ParentType
data ParentType Source #
PolicyType
data PolicyType Source #
PolicyTypeStatus
data PolicyTypeStatus Source #
TargetType
data TargetType Source #
Account
Contains information about an AWS account that is a member of an organization.
See: account
smart constructor.
Creates a value of Account
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
aStatus
- The status of the account in the organization.aJoinedMethod
- The method by which the account joined the organization.aEmail
- The email address associated with the AWS account. The regex pattern for this parameter is a string of characters that represents a standard Internet email address.aARN
- The Amazon Resource Name (ARN) of the account. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .aJoinedTimestamp
- The date the account became a part of the organization.aName
- The friendly name of the account. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.aId
- The unique identifier (ID) of the account. The regex pattern for an account ID string requires exactly 12 digits.
aStatus :: Lens' Account (Maybe AccountStatus) Source #
The status of the account in the organization.
aJoinedMethod :: Lens' Account (Maybe AccountJoinedMethod) Source #
The method by which the account joined the organization.
aEmail :: Lens' Account (Maybe Text) Source #
The email address associated with the AWS account. The regex pattern for this parameter is a string of characters that represents a standard Internet email address.
aARN :: Lens' Account (Maybe Text) Source #
The Amazon Resource Name (ARN) of the account. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
aJoinedTimestamp :: Lens' Account (Maybe UTCTime) Source #
The date the account became a part of the organization.
aName :: Lens' Account (Maybe Text) Source #
The friendly name of the account. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
aId :: Lens' Account (Maybe Text) Source #
The unique identifier (ID) of the account. The regex pattern for an account ID string requires exactly 12 digits.
Child
Contains a list of child entities, either OUs or accounts.
See: child
smart constructor.
Creates a value of Child
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
cId
- The unique identifier (ID) of this child entity. The regex pattern for a child ID string requires one of the following: * Account: a string that consists of exactly 12 digits. * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that contains the OU) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.cType
- The type of this child entity.
cId :: Lens' Child (Maybe Text) Source #
The unique identifier (ID) of this child entity. The regex pattern for a child ID string requires one of the following: * Account: a string that consists of exactly 12 digits. * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that contains the OU) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
CreateAccountStatus
data CreateAccountStatus Source #
Contains the status about a CreateAccount
request to create an AWS account in an organization.
See: createAccountStatus
smart constructor.
createAccountStatus :: CreateAccountStatus Source #
Creates a value of CreateAccountStatus
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
casFailureReason
- If the request failed, a description of the reason for the failure. * ACCOUNT_LIMIT_EXCEEDED: The account could not be created because you have reached the limit on the number of accounts in your organization. * EMAIL_ALREADY_EXISTS: The account could not be created because another AWS account with that email address already exists. * INVALID_ADDRESS: The account could not be created because the address you provided is not valid. * INVALID_EMAIL: The account could not be created because the email address you provided is not valid. * INTERNAL_FAILURE: The account could not be created because of an internal failure. Try again later. If the problem persists, contact Customer Support.casState
- The status of the request.casCompletedTimestamp
- The date and time that the account was created and the request completed.casAccountName
- The account name given to the account when it was created.casAccountId
- If the account was created successfully, the unique identifier (ID) of the new account. The regex pattern for an account ID string requires exactly 12 digits.casId
- The unique identifier (ID) that references this request. You get this value from the response of the initialCreateAccount
request to create the account. The regex pattern for an create account request ID string requires "car-" followed by from 8 to 32 lower-case letters or digits.casRequestedTimestamp
- The date and time that the request was made for the account creation.
casFailureReason :: Lens' CreateAccountStatus (Maybe CreateAccountFailureReason) Source #
If the request failed, a description of the reason for the failure. * ACCOUNT_LIMIT_EXCEEDED: The account could not be created because you have reached the limit on the number of accounts in your organization. * EMAIL_ALREADY_EXISTS: The account could not be created because another AWS account with that email address already exists. * INVALID_ADDRESS: The account could not be created because the address you provided is not valid. * INVALID_EMAIL: The account could not be created because the email address you provided is not valid. * INTERNAL_FAILURE: The account could not be created because of an internal failure. Try again later. If the problem persists, contact Customer Support.
casState :: Lens' CreateAccountStatus (Maybe CreateAccountState) Source #
The status of the request.
