Organizations class

Organizations is a web service that enables you to consolidate your multiple Amazon Web Services accounts into an organization and centrally manage your accounts and their resources.

This guide provides descriptions of the Organizations operations. For more information about using this service, see the Organizations User Guide.

Support and feedback for Organizations

We welcome your feedback. You can post your feedback and questions in the Organizations support forum. For more information about the Amazon Web Services Support forums, see Forums Help.

Endpoint to call When using the CLI or the Amazon Web Services SDK

For the current release of Organizations, specify the us-east-1 region for all Amazon Web Services API and CLI calls made from the commercial Amazon Web Services Regions outside of China. If calling from one of the Amazon Web Services Regions in China, then specify cn-northwest-1. You can do this in the CLI by using these parameters and commands:

Use the following parameter with each command to specify both the endpoint and its region:
--endpoint-url https://organizations.us-east-1.amazonaws.com (from commercial Amazon Web Services Regions outside of China)

or

--endpoint-url https://organizations.cn-northwest-1.amazonaws.com.cn (from Amazon Web Services Regions in China)
Use the default endpoint, but configure your default region with this command:
aws configure set default.region us-east-1 (from commercial Amazon Web Services Regions outside of China)

or

aws configure set default.region cn-northwest-1 (from Amazon Web Services Regions in China)
Use the following parameter with each command to specify the endpoint:
--region us-east-1 (from commercial Amazon Web Services Regions outside of China)

or

--region cn-northwest-1 (from Amazon Web Services Regions in China)

Recording API Requests

Organizations supports CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the Organizations service received, who made the request and when, and so on. For more about Organizations and its support for CloudTrail, see Logging Organizations API calls with CloudTrail in the Organizations User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.

Constructors

Organizations({required String region, AwsClientCredentials? credentials, AwsClientCredentialsProvider? credentialsProvider, Client? client, String? endpointUrl})

Properties

hashCode → int: The hash code for this object.
no setterinherited
runtimeType → Type: A representation of the runtime type of the object.
no setterinherited

