GetAccountLevelServiceConfiguration
Retrieves the status of your account's AWS service access, and validates the service linked role required to access the multi-account search feature. Only the management account can invoke this API call.
Minimum permissions
To call this operation, you must have the following permissions:
-
Action:
resource-explorer-2:GetAccountLevelServiceConfiguration
Resource: No specific resource (*).
Request Syntax
POST /GetAccountLevelServiceConfiguration HTTP/1.1
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request does not have a request body.
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"OrgConfiguration": {
"AWSServiceAccessStatus": "string",
"ServiceLinkedRole": "string"
}
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- OrgConfiguration
-
Details about the organization, and whether configuration is
ENABLED
orDISABLED
.Type: OrgConfiguration object
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
The credentials that you used to call this operation don't have the minimum required permissions.
HTTP Status Code: 403
- InternalServerException
-
The request failed because of internal service error. Try your request again later.
HTTP Status Code: 500
- ResourceNotFoundException
-
You specified a resource that doesn't exist. Check the ID or ARN that you used to identity the resource, and try again.
HTTP Status Code: 404
- ThrottlingException
-
The request failed because you exceeded a rate limit for this operation. For more information, see Quotas for Resource Explorer.
HTTP Status Code: 429
Examples
Example
The following example shows how to configure Resource Explorer multi-account search for your organization.
Sample Request
POST /GetAccountLevelServiceConfiguration HTTP/1.1
Host: resource-explorer-2.us-east-1.amazonaws.com
X-Amz-Date: 20221101T200059Z
Accept-Encoding: identity
User-Agent: <UserAgentString>
Content-Length: <PayloadSizeBytes>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature>
Sample Response
HTTP/1.1 200 OK
Date: Tue, 01 Nov 2022 20:00:59 GMT
Content-Type: application/json
Content-Length: <PayloadSizeBytes>
{
"OrgConfiguration": {
"AWSServiceAccessStatus": "ENABLED",
"ServiceLinkedRole": "arn:aws:iam::123456789012:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer"
}
}
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: