Expand description
AWS Organizations is a web service that enables you to consolidate your multiple AWS accounts into an organization and centrally manage your accounts and their resources.
This guide provides descriptions of the Organizations operations. For more information about using this service, see the AWS Organizations User Guide.
Support and feedback for AWS Organizations
We welcome your feedback. Send your comments to feedback-awsorganizations@amazon.com or post your feedback and questions in the AWS Organizations support forum. For more information about the AWS support forums, see Forums Help.
Endpoint to call When using the AWS CLI or the AWS SDK
For the current release of Organizations, specify the us-east-1 region for all AWS API and AWS CLI calls made from the commercial AWS Regions outside of China. If calling from one of the AWS Regions in China, then specify cn-northwest-1. You can do this in the AWS CLI by using these parameters and commands:
-
Use the following parameter with each command to specify both the endpoint and its region:
--endpoint-url https://organizations.us-east-1.amazonaws.com(from commercial AWS Regions outside of China)or
--endpoint-url https://organizations.cn-northwest-1.amazonaws.com.cn(from AWS Regions in China) -
Use the default endpoint, but configure your default region with this command:
aws configure set default.region us-east-1(from commercial AWS Regions outside of China)or
aws configure set default.region cn-northwest-1(from AWS Regions in China) -
Use the following parameter with each command to specify the endpoint:
--region us-east-1(from commercial AWS Regions outside of China)or
--region cn-northwest-1(from AWS Regions in China)
Recording API Requests
AWS Organizations supports AWS CloudTrail, a service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information collected by AWS CloudTrail, you can determine which requests the Organizations service received, who made the request and when, and so on. For more about AWS Organizations and its support for AWS CloudTrail, see Logging AWS Organizations Events with AWS CloudTrail in the AWS Organizations User Guide. To learn more about AWS CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.
If you’re using the service, you’re probably looking for OrganizationsClient and Organizations.
Structs§
- Accept
Handshake Request - Accept
Handshake Response - Account
Contains information about an AWS account that is a member of an organization.
- Attach
Policy Request - Cancel
Handshake Request - Cancel
Handshake Response - Child
Contains a list of child entities, either OUs or accounts.
- Create
Account Request - Create
Account Response - Create
Account Status Contains the status about a CreateAccount or CreateGovCloudAccount request to create an AWS account or an AWS GovCloud (US) account in an organization.
- Create
GovCloud Account Request - Create
GovCloud Account Response - Create
Organization Request - Create
Organization Response - Create
Organizational Unit Request - Create
Organizational Unit Response - Create
Policy Request - Create
Policy Response - Decline
Handshake Request - Decline
Handshake Response - Delegated
Administrator Contains information about the delegated administrator.
- Delegated
Service Contains information about the AWS service for which the account is a delegated administrator.
- Delete
Organizational Unit Request - Delete
Policy Request - Deregister
Delegated Administrator Request - Describe
Account Request - Describe
Account Response - Describe
Create Account Status Request - Describe
Create Account Status Response - Describe
Effective Policy Request - Describe
Effective Policy Response - Describe
Handshake Request - Describe
Handshake Response - Describe
Organization Response - Describe
Organizational Unit Request - Describe
Organizational Unit Response - Describe
Policy Request - Describe
Policy Response - Detach
Policy Request - DisableAWS
Service Access Request - Disable
Policy Type Request - Disable
Policy Type Response - Effective
Policy Contains rules to be applied to the affected accounts. The effective policy is the aggregation of any policies the account inherits, plus any policy directly attached to the account.
- EnableAWS
Service Access Request - Enable
AllFeatures Request - Enable
AllFeatures Response - Enable
Policy Type Request - Enable
Policy Type Response - Enabled
Service Principal A structure that contains details of a service principal that represents an AWS service that is enabled to integrate with AWS Organizations.
- Handshake
Contains information that must be exchanged to securely establish a relationship between two accounts (an originator and a recipient). For example, when a management account (the originator) invites another account (the recipient) to join its organization, the two accounts exchange information as a series of handshake requests and responses.
Note: Handshakes that are
CANCELED,ACCEPTED, orDECLINEDshow up in lists for only 30 days after entering that state After that they are deleted.- Handshake
Filter Specifies the criteria that are used to select the handshakes for the operation.
- Handshake
Party Identifies a participant in a handshake.
- Handshake
Resource Contains additional data that is needed to process a handshake.
- Invite
Account ToOrganization Request - Invite
Account ToOrganization Response - ListAWS
Service Access ForOrganization Request - ListAWS
Service Access ForOrganization Response - List
Accounts ForParent Request - List
Accounts ForParent Response - List
Accounts Request - List
Accounts Response - List
Children Request - List
Children Response - List
Create Account Status Request - List
Create Account Status Response - List
Delegated Administrators Request - List
Delegated Administrators Response - List
Delegated Services ForAccount Request - List
Delegated Services ForAccount Response - List
Handshakes ForAccount Request - List
Handshakes ForAccount Response - List
Handshakes ForOrganization Request - List
Handshakes ForOrganization Response - List
Organizational Units ForParent Request - List
Organizational Units ForParent Response - List
Parents Request - List
Parents Response - List
Policies ForTarget Request - List
Policies ForTarget Response - List
Policies Request - List
Policies Response - List
Roots Request - List
Roots Response - List
Tags ForResource Request - List
Tags ForResource Response - List
Targets ForPolicy Request - List
Targets ForPolicy Response - Move
Account Request - Organization
Contains details about an organization. An organization is a collection of accounts that are centrally managed together using consolidated billing, organized hierarchically with organizational units (OUs), and controlled with policies .