Methods

acceptHandshake({required String handshakeId}) → Future<AcceptHandshakeResponse>: Accepts a handshake by sending an ACCEPTED response to the sender. You can view accepted handshakes in API responses for 30 days before they are deleted.
attachPolicy({required String policyId, required String targetId}) → Future<void>: Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:
cancelHandshake({required String handshakeId}) → Future<CancelHandshakeResponse>: Cancels a Handshake.
close() → void: Closes the internal HTTP client if none was provided at creation. If a client was passed as a constructor argument, this becomes a noop.
closeAccount({required String accountId}) → Future<void>: Closes an Amazon Web Services member account within an organization. You can close an account when all features are enabled . You can't close the management account with this API. This is an asynchronous request that Amazon Web Services performs in the background. Because CloseAccount operates asynchronously, it can return a successful completion message even though account closure might still be in progress. You need to wait a few minutes before the account is fully closed. To check the status of the request, do one of the following:
createAccount({required String accountName, required String email, IAMUserAccessToBilling? iamUserAccessToBilling, String? roleName, List<Tag>? tags}) → Future<CreateAccountResponse>: Creates an Amazon Web Services account that is automatically a member of the organization whose credentials made the request. This is an asynchronous request that Amazon Web Services performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
createGovCloudAccount({required String accountName, required String email, IAMUserAccessToBilling? iamUserAccessToBilling, String? roleName, List<Tag>? tags}) → Future<CreateGovCloudAccountResponse>: This action is available if all of the following are true:
createOrganization({OrganizationFeatureSet? featureSet}) → Future<CreateOrganizationResponse>: Creates an Amazon Web Services organization. The account whose user is calling the CreateOrganization operation automatically becomes the management account of the new organization.
createOrganizationalUnit({required String name, required String parentId, List<Tag>? tags}) → Future<CreateOrganizationalUnitResponse>: Creates an organizational unit (OU) within a root or parent OU. An OU is a container for accounts that enables you to organize your accounts to apply policies according to your business requirements. The number of levels deep that you can nest OUs is dependent upon the policy types enabled for that root. For service control policies, the limit is five.
createPolicy({required String content, required String description, required String name, required PolicyType type, List<Tag>? tags}) → Future<CreatePolicyResponse>: Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual Amazon Web Services account.
declineHandshake({required String handshakeId}) → Future<DeclineHandshakeResponse>: Declines a Handshake.
deleteOrganization() → Future<void>: Deletes the organization. You can delete an organization only by using credentials from the management account. The organization must be empty of member accounts.
deleteOrganizationalUnit({required String organizationalUnitId}) → Future<void>: Deletes an organizational unit (OU) from a root or another OU. You must first remove all accounts and child OUs from the OU that you want to delete.
deletePolicy({required String policyId}) → Future<void>: Deletes the specified policy from your organization. Before you perform this operation, you must first detach the policy from all organizational units (OUs), roots, and accounts.
deleteResourcePolicy() → Future<void>: Deletes the resource policy from your organization.
deregisterDelegatedAdministrator({required String accountId, required String servicePrincipal}) → Future<void>: Removes the specified member Amazon Web Services account as a delegated administrator for the specified Amazon Web Services service. You can run this action only for Amazon Web Services services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at Amazon Web Services Services that you can use with Organizations in the Organizations User Guide.
describeAccount({required String accountId}) → Future<DescribeAccountResponse>: Retrieves Organizations-related information about the specified account.
describeCreateAccountStatus({required String createAccountRequestId}) → Future<DescribeCreateAccountStatusResponse>: Retrieves the current status of an asynchronous request to create an account.
describeEffectivePolicy({required EffectivePolicyType policyType, String? targetId}) → Future<DescribeEffectivePolicyResponse>: Returns the contents of the effective policy for specified policy type and account. The effective policy is the aggregation of any policies of the specified type that the account inherits, plus any policy of that type that is directly attached to the account.
describeHandshake({required String handshakeId}) → Future<DescribeHandshakeResponse>: Returns details for a handshake. A handshake is the secure exchange of information between two Amazon Web Services accounts: a sender and a recipient.
describeOrganization() → Future<DescribeOrganizationResponse>: Retrieves information about the organization that the user's account belongs to.
describeOrganizationalUnit({required String organizationalUnitId}) → Future<DescribeOrganizationalUnitResponse>: Retrieves information about an organizational unit (OU).
describePolicy({required String policyId}) → Future<DescribePolicyResponse>: Retrieves information about a policy.
describeResourcePolicy() → Future<DescribeResourcePolicyResponse>: Retrieves information about a resource policy.
describeResponsibilityTransfer({required String id}) → Future<DescribeResponsibilityTransferResponse>: Returns details for a transfer. A transfer is an arrangement between two management accounts where one account designates the other with specified responsibilities for their organization.
detachPolicy({required String policyId, required String targetId}) → Future<void>: Detaches a policy from a target root, organizational unit (OU), or account. Every root, OU, and account must have at least one SCP attached. If you want to replace the default FullAWSAccess policy with an SCP that limits the permissions that can be delegated, you must attach the replacement SCP before you can remove the default SCP. This is the authorization strategy of an "allow list". If you instead attach a second SCP and leave the FullAWSAccess SCP still attached, and specify "Effect": "Deny" in the second SCP to override the "Effect": "Allow" in the FullAWSAccess policy (or any other attached SCP), you're using the authorization strategy of a "deny list".
