Skip to content

Client

organizations R Documentation

AWS Organizations

Description

Organizations is a web service that enables you to consolidate your multiple Amazon Web Services accounts into an organization and centrally manage your accounts and their resources.

This guide provides descriptions of the Organizations operations. For more information about using this service, see the Organizations User Guide.

Support and feedback for Organizations

We welcome your feedback. Send your comments to feedback-awsorganizations@amazon.com or post your feedback and questions in the Organizations support forum. For more information about the Amazon Web Services support forums, see Forums Help.

Endpoint to call When using the CLI or the Amazon Web Services SDK

For the current release of Organizations, specify the us-east-1 region for all Amazon Web Services API and CLI calls made from the commercial Amazon Web Services Regions outside of China. If calling from one of the Amazon Web Services Regions in China, then specify cn-northwest-1. You can do this in the CLI by using these parameters and commands:

  • Use the following parameter with each command to specify both the endpoint and its region:

    ⁠--endpoint-url https://organizations.us-east-1.amazonaws.com⁠ (from commercial Amazon Web Services Regions outside of China)

    or

    ⁠--endpoint-url https://organizations.cn-northwest-1.amazonaws.com.cn⁠ (from Amazon Web Services Regions in China)

  • Use the default endpoint, but configure your default region with this command:

    ⁠aws configure set default.region us-east-1⁠ (from commercial Amazon Web Services Regions outside of China)

    or

    ⁠aws configure set default.region cn-northwest-1⁠ (from Amazon Web Services Regions in China)

  • Use the following parameter with each command to specify the endpoint:

    ⁠--region us-east-1⁠ (from commercial Amazon Web Services Regions outside of China)

    or

    ⁠--region cn-northwest-1⁠ (from Amazon Web Services Regions in China)

Recording API Requests

Organizations supports CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the Organizations service received, who made the request and when, and so on. For more about Organizations and its support for CloudTrail, see Logging Organizations API calls with CloudTrail in the Organizations User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.

Usage

organizations(
  config = list(),
  credentials = list(),
  endpoint = NULL,
  region = NULL
)

Arguments

config

Optional configuration of credentials, endpoint, and/or region.

  • credentials:

    • creds:

      • access_key_id: AWS access key ID

      • secret_access_key: AWS secret access key

      • session_token: AWS temporary session token

    • profile: The name of a profile to use. If not given, then the default profile is used.

    • anonymous: Set anonymous credentials.

  • endpoint: The complete URL to use for the constructed client.

  • region: The AWS Region used in instantiating the client.

  • close_connection: Immediately close all HTTP connections.

  • timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.

  • s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e. ⁠http://s3.amazonaws.com/BUCKET/KEY⁠.

  • sts_regional_endpoint: Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html

credentials

Optional credentials shorthand for the config parameter

  • creds:

    • access_key_id: AWS access key ID

    • secret_access_key: AWS secret access key

    • session_token: AWS temporary session token

  • profile: The name of a profile to use. If not given, then the default profile is used.

  • anonymous: Set anonymous credentials.

endpoint

Optional shorthand for complete URL to use for the constructed client.

region

Optional shorthand for AWS Region used in instantiating the client.

Value

A client for the service. You can call the service's operations using syntax like svc$operation(...), where svc is the name you've assigned to the client. The available operations are listed in the Operations section.

Service syntax

svc <- organizations(
  config = list(
    credentials = list(
      creds = list(
        access_key_id = "string",
        secret_access_key = "string",
        session_token = "string"
      ),
      profile = "string",
      anonymous = "logical"
    ),
    endpoint = "string",
    region = "string",
    close_connection = "logical",
    timeout = "numeric",
    s3_force_path_style = "logical",
    sts_regional_endpoint = "string"
  ),
  credentials = list(
    creds = list(
      access_key_id = "string",
      secret_access_key = "string",
      session_token = "string"
    ),
    profile = "string",
    anonymous = "logical"
  ),
  endpoint = "string",
  region = "string"
)

Operations

accept_handshake
Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request
attach_policy
Attaches a policy to a root, an organizational unit (OU), or an individual account
cancel_handshake
Cancels a handshake
close_account
Closes an Amazon Web Services member account within an organization
create_account
Creates an Amazon Web Services account that is automatically a member of the organization whose credentials made the request
create_gov_cloud_account
This action is available if all of the following are true:
create_organization
Creates an Amazon Web Services organization
create_organizational_unit
Creates an organizational unit (OU) within a root or parent OU
create_policy
Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual Amazon Web Services account
decline_handshake
Declines a handshake request
delete_organization
Deletes the organization
delete_organizational_unit
Deletes an organizational unit (OU) from a root or another OU
delete_policy
Deletes the specified policy from your organization
delete_resource_policy
Deletes the resource policy from your organization
deregister_delegated_administrator
Removes the specified member Amazon Web Services account as a delegated administrator for the specified Amazon Web Services service
describe_account
Retrieves Organizations-related information about the specified account
describe_create_account_status
Retrieves the current status of an asynchronous request to create an account
describe_effective_policy
Returns the contents of the effective policy for specified policy type and account
describe_handshake
Retrieves information about a previously requested handshake
describe_organization
Retrieves information about the organization that the user's account belongs to
describe_organizational_unit
Retrieves information about an organizational unit (OU)
describe_policy
Retrieves information about a policy
describe_resource_policy
Retrieves information about a resource policy
detach_policy
Detaches a policy from a target root, organizational unit (OU), or account
disable_aws_service_access
Disables the integration of an Amazon Web Services service (the service that is specified by ServicePrincipal) with Organizations
disable_policy_type
Disables an organizational policy type in a root
enable_all_features
Enables all features in an organization
enable_aws_service_access
Enables the integration of an Amazon Web Services service (the service that is specified by ServicePrincipal) with Organizations
enable_policy_type
Enables a policy type in a root
invite_account_to_organization
Sends an invitation to another account to join your organization as a member account
leave_organization
Removes a member account from its parent organization
list_accounts
Lists all the accounts in the organization
list_accounts_for_parent
Lists the accounts in an organization that are contained by the specified target root or organizational unit (OU)
list_aws_service_access_for_organization
Returns a list of the Amazon Web Services services that you enabled to integrate with your organization
list_children
Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root
list_create_account_status
Lists the account creation requests that match the specified status that is currently being tracked for the organization
list_delegated_administrators
Lists the Amazon Web Services accounts that are designated as delegated administrators in this organization
list_delegated_services_for_account
List the Amazon Web Services services for which the specified account is a delegated administrator
list_handshakes_for_account
Lists the current handshakes that are associated with the account of the requesting user
list_handshakes_for_organization
Lists the handshakes that are associated with the organization that the requesting user is part of
list_organizational_units_for_parent
Lists the organizational units (OUs) in a parent organizational unit or root
list_parents
Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or account
list_policies
Retrieves the list of all policies in an organization of a specified type
list_policies_for_target
Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account
list_roots
Lists the roots that are defined in the current organization
list_tags_for_resource
Lists tags that are attached to the specified resource
list_targets_for_policy
Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to
move_account
Moves an account from its current source parent root or organizational unit (OU) to the specified destination parent root or OU
put_resource_policy
Creates or updates a resource policy
register_delegated_administrator
Enables the specified member account to administer the Organizations features of the specified Amazon Web Services service
remove_account_from_organization
Removes the specified account from the organization
tag_resource
Adds one or more tags to the specified resource
untag_resource
Removes any tags with the specified keys from the specified resource
update_organizational_unit
Renames the specified organizational unit (OU)
update_policy
Updates an existing policy with a new name, description, or content

Examples

## Not run: 
svc <- organizations()
# Bill is the owner of an organization, and he invites Juan's account
# (222222222222) to join his organization. The following example shows
# Juan's account accepting the handshake and thus agreeing to the
# invitation.
svc$accept_handshake(
  HandshakeId = "h-examplehandshakeid111"
)

## End(Not run)