- Organizational
Unit Contains details about an organizational unit (OU). An OU is a container of AWS accounts within a root of an organization. Policies that are attached to an OU apply to all accounts contained in that OU and in any child OUs.
- Organizations
Client - A client for the Organizations API.
- Parent
Contains information about either a root or an organizational unit (OU) that can contain OUs or accounts in an organization.
- Policy
Contains rules to be applied to the affected accounts. Policies can be attached directly to accounts, or to roots and OUs to affect all accounts in those hierarchies.
- Policy
Summary Contains information about a policy, but does not include the content. To see the content of a policy, see DescribePolicy.
- Policy
Target Summary Contains information about a root, OU, or account that a policy is attached to.
- Policy
Type Summary Contains information about a policy type and its status in the associated root.
- Register
Delegated Administrator Request - Remove
Account From Organization Request - Root
Contains details about a root. A root is a top-level parent node in the hierarchy of an organization that can contain organizational units (OUs) and accounts. The root contains every AWS account in the organization.
- Tag
A custom key-value pair associated with a resource within your organization.
You can attach tags to any of the following organization resources.
-
AWS account
-
Organizational unit (OU)
-
Organization root
-
Policy
-
- TagResource
Request - Untag
Resource Request - Update
Organizational Unit Request - Update
Organizational Unit Response - Update
Policy Request - Update
Policy Response
Enums§
- Accept
Handshake Error - Errors returned by AcceptHandshake
- Attach
Policy Error - Errors returned by AttachPolicy
- Cancel
Handshake Error - Errors returned by CancelHandshake
- Create
Account Error - Errors returned by CreateAccount
- Create
GovCloud Account Error - Errors returned by CreateGovCloudAccount
- Create
Organization Error - Errors returned by CreateOrganization
- Create
Organizational Unit Error - Errors returned by CreateOrganizationalUnit
- Create
Policy Error - Errors returned by CreatePolicy
- Decline
Handshake Error - Errors returned by DeclineHandshake
- Delete
Organization Error - Errors returned by DeleteOrganization
- Delete
Organizational Unit Error - Errors returned by DeleteOrganizationalUnit
- Delete
Policy Error - Errors returned by DeletePolicy
- Deregister
Delegated Administrator Error - Errors returned by DeregisterDelegatedAdministrator
- Describe
Account Error - Errors returned by DescribeAccount
- Describe
Create Account Status Error - Errors returned by DescribeCreateAccountStatus
- Describe
Effective Policy Error - Errors returned by DescribeEffectivePolicy
- Describe
Handshake Error - Errors returned by DescribeHandshake
- Describe
Organization Error - Errors returned by DescribeOrganization
- Describe
Organizational Unit Error - Errors returned by DescribeOrganizationalUnit
- Describe
Policy Error - Errors returned by DescribePolicy
- Detach
Policy Error - Errors returned by DetachPolicy
- DisableAWS
Service Access Error - Errors returned by DisableAWSServiceAccess
- Disable
Policy Type Error - Errors returned by DisablePolicyType
- EnableAWS
Service Access Error - Errors returned by EnableAWSServiceAccess
- Enable
AllFeatures Error - Errors returned by EnableAllFeatures
- Enable
Policy Type Error - Errors returned by EnablePolicyType
- Invite
Account ToOrganization Error - Errors returned by InviteAccountToOrganization
- Leave
Organization Error - Errors returned by LeaveOrganization
- ListAWS
Service Access ForOrganization Error - Errors returned by ListAWSServiceAccessForOrganization
- List
Accounts Error - Errors returned by ListAccounts
- List
Accounts ForParent Error - Errors returned by ListAccountsForParent
- List
Children Error - Errors returned by ListChildren
- List
Create Account Status Error - Errors returned by ListCreateAccountStatus
- List
Delegated Administrators Error - Errors returned by ListDelegatedAdministrators
- List
Delegated Services ForAccount Error - Errors returned by ListDelegatedServicesForAccount
- List
Handshakes ForAccount Error - Errors returned by ListHandshakesForAccount
- List
Handshakes ForOrganization Error - Errors returned by ListHandshakesForOrganization
- List
Organizational Units ForParent Error - Errors returned by ListOrganizationalUnitsForParent
- List
Parents Error - Errors returned by ListParents
- List
Policies Error - Errors returned by ListPolicies
- List
Policies ForTarget Error - Errors returned by ListPoliciesForTarget
- List
Roots Error - Errors returned by ListRoots
- List
Tags ForResource Error - Errors returned by ListTagsForResource
- List
Targets ForPolicy Error - Errors returned by ListTargetsForPolicy
- Move
Account Error - Errors returned by MoveAccount
- Register
Delegated Administrator Error - Errors returned by RegisterDelegatedAdministrator
- Remove
Account From Organization Error - Errors returned by RemoveAccountFromOrganization
- TagResource
Error - Errors returned by TagResource
- Untag
Resource Error - Errors returned by UntagResource
- Update
Organizational Unit Error - Errors returned by UpdateOrganizationalUnit
- Update
Policy Error - Errors returned by UpdatePolicy
Traits§
- Organizations
- Trait representing the capabilities of the Organizations API. Organizations clients implement this trait.