disableAWSServiceAccess({required String servicePrincipal}) → Future<void>: Disables the integration of an Amazon Web Services service (the service that is specified by ServicePrincipal) with Organizations. When you disable integration, the specified service no longer can create a service-linked role in new accounts in your organization. This means the service can't perform operations on your behalf on any new accounts in your organization. The service can still perform operations in older accounts until the service completes its clean-up from Organizations.
disablePolicyType({required PolicyType policyType, required String rootId}) → Future<DisablePolicyTypeResponse>: Disables an organizational policy type in a root. A policy of a certain type can be attached to entities in a root only if that type is enabled in the root. After you perform this operation, you no longer can attach policies of the specified type to that root or to any organizational unit (OU) or account in that root. You can undo this by using the EnablePolicyType operation.
enableAllFeatures() → Future<EnableAllFeaturesResponse>: Enables all features in an organization. This enables the use of organization policies that can restrict the services and actions that can be called in each account. Until you enable all features, you have access only to consolidated billing, and you can't use any of the advanced account administration features that Organizations supports. For more information, see Enabling all features in your organization in the Organizations User Guide. After you enable all features, you can separately enable or disable individual policy types in a root using EnablePolicyType and DisablePolicyType. To see the status of policy types in a root, use ListRoots.
enableAWSServiceAccess({required String servicePrincipal}) → Future<void>: Provides an Amazon Web Services service (the service that is specified by ServicePrincipal) with permissions to view the structure of an organization, create a service-linked role in all the accounts in the organization, and allow the service to perform operations on behalf of the organization and its accounts. Establishing these permissions can be a first step in enabling the integration of an Amazon Web Services service with Organizations. For more information about enabling services to integrate with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.
enablePolicyType({required PolicyType policyType, required String rootId}) → Future<EnablePolicyTypeResponse>: Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root. You can undo this by using the DisablePolicyType operation.
inviteAccountToOrganization({required HandshakeParty target, String? notes, List<Tag>? tags}) → Future<InviteAccountToOrganizationResponse>: Sends an invitation to another account to join your organization as a member account. Organizations sends email on your behalf to the email address that is associated with the other account's owner. The invitation is implemented as a Handshake whose details are in the response. If the request includes tags, then the requester must have the organizations:TagResource permission.
inviteOrganizationToTransferResponsibility({required String sourceName, required DateTime startTimestamp, required HandshakeParty target, required ResponsibilityTransferType type, String? notes, List<Tag>? tags}) → Future<InviteOrganizationToTransferResponsibilityResponse>: Sends an invitation to another organization's management account to designate your account with the specified responsibilities for their organization. The invitation is implemented as a Handshake whose details are in the response.
leaveOrganization() → Future<void>: Removes a member account from its parent organization. This version of the operation is performed by the account that wants to leave. To remove a member account as a user in the management account, use RemoveAccountFromOrganization instead.
listAccounts({int? maxResults, String? nextToken}) → Future<ListAccountsResponse>: Lists all the accounts in the organization. To request only the accounts in a specified root or organizational unit (OU), use the ListAccountsForParent operation instead. You can only call this operation from the management account or a member account that is a delegated administrator.
listAccountsForParent({required String parentId, int? maxResults, String? nextToken}) → Future<ListAccountsForParentResponse>: Lists the accounts in an organization that are contained by the specified target root or organizational unit (OU). If you specify the root, you get a list of all the accounts that aren't in any OU. If you specify an OU, you get a list of all the accounts in only that OU and not in any child OUs. To get a list of all accounts in the organization, use the ListAccounts operation. You can only call this operation from the management account or a member account that is a delegated administrator.
listAccountsWithInvalidEffectivePolicy({required EffectivePolicyType policyType, int? maxResults, String? nextToken}) → Future<ListAccountsWithInvalidEffectivePolicyResponse>: Lists all the accounts in an organization that have invalid effective policies. An invalid effective policy is an effective policy that fails validation checks, resulting in the effective policy not being fully enforced on all the intended accounts within an organization.
listAWSServiceAccessForOrganization({int? maxResults, String? nextToken}) → Future<ListAWSServiceAccessForOrganizationResponse>: Returns a list of the Amazon Web Services services that you enabled to integrate with your organization. After a service on this list creates the resources that it requires for the integration, it can perform operations on your organization and its accounts.
listChildren({required ChildType childType, required String parentId, int? maxResults, String? nextToken}) → Future<ListChildrenResponse>: Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root. This operation, along with ListParents enables you to traverse the tree structure that makes up this root. You can only call this operation from the management account or a member account that is a delegated administrator.
listCreateAccountStatus({int? maxResults, String? nextToken, List<CreateAccountState>? states}) → Future<ListCreateAccountStatusResponse>: Lists the account creation requests that match the specified status that is currently being tracked for the organization. You can only call this operation from the management account or a member account that is a delegated administrator.