casCompletedTimestamp :: Lens' CreateAccountStatus (Maybe UTCTime) Source #
The date and time that the account was created and the request completed.
casAccountName :: Lens' CreateAccountStatus (Maybe Text) Source #
The account name given to the account when it was created.
casAccountId :: Lens' CreateAccountStatus (Maybe Text) Source #
If the account was created successfully, the unique identifier (ID) of the new account. The regex pattern for an account ID string requires exactly 12 digits.
casId :: Lens' CreateAccountStatus (Maybe Text) Source #
The unique identifier (ID) that references this request. You get this value from the response of the initial CreateAccount
request to create the account. The regex pattern for an create account request ID string requires "car-" followed by from 8 to 32 lower-case letters or digits.
casRequestedTimestamp :: Lens' CreateAccountStatus (Maybe UTCTime) Source #
The date and time that the request was made for the account creation.
Handshake
Contains information that must be exchanged to securely establish a relationship between two accounts (an originator and a recipient ). For example, when a master account (the originator) invites another account (the recipient) to join its organization, the two accounts exchange information as a series of handshake requests and responses.
Note: Handshakes that are CANCELED, ACCEPTED, or DECLINED show up in lists for only 30 days after entering that state After that they are deleted.
See: handshake
smart constructor.
handshake :: Handshake Source #
Creates a value of Handshake
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
hState
- The current state of the handshake. Use the state to trace the flow of the handshake through the process from its creation to its acceptance. The meaning of each of the valid values is as follows: * REQUESTED : This handshake was sent to multiple recipients (applicable to only some handshake types) and not all recipients have responded yet. The request stays in this state until all recipients respond. * OPEN : This handshake was sent to multiple recipients (applicable to only some policy types) and all recipients have responded, allowing the originator to complete the handshake action. * CANCELED : This handshake is no longer active because it was canceled by the originating account. * ACCEPTED : This handshake is complete because it has been accepted by the recipient. * DECLINED : This handshake is no longer active because it was declined by the recipient account. * EXPIRED : This handshake is no longer active because the originator did not receive a response of any kind from the recipient before the expiration time (15 days).hARN
- The Amazon Resource Name (ARN) of a handshake. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .hAction
- The type of handshake, indicating what action occurs when the recipient accepts the handshake. The following handshake types are supported: * INVITE : This type of handshake represents a request to join an organization. It is always sent from the master account to only non-member accounts. * ENABLE_ALL_FEATURES : This type of handshake represents a request to enable all features in an organization. It is always sent from the master account to only invited member accounts. Created accounts do not receive this because those accounts were created by the organization's master account and approval is inferred. * APPROVE_ALL_FEATURES : This type of handshake is sent from the Organizations service when all member accounts have approved theENABLE_ALL_FEATURES
invitation. It is sent only to the master account and signals the master that it can finalize the process to enable all features.hResources
- Additional information that is needed to process the handshake.hId
- The unique identifier (ID) of a handshake. The originating account creates the ID when it initiates the handshake. The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.hExpirationTimestamp
- The date and time that the handshake expires. If the recipient of the handshake request fails to respond before the specified date and time, the handshake becomes inactive and is no longer valid.hParties
- Information about the two accounts that are participating in the handshake.hRequestedTimestamp
- The date and time that the handshake request was made.
hState :: Lens' Handshake (Maybe HandshakeState) Source #
The current state of the handshake. Use the state to trace the flow of the handshake through the process from its creation to its acceptance. The meaning of each of the valid values is as follows: * REQUESTED : This handshake was sent to multiple recipients (applicable to only some handshake types) and not all recipients have responded yet. The request stays in this state until all recipients respond. * OPEN : This handshake was sent to multiple recipients (applicable to only some policy types) and all recipients have responded, allowing the originator to complete the handshake action. * CANCELED : This handshake is no longer active because it was canceled by the originating account. * ACCEPTED : This handshake is complete because it has been accepted by the recipient. * DECLINED : This handshake is no longer active because it was declined by the recipient account. * EXPIRED : This handshake is no longer active because the originator did not receive a response of any kind from the recipient before the expiration time (15 days).
hARN :: Lens' Handshake (Maybe Text) Source #
The Amazon Resource Name (ARN) of a handshake. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
hAction :: Lens' Handshake (Maybe ActionType) Source #
The type of handshake, indicating what action occurs when the recipient accepts the handshake. The following handshake types are supported: * INVITE : This type of handshake represents a request to join an organization. It is always sent from the master account to only non-member accounts. * ENABLE_ALL_FEATURES : This type of handshake represents a request to enable all features in an organization. It is always sent from the master account to only invited member accounts. Created accounts do not receive this because those accounts were created by the organization's master account and approval is inferred. * APPROVE_ALL_FEATURES : This type of handshake is sent from the Organizations service when all member accounts have approved the ENABLE_ALL_FEATURES
invitation. It is sent only to the master account and signals the master that it can finalize the process to enable all features.
hResources :: Lens' Handshake [HandshakeResource] Source #
Additional information that is needed to process the handshake.
hId :: Lens' Handshake (Maybe Text) Source #
The unique identifier (ID) of a handshake. The originating account creates the ID when it initiates the handshake. The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.
hExpirationTimestamp :: Lens' Handshake (Maybe UTCTime) Source #
The date and time that the handshake expires. If the recipient of the handshake request fails to respond before the specified date and time, the handshake becomes inactive and is no longer valid.
hParties :: Lens' Handshake [HandshakeParty] Source #
Information about the two accounts that are participating in the handshake.
hRequestedTimestamp :: Lens' Handshake (Maybe UTCTime) Source #
The date and time that the handshake request was made.
HandshakeFilter
data HandshakeFilter Source #
Specifies the criteria that are used to select the handshakes for the operation.
See: handshakeFilter
smart constructor.
handshakeFilter :: HandshakeFilter Source #
Creates a value of HandshakeFilter
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
hfParentHandshakeId
- Specifies the parent handshake. Only used for handshake types that are a child of another type. If you specifyParentHandshakeId
, you cannot also specifyActionType
. The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.hfActionType
- Specifies the type of handshake action. If you specifyActionType
, you cannot also specifyParentHandshakeId
.
hfParentHandshakeId :: Lens' HandshakeFilter (Maybe Text) Source #
Specifies the parent handshake. Only used for handshake types that are a child of another type. If you specify ParentHandshakeId
, you cannot also specify ActionType
. The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.
hfActionType :: Lens' HandshakeFilter (Maybe ActionType) Source #
Specifies the type of handshake action. If you specify ActionType
, you cannot also specify ParentHandshakeId
.
HandshakeParty
data HandshakeParty Source #
Identifies a participant in a handshake.
See: handshakeParty
smart constructor.
Creates a value of HandshakeParty
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
hpId
- The unique identifier (ID) for the party. The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.hpType
- The type of party.
hpId :: Lens' HandshakeParty Text Source #
The unique identifier (ID) for the party. The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.
hpType :: Lens' HandshakeParty HandshakePartyType Source #
The type of party.
HandshakeResource
data HandshakeResource Source #
Contains additional data that is needed to process a handshake.
See: handshakeResource
smart constructor.
handshakeResource :: HandshakeResource Source #
Creates a value of HandshakeResource
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
hrValue
- The information that is passed to the other party in the handshake. The format of the value string must match the requirements of the specified type.hrResources
- When needed, contains an additional array ofHandshakeResource
objects.hrType
- The type of information being passed, specifying how the value is to be interpreted by the other party: *ACCOUNT
- Specifies an AWS account ID number. *ORGANIZATION
- Specifies an organization ID number. *EMAIL
- Specifies the email address that is associated with the account that receives the handshake. *OWNER_EMAIL
- Specifies the email address associated with the master account. Included as information about an organization. *OWNER_NAME
- Specifies the name associated with the master account. Included as information about an organization. *NOTES
- Additional text provided by the handshake initiator and intended for the recipient to read.
hrValue :: Lens' HandshakeResource (Maybe Text) Source #
The information that is passed to the other party in the handshake. The format of the value string must match the requirements of the specified type.
hrResources :: Lens' HandshakeResource [HandshakeResource] Source #
When needed, contains an additional array of HandshakeResource
objects.
hrType :: Lens' HandshakeResource (Maybe HandshakeResourceType) Source #
The type of information being passed, specifying how the value is to be interpreted by the other party: * ACCOUNT
- Specifies an AWS account ID number. * ORGANIZATION
- Specifies an organization ID number. * EMAIL
- Specifies the email address that is associated with the account that receives the handshake. * OWNER_EMAIL
- Specifies the email address associated with the master account. Included as information about an organization. * OWNER_NAME
- Specifies the name associated with the master account. Included as information about an organization. * NOTES
- Additional text provided by the handshake initiator and intended for the recipient to read.
