AWS Organization Administrator - Amazon Macie

AWS Organization Administrator

The AWS Organization Administrator resource provides settings that specify which account is the delegated Amazon Macie administrator account for an AWS organization. To use this resource, you must be a user of the management account for the AWS organization.

An AWS organization is a set of AWS accounts that are managed as a group by using the AWS Organizations service. AWS Organizations is an account management service that enables administrators to consolidate and centrally manage multiple AWS accounts as a single organization. To learn more about this service, see the AWS Organizations User Guide.

If you're a user of the management account for an AWS organization, you can use this resource to designate a delegated Macie administrator account for the organization. You can also use this resource to retrieve information about and change that designation. Note that an AWS organization can have only one delegated Macie administrator account.

URI

/admin

HTTP Methods

GET

Operation ID: ListOrganizationAdminAccounts

Retrieves information about the delegated Amazon Macie administrator account for an AWS organization.

Query Parameters
Name Type Required Description
nextToken String False

The nextToken string that specifies which page of results to return in a paginated response.

maxResults String False

The maximum number of items to include in each page of a paginated response.

Responses
Status Code Response Model Description
200 ListOrganizationAdminAccountsResponse

The request succeeded.

400 ValidationException

The request failed because it contains a syntax error.

402 ServiceQuotaExceededException

The request failed because fulfilling the request would exceed one or more service quotas for your account.

403 AccessDeniedException

The request was denied because you don't have sufficient access to the specified resource.

404 ResourceNotFoundException

The request failed because the specified resource wasn't found.

409 ConflictException

The request failed because it conflicts with the current state of the specified resource.

429 ThrottlingException

The request failed because you sent too many requests during a certain amount of time.

500 InternalServerException

The request failed due to an unknown internal server error, exception, or failure.

POST

Operation ID: EnableOrganizationAdminAccount

Designates an account as the delegated Amazon Macie administrator account for an AWS organization.

Responses
Status Code Response Model Description
200 Empty Schema

The request succeeded and there isn't any content to include in the body of the response (No Content).

400 ValidationException

The request failed because it contains a syntax error.

402 ServiceQuotaExceededException

The request failed because fulfilling the request would exceed one or more service quotas for your account.

403 AccessDeniedException

The request was denied because you don't have sufficient access to the specified resource.

404 ResourceNotFoundException

The request failed because the specified resource wasn't found.

409 ConflictException

The request failed because it conflicts with the current state of the specified resource.

429 ThrottlingException

The request failed because you sent too many requests during a certain amount of time.

500 InternalServerException

The request failed due to an unknown internal server error, exception, or failure.

DELETE

Operation ID: DisableOrganizationAdminAccount

Disables an account as the delegated Amazon Macie administrator account for an AWS organization.

Query Parameters
Name Type Required Description
adminAccountId String True

The AWS account ID of the delegated administrator account.

Responses
Status Code Response Model Description
200 Empty Schema

The request succeeded and there isn't any content to include in the body of the response (No Content).

400 ValidationException

The request failed because it contains a syntax error.

402 ServiceQuotaExceededException

The request failed because fulfilling the request would exceed one or more service quotas for your account.

403 AccessDeniedException

The request was denied because you don't have sufficient access to the specified resource.

404 ResourceNotFoundException

The request failed because the specified resource wasn't found.

409 ConflictException

The request failed because it conflicts with the current state of the specified resource.

429 ThrottlingException

The request failed because you sent too many requests during a certain amount of time.

500 InternalServerException

The request failed due to an unknown internal server error, exception, or failure.

Schemas

Request Bodies

Example POST

{ "clientToken": "string", "adminAccountId": "string" }

Response Bodies

Example ListOrganizationAdminAccountsResponse

{ "nextToken": "string", "adminAccounts": [ { "accountId": "string", "status": enum } ] }

Example Empty Schema

{ }

Example ValidationException

{ "message": "string" }

Example ServiceQuotaExceededException

{ "message": "string" }

Example AccessDeniedException

{ "message": "string" }

Example ResourceNotFoundException

{ "message": "string" }

Example ConflictException

{ "message": "string" }

Example ThrottlingException

{ "message": "string" }

Example InternalServerException

{ "message": "string" }

Properties

AccessDeniedException

Provides information about an error that occurred due to insufficient access to a specified resource.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

AdminAccount

Provides information about the delegated Amazon Macie administrator account for an AWS organization.

Property Type Required Description
accountId

string

False

The AWS account ID for the account.

status

AdminStatus

False

The current status of the account as a delegated administrator of Amazon Macie for the organization.

AdminStatus

The current status of an account as the delegated Amazon Macie administrator account for an AWS organization.

  • ENABLED

  • DISABLING_IN_PROGRESS

ConflictException

Provides information about an error that occurred due to a versioning conflict for a specified resource.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

Empty

The request succeeded and there isn't any content to include in the body of the response (No Content).

EnableOrganizationAdminAccountRequest

Specifies an account to designate as a delegated Amazon Macie administrator account for an AWS organization. To submit this request, you must be a user of the management account for the AWS organization.

Property Type Required Description
clientToken

string

False

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

adminAccountId

string

True

The AWS account ID for the account to designate as the delegated Amazon Macie administrator account for the organization.

InternalServerException

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ListOrganizationAdminAccountsResponse

Provides information about the delegated Amazon Macie administrator accounts for an AWS organization.

Property Type Required Description
nextToken

string

False

The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.

adminAccounts

Array of type AdminAccount

False

An array of objects, one for each delegated Amazon Macie administrator account for the organization. Only one of these accounts can have a status of ENABLED.

ResourceNotFoundException

Provides information about an error that occurred because a specified resource wasn't found.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ServiceQuotaExceededException

Provides information about an error that occurred due to one or more service quotas for an account.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ThrottlingException

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ValidationException

Provides information about an error that occurred due to a syntax error in a request.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

See Also

For more information about using this API in one of the language-specific AWS SDKs and references, see the following:

ListOrganizationAdminAccounts

EnableOrganizationAdminAccount

DisableOrganizationAdminAccount