listDelegatedAdministrators({int? maxResults, String? nextToken, String? servicePrincipal}) → Future<ListDelegatedAdministratorsResponse>: Lists the Amazon Web Services accounts that are designated as delegated administrators in this organization.
listDelegatedServicesForAccount({required String accountId, int? maxResults, String? nextToken}) → Future<ListDelegatedServicesForAccountResponse>: List the Amazon Web Services services for which the specified account is a delegated administrator.
listEffectivePolicyValidationErrors({required String accountId, required EffectivePolicyType policyType, int? maxResults, String? nextToken}) → Future<ListEffectivePolicyValidationErrorsResponse>: Lists all the validation errors on an effective policy for a specified account and policy type.
listHandshakesForAccount({HandshakeFilter? filter, int? maxResults, String? nextToken}) → Future<ListHandshakesForAccountResponse>: Lists the recent handshakes that you have received.
listHandshakesForOrganization({HandshakeFilter? filter, int? maxResults, String? nextToken}) → Future<ListHandshakesForOrganizationResponse>: Lists the recent handshakes that you have sent.
listInboundResponsibilityTransfers({required ResponsibilityTransferType type, String? id, int? maxResults, String? nextToken}) → Future<ListInboundResponsibilityTransfersResponse>: Lists transfers that allow you to manage the specified responsibilities for another organization. This operation returns both transfer invitations and transfers.
listOrganizationalUnitsForParent({required String parentId, int? maxResults, String? nextToken}) → Future<ListOrganizationalUnitsForParentResponse>: Lists the organizational units (OUs) in a parent organizational unit or root. You can only call this operation from the management account or a member account that is a delegated administrator.
listOutboundResponsibilityTransfers({required ResponsibilityTransferType type, int? maxResults, String? nextToken}) → Future<ListOutboundResponsibilityTransfersResponse>: Lists transfers that allow an account outside your organization to manage the specified responsibilities for your organization. This operation returns both transfer invitations and transfers.
listParents({required String childId, int? maxResults, String? nextToken}) → Future<ListParentsResponse>: Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or account. This operation, along with ListChildren enables you to traverse the tree structure that makes up this root. You can only call this operation from the management account or a member account that is a delegated administrator.
listPolicies({required PolicyType filter, int? maxResults, String? nextToken}) → Future<ListPoliciesResponse>: Retrieves the list of all policies in an organization of a specified type. You can only call this operation from the management account or a member account that is a delegated administrator.
listPoliciesForTarget({required PolicyType filter, required String targetId, int? maxResults, String? nextToken}) → Future<ListPoliciesForTargetResponse>: Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account. You must specify the policy type that you want included in the returned list. You can only call this operation from the management account or a member account that is a delegated administrator.
listRoots({int? maxResults, String? nextToken}) → Future<ListRootsResponse>: Lists the roots that are defined in the current organization. You can only call this operation from the management account or a member account that is a delegated administrator.
listTagsForResource({required String resourceId, String? nextToken}) → Future<ListTagsForResourceResponse>: Lists tags that are attached to the specified resource.
listTargetsForPolicy({required String policyId, int? maxResults, String? nextToken}) → Future<ListTargetsForPolicyResponse>: Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to. You can only call this operation from the management account or a member account that is a delegated administrator.
moveAccount({required String accountId, required String destinationParentId, required String sourceParentId}) → Future<void>: Moves an account from its current source parent root or organizational unit (OU) to the specified destination parent root or OU.
noSuchMethod(Invocation invocation) → dynamic: Invoked when a nonexistent method or property is accessed.
inherited
putResourcePolicy({required String content, List<Tag>? tags}) → Future<PutResourcePolicyResponse>: Creates or updates a resource policy.
registerDelegatedAdministrator({required String accountId, required String servicePrincipal}) → Future<void>: Enables the specified member account to administer the Organizations features of the specified Amazon Web Services service. It grants read-only access to Organizations service data. The account still requires IAM permissions to access and administer the Amazon Web Services service.
removeAccountFromOrganization({required String accountId}) → Future<void>: Removes the specified account from the organization.
tagResource({required String resourceId, required List<Tag> tags}) → Future<void>: Adds one or more tags to the specified resource.
terminateResponsibilityTransfer({required String id, DateTime? endTimestamp}) → Future<TerminateResponsibilityTransferResponse>: Ends a transfer. A transfer is an arrangement between two management accounts where one account designates the other with specified responsibilities for their organization.
toString() → String: A string representation of this object.
inherited
untagResource({required String resourceId, required List<String> tagKeys}) → Future<void>: Removes any tags with the specified keys from the specified resource.
updateOrganizationalUnit({required String organizationalUnitId, String? name}) → Future<UpdateOrganizationalUnitResponse>: Renames the specified organizational unit (OU). The ID and ARN don't change. The child OUs and accounts remain in place, and any attached policies of the OU remain attached.
updatePolicy({required String policyId, String? content, String? description, String? name}) → Future<UpdatePolicyResponse>: Updates an existing policy with a new name, description, or content. If you don't supply any parameter, that value remains unchanged. You can't change a policy's type.
updateResponsibilityTransfer({required String id, required String name}) → Future<UpdateResponsibilityTransferResponse>: Updates a transfer. A transfer is the arrangement between two management accounts where one account designates the other with specified responsibilities for their organization.

Operators

operator ==(Object other) → bool: The equality operator.
inherited

Organizations class

Constructors

Properties

Methods

Operators

organizations library