Organization
data Organization Source #
Contains details about an organization. An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies .
See: organization
smart constructor.
organization :: Organization Source #
Creates a value of Organization
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
oARN
- The Amazon Resource Name (ARN) of an organization. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .oMasterAccountId
- The unique identifier (ID) of the master account of an organization. The regex pattern for an account ID string requires exactly 12 digits.oMasterAccountARN
- The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .oMasterAccountEmail
- The email address that is associated with the AWS account that is designated as the master account for the organization.oAvailablePolicyTypes
- A list of policy types that are enabled for this organization. For example, if your organization has all features enabled, then service control policies (SCPs) are included in the list.oId
- The unique identifier (ID) of an organization. The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lower-case letters or digits.oFeatureSet
- Specifies the functionality that currently is available to the organization. If set to ALL, then all features are enabled and policies can be applied to accounts in the organization. If set to CONSOLIDATED_BILLING, then only consolidated billing functionality is available. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide .
oARN :: Lens' Organization (Maybe Text) Source #
The Amazon Resource Name (ARN) of an organization. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
oMasterAccountId :: Lens' Organization (Maybe Text) Source #
The unique identifier (ID) of the master account of an organization. The regex pattern for an account ID string requires exactly 12 digits.
oMasterAccountARN :: Lens' Organization (Maybe Text) Source #
The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
oMasterAccountEmail :: Lens' Organization (Maybe Text) Source #
The email address that is associated with the AWS account that is designated as the master account for the organization.
oAvailablePolicyTypes :: Lens' Organization [PolicyTypeSummary] Source #
A list of policy types that are enabled for this organization. For example, if your organization has all features enabled, then service control policies (SCPs) are included in the list.
oId :: Lens' Organization (Maybe Text) Source #
The unique identifier (ID) of an organization. The regex pattern for an organization ID string requires "o-" followed by from 10 to 32 lower-case letters or digits.
oFeatureSet :: Lens' Organization (Maybe OrganizationFeatureSet) Source #
Specifies the functionality that currently is available to the organization. If set to ALL, then all features are enabled and policies can be applied to accounts in the organization. If set to CONSOLIDATED_BILLING, then only consolidated billing functionality is available. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide .
OrganizationalUnit
data OrganizationalUnit Source #
Contains details about an organizational unit (OU). An OU is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.
See: organizationalUnit
smart constructor.
organizationalUnit :: OrganizationalUnit Source #
Creates a value of OrganizationalUnit
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ouARN
- The Amazon Resource Name (ARN) of this OU. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .ouName
- The friendly name of this OU. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.ouId
- The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that contains the OU) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
ouARN :: Lens' OrganizationalUnit (Maybe Text) Source #
The Amazon Resource Name (ARN) of this OU. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
ouName :: Lens' OrganizationalUnit (Maybe Text) Source #
The friendly name of this OU. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
ouId :: Lens' OrganizationalUnit (Maybe Text) Source #
The unique identifier (ID) associated with this OU. The regex pattern for an organizational unit ID string requires "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that contains the OU) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
Parent
Contains information about either a root or an organizational unit (OU) that can contain OUs or accounts in an organization.
See: parent
smart constructor.
Creates a value of Parent
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pId
- The unique identifier (ID) of the parent entity. The regex pattern for a parent ID string requires one of the following: * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits. * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.pType
- The type of the parent entity.
pId :: Lens' Parent (Maybe Text) Source #
The unique identifier (ID) of the parent entity. The regex pattern for a parent ID string requires one of the following: * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits. * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
Policy
Contains rules to be applied to the affected accounts. Policies can be attached directly to accounts, or to roots and OUs to affect all accounts in those hierarchies.
See: policy
smart constructor.
Creates a value of Policy
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pContent
- The text content of the policy.pPolicySummary
- A structure that contains additional details about the policy.
pPolicySummary :: Lens' Policy (Maybe PolicySummary) Source #
A structure that contains additional details about the policy.
