AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Enables all features in an organization. This enables the use of organization policies
that can restrict the services and actions that can be called in each account. Until
you enable all features, you have access only to consolidated billing, and you can't
use any of the advanced account administration features that Organizations supports.
For more information, see Enabling
all features in your organization in the Organizations User Guide.
This operation is required only for organizations that were created explicitly with
only the consolidated billing features enabled. Calling this operation sends a handshake
to every invited account in the organization. The feature set change can be finalized
and the additional features enabled only after all administrators in the invited accounts
approve the change by accepting the handshake.
After you enable all features, you can separately enable or disable individual policy types in a root using EnablePolicyType and DisablePolicyType. To see the status of policy types in a root, use ListRoots.
After all invited member accounts accept the handshake, you finalize the feature set
change by accepting the handshake that contains "Action": "ENABLE_ALL_FEATURES".
This completes the change.
After you enable all features in your organization, the management account in the organization can apply policies on all member accounts. These policies can restrict what users and even administrators in those accounts can do. The management account can apply policies that prevent accounts from leaving the organization. Ensure that your account administrators are aware of this.
This operation can be called only from the organization's management account.
This is an asynchronous operation using the standard naming convention for .NET 4.5 or higher. For .NET 3.5 the operation is implemented as a pair of methods using the standard naming convention of BeginEnableAllFeatures and EndEnableAllFeatures.
Namespace: Amazon.Organizations
Assembly: AWSSDK.Organizations.dll
Version: 3.x.y.z
public virtual Task<EnableAllFeaturesResponse> EnableAllFeaturesAsync( EnableAllFeaturesRequest request, CancellationToken cancellationToken )
Container for the necessary parameters to execute the EnableAllFeatures service method.
A cancellation token that can be used by other objects or threads to receive notice of cancellation.
| Exception | Condition |
|---|---|
| AccessDeniedException | You don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access Management in the IAM User Guide. |
| AWSOrganizationsNotInUseException | Your account isn't a member of an organization. To make this request, you must use the credentials of an account that belongs to an organization. |
| ConcurrentModificationException | The target of the operation is currently being modified by a different request. Try again later. |
| HandshakeConstraintViolationException | The requested operation would violate the constraint identified in the reason code. Some of the reasons in the following list might not be applicable to this specific API or operation: ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. Note that deleted and closed accounts still count toward your limit. If you get this exception immediately after creating the organization, wait one hour and try again. If after an hour it continues to fail with this error, contact Amazon Web Services Support. ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a member of an organization. HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day. INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while it's in the process of enabling all features. You can resume inviting accounts after you finalize the process when all accounts have agreed to the change. ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has already enabled all features. ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the organization has already started the process to enable all features. ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different marketplace than the accounts in the organization. For example, accounts with India addresses must be associated with the AISPL marketplace. All accounts in an organization must be from the same marketplace. ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account too quickly after its previous change. PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment instrument, such as a credit card, associated with it. |
| InvalidInputException | The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit: Some of the reasons in the following list might not be applicable to this specific API or operation. DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity. IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified. INPUT_REQUIRED: You must include a value for all required parameters. INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner. INVALID_ENUM: You specified an invalid value. INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters. INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value. INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a previous call of the operation. INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party. INVALID_PATTERN: You provided a value that doesn't match the required pattern. INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern. INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved prefix AWSServiceRoleFor. INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the organization. INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count against your tags per resource limit. MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation. MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed. MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed. MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed. MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed. MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root. TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity. UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized. |
| ServiceException | Organizations can't complete your request because of an internal service error. Try again later. |
| TooManyRequestsException | You have sent too many requests in too short a period of time. The quota helps protect against denial-of-service attacks. Try again later. For information about quotas that affect Organizations, see Quotas for Organizations in the Organizations User Guide. |
.NET Core App:
Supported in: 3.1
.NET Standard:
Supported in: 2.0
.NET Framework:
Supported in: 4.5