AWS Organization Administrator - Amazon Macie

AWS Organization Administrator

The AWS Organization Administrator resource provides access to settings that specify which account is designated as the delegated administrator of Amazon Macie for an AWS organization. To access and use this resource, you must be a user of the master account for your AWS organization.

An AWS organization is a set of AWS accounts that are managed as a group by using the AWS Organizations service. AWS Organizations is an account management service that enables administrators to consolidate and centrally manage multiple AWS accounts as a single organization. To learn more about this service, see the AWS Organizations User Guide.

If you're a user of the master account for an AWS organization, you can use this resource to retrieve information about the account that's currently designated as the delegated Macie administrator for your organization. You can also use this resource to change that designation. Note that only one account can be designated and enabled as the delegated Macie administrator for an AWS organization.

URI

/admin

HTTP Methods

GET

Operation ID: ListOrganizationAdminAccounts

Retrieves information about the account that's designated as the delegated administrator of Amazon Macie for an AWS organization.

Query Parameters
Name Type Required Description
nextToken String False

The nextToken string that specifies which page of results to return in a paginated response.

maxResults String False

The maximum number of items to include in each page of a paginated response.

Responses
Status Code Response Model Description
200 ListOrganizationAdminAccountsResponse

The request succeeded.

400 ValidationException

The request failed because it contains a syntax error.

402 ServiceQuotaExceededException

The request failed because fulfilling the request would exceed one or more service quotas for your account.

403 AccessDeniedException

The request was denied because you don't have sufficient access to the specified resource.

404 ResourceNotFoundException

The request failed because the specified resource wasn't found.

409 ConflictException

The request failed because it conflicts with the current state of the specified resource.

429 ThrottlingException

The request failed because you sent too many requests during a certain amount of time.

500 InternalServerException

The request failed due to an unknown internal server error, exception, or failure.

POST

Operation ID: EnableOrganizationAdminAccount

Enables an account as a delegated administrator of Amazon Macie for an AWS organization.

Responses
Status Code Response Model Description
200 Empty Schema

The request succeeded and there isn't any content to include in the body of the response (No Content).

400 ValidationException

The request failed because it contains a syntax error.

402 ServiceQuotaExceededException

The request failed because fulfilling the request would exceed one or more service quotas for your account.

403 AccessDeniedException

The request was denied because you don't have sufficient access to the specified resource.

404 ResourceNotFoundException

The request failed because the specified resource wasn't found.

409 ConflictException

The request failed because it conflicts with the current state of the specified resource.

429 ThrottlingException

The request failed because you sent too many requests during a certain amount of time.

500 InternalServerException

The request failed due to an unknown internal server error, exception, or failure.

DELETE

Operation ID: DisableOrganizationAdminAccount

Disables an account as a delegated administrator of Amazon Macie for an AWS organization.

Query Parameters
Name Type Required Description
adminAccountId String True

The AWS account ID of the delegated administrator account.

Responses
Status Code Response Model Description
200 Empty Schema

The request succeeded and there isn't any content to include in the body of the response (No Content).

400 ValidationException

The request failed because it contains a syntax error.

402 ServiceQuotaExceededException

The request failed because fulfilling the request would exceed one or more service quotas for your account.

403 AccessDeniedException

The request was denied because you don't have sufficient access to the specified resource.

404 ResourceNotFoundException

The request failed because the specified resource wasn't found.

409 ConflictException

The request failed because it conflicts with the current state of the specified resource.

429 ThrottlingException

The request failed because you sent too many requests during a certain amount of time.

500 InternalServerException

The request failed due to an unknown internal server error, exception, or failure.

Schemas

Request Bodies

Example POST

{ "clientToken": "string", "adminAccountId": "string" }

Response Bodies

Example ListOrganizationAdminAccountsResponse

{ "nextToken": "string", "adminAccounts": [ { "accountId": "string", "status": enum } ] }

Example Empty Schema

{ }

Example ValidationException

{ "message": "string" }

Example ServiceQuotaExceededException

{ "message": "string" }

Example AccessDeniedException

{ "message": "string" }

Example ResourceNotFoundException

{ "message": "string" }

Example ConflictException

{ "message": "string" }

Example ThrottlingException

{ "message": "string" }

Example InternalServerException

{ "message": "string" }

Properties

AccessDeniedException

Provides information about an error that occurred due to insufficient access to a specified resource.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

AdminAccount

Provides information about an account that's designated as a delegated administrator of Amazon Macie for an AWS organization.

Property Type Required Description
accountId

string

False

The AWS account ID for the account.

status

AdminStatus

False

The current status of the account as a delegated administrator of Amazon Macie for the organization.

AdminStatus

The current status of an account as a delegated administrator of Amazon Macie for an AWS organization.

  • ENABLED

  • DISABLING_IN_PROGRESS

ConflictException

Provides information about an error that occurred due to a versioning conflict for a specified resource.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

Empty

The request succeeded and there isn't any content to include in the body of the response (No Content).

EnableOrganizationAdminAccountRequest

Specifies an account to designate as a delegated administrator of Amazon Macie for an AWS organization. To submit this request, you must be a user of the master account for the AWS organization.

Property Type Required Description
clientToken

string

False

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

adminAccountId

string

True

The AWS account ID for the account.

InternalServerException

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ListOrganizationAdminAccountsResponse

Provides information about the accounts that are designated as delegated administrators of Amazon Macie for an AWS organization.

Property Type Required Description
nextToken

string

False

The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.

adminAccounts

Array of type AdminAccount

False

An array of objects, one for each account that's designated as a delegated administrator of Amazon Macie for the AWS organization. Of those accounts, only one can have a status of ENABLED.

ResourceNotFoundException

Provides information about an error that occurred because a specified resource wasn't found.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ServiceQuotaExceededException

Provides information about an error that occurred due to one or more service quotas for an account.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ThrottlingException

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ValidationException

Provides information about an error that occurred due to a syntax error in a request.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

See Also

For more information about using this API in one of the language-specific AWS SDKs and references, see the following:

ListOrganizationAdminAccounts

EnableOrganizationAdminAccount

DisableOrganizationAdminAccount