PolicySummary
data PolicySummary Source #
Contains information about a policy, but does not include the content. To see the content of a policy, see DescribePolicy
.
See: policySummary
smart constructor.
policySummary :: PolicySummary Source #
Creates a value of PolicySummary
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
psARN
- The Amazon Resource Name (ARN) of the policy. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .psName
- The friendly name of the policy. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.psId
- The unique identifier (ID) of the policy. The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lower-case letters or digits.psAWSManaged
- A boolean value that indicates whether the specified policy is an AWS managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.psType
- The type of policy.psDescription
- The description of the policy.
psARN :: Lens' PolicySummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the policy. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
psName :: Lens' PolicySummary (Maybe Text) Source #
The friendly name of the policy. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
psId :: Lens' PolicySummary (Maybe Text) Source #
The unique identifier (ID) of the policy. The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lower-case letters or digits.
psAWSManaged :: Lens' PolicySummary (Maybe Bool) Source #
A boolean value that indicates whether the specified policy is an AWS managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.
psType :: Lens' PolicySummary (Maybe PolicyType) Source #
The type of policy.
psDescription :: Lens' PolicySummary (Maybe Text) Source #
The description of the policy.
PolicyTargetSummary
data PolicyTargetSummary Source #
Contains information about a root, OU, or account that a policy is attached to.
See: policyTargetSummary
smart constructor.
policyTargetSummary :: PolicyTargetSummary Source #
Creates a value of PolicyTargetSummary
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
polTargetId
- The unique identifier (ID) of the policy target. The regex pattern for a target ID string requires one of the following: * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits. * Account: a string that consists of exactly 12 digits. * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.polARN
- The Amazon Resource Name (ARN) of the policy target. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .polName
- The friendly name of the policy target. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.polType
- The type of the policy target.
polTargetId :: Lens' PolicyTargetSummary (Maybe Text) Source #
The unique identifier (ID) of the policy target. The regex pattern for a target ID string requires one of the following: * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits. * Account: a string that consists of exactly 12 digits. * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
polARN :: Lens' PolicyTargetSummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the policy target. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
polName :: Lens' PolicyTargetSummary (Maybe Text) Source #
The friendly name of the policy target. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
polType :: Lens' PolicyTargetSummary (Maybe TargetType) Source #
The type of the policy target.
PolicyTypeSummary
data PolicyTypeSummary Source #
Contains information about a policy type and its status in the associated root.
See: policyTypeSummary
smart constructor.
policyTypeSummary :: PolicyTypeSummary Source #
Creates a value of PolicyTypeSummary
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ptsStatus :: Lens' PolicyTypeSummary (Maybe PolicyTypeStatus) Source #
The status of the policy type as it relates to the associated root. To attach a policy of the specified type to a root or to an OU or account in that root, it must be available in the organization and enabled for that root.
ptsType :: Lens' PolicyTypeSummary (Maybe PolicyType) Source #
The name of the policy type.
Root
Contains details about a root. A root is a top-level parent node in the hierarchy of an organization that can contain organizational units (OUs) and accounts. Every root contains every AWS account in the organization. Each root enables the accounts to be organized in a different way and to have different policy types enabled for use in that root.
See: root
smart constructor.
Creates a value of Root
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rARN
- The Amazon Resource Name (ARN) of the root. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .rName
- The friendly name of the root. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.rId
- The unique identifier (ID) for the root. The regex pattern for a root ID string requires "r-" followed by from 4 to 32 lower-case letters or digits.rPolicyTypes
- The types of policies that are currently enabled for the root and therefore can be attached to the root or to its OUs or accounts.
rARN :: Lens' Root (Maybe Text) Source #
The Amazon Resource Name (ARN) of the root. For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide .
rName :: Lens' Root (Maybe Text) Source #
The friendly name of the root. The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.
rId :: Lens' Root (Maybe Text) Source #
The unique identifier (ID) for the root. The regex pattern for a root ID string requires "r-" followed by from 4 to 32 lower-case letters or digits.
rPolicyTypes :: Lens' Root [PolicyTypeSummary] Source #
The types of policies that are currently enabled for the root and therefore can be attached to the root or to its OUs or accounts.