AWS Organizations

2020/03/24 - AWS Organizations - 4 new api methods

Changes  Introduces actions for giving a member account administrative Organizations permissions for an AWS service. You can run this action only for AWS services that support this feature.

ListDelegatedServicesForAccount (new) Link ¶

List the AWS services for which the specified account is a delegated administrator.

This operation can be called only from the organization's master account or by a member account that is a delegated administrator for an AWS service.

See also: AWS API Documentation

Request Syntax

client.list_delegated_services_for_account(
    AccountId='string',
    NextToken='string',
    MaxResults=123
)
type AccountId

string

param AccountId

[REQUIRED]

The account ID number of a delegated administrator account in the organization.

type NextToken

string

param NextToken

The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value of the previous call's NextToken response to indicate where the output should continue from.

type MaxResults

integer

param MaxResults

The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

rtype

dict

returns

Response Syntax

{
    'DelegatedServices': [
        {
            'ServicePrincipal': 'string',
            'DelegationEnabledDate': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • DelegatedServices (list) --

      The services for which the account is a delegated administrator.

      • (dict) --

        Contains information about the AWS service for which the account is a delegated administrator.

        • ServicePrincipal (string) --

          The name of a service that can request an operation for the specified service. This is typically in the form of a URL, such as: `` servicename .amazonaws.com`` .

        • DelegationEnabledDate (datetime) --

          The date that the account became a delegated administrator for this service.

    • NextToken (string) --

      If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null .

DeregisterDelegatedAdministrator (new) Link ¶

Removes the specified member AWS account as a delegated administrator for the specified AWS service.

You can run this action only for AWS services that support this feature. For a current list of services that support it, see AWS Services That Support Using Delegated Administrators in the AWS Organizations User Guide.

This operation can be called only from the organization's master account.

See also: AWS API Documentation

Request Syntax

client.deregister_delegated_administrator(
    AccountId='string',
    ServicePrincipal='string'
)
type AccountId

string

param AccountId

[REQUIRED]

The account ID number of the member account in the organization that you want to deregister as a delegated administrator.

type ServicePrincipal

string

param ServicePrincipal

[REQUIRED]

The service principal name of an AWS service for which the account is a delegated administrator.

Delegated administrator privileges are revoked for only the specified AWS service from the member account. If the specified service is the only service for which the member account is a delegated administrator, the operation also revokes Organizations read action permissions.

returns

None

RegisterDelegatedAdministrator (new) Link ¶

Enables the specified member account to administer the Organizations features of the specified AWS service. It grants read-only access to AWS Organizations service data. The account still requires IAM permissions to access and administer the AWS service.

You can run this action only for AWS services that support this feature. For a current list of services that support it, see AWS Services That Support Using Delegated Administrators in the AWS Organizations User Guide.

This operation can be called only from the organization's master account.

See also: AWS API Documentation

Request Syntax

client.register_delegated_administrator(
    AccountId='string',
    ServicePrincipal='string'
)
type AccountId

string

param AccountId

[REQUIRED]

The account ID number of the member account in the organization to register as a delegated administrator.

type ServicePrincipal

string

param ServicePrincipal

[REQUIRED]

The service principal of the AWS service for which you want to make the member account a delegated administrator.

returns

None

ListDelegatedAdministrators (new) Link ¶

Lists the AWS accounts that are designated as delegated administrators in this organization.

This operation can be called only from the organization's master account or by a member account that is a delegated administrator for an AWS service.

See also: AWS API Documentation

Request Syntax

client.list_delegated_administrators(
    ServicePrincipal='string',
    NextToken='string',
    MaxResults=123
)
type ServicePrincipal

string

param ServicePrincipal

Specifies a service principal name. If specified, then the operation lists the delegated administrators only for the specified service.

If you don't specify a service principal, the operation lists all delegated administrators for all services in your organization.

type NextToken

string

param NextToken

The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value of the previous call's NextToken response to indicate where the output should continue from.

type MaxResults

integer

param MaxResults

The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

rtype

dict

returns

Response Syntax

{
    'DelegatedAdministrators': [
        {
            'Id': 'string',
            'Arn': 'string',
            'Email': 'string',
            'Name': 'string',
            'Status': 'ACTIVE'|'SUSPENDED',
            'JoinedMethod': 'INVITED'|'CREATED',
            'JoinedTimestamp': datetime(2015, 1, 1),
            'DelegationEnabledDate': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • DelegatedAdministrators (list) --

      The list of delegated administrators in your organization.

      • (dict) --

        Contains information about the delegated administrator.

        • Id (string) --

          The unique identifier (ID) of the delegated administrator's account.

        • Arn (string) --

          The Amazon Resource Name (ARN) of the delegated administrator's account.

        • Email (string) --

          The email address that is associated with the delegated administrator's AWS account.

        • Name (string) --

          The friendly name of the delegated administrator's account.

        • Status (string) --

          The status of the delegated administrator's account in the organization.

        • JoinedMethod (string) --

          The method by which the delegated administrator's account joined the organization.

        • JoinedTimestamp (datetime) --

          The date when the delegated administrator's account became a part of the organization.

        • DelegationEnabledDate (datetime) --

          The date when the account was made a delegated administrator.

    • NextToken (string) --

      If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null .