libZSservicesZSamazonka-organizationsZSamazonka-organizations
Copyright(c) 2013-2021 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone

Amazonka.Organizations.DetachPolicy

Description

Detaches a policy from a target root, organizational unit (OU), or account.

If the policy being detached is a service control policy (SCP), the changes to permissions for AWS Identity and Access Management (IAM) users and roles in affected accounts are immediate.

Every root, OU, and account must have at least one SCP attached. If you want to replace the default FullAWSAccess policy with an SCP that limits the permissions that can be delegated, you must attach the replacement SCP before you can remove the default SCP. This is the authorization strategy of an "allow list". If you instead attach a second SCP and leave the FullAWSAccess SCP still attached, and specify "Effect": "Deny" in the second SCP to override the "Effect": "Allow" in the FullAWSAccess policy (or any other attached SCP), you're using the authorization strategy of a "deny list".

This operation can be called only from the organization's management account.

Synopsis

Creating a Request

data DetachPolicy Source #

See: newDetachPolicy smart constructor.

Constructors

DetachPolicy' 

Fields

  • policyId :: Text

    The unique identifier (ID) of the policy you want to detach. You can get the ID from the ListPolicies or ListPoliciesForTarget operations.

    The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).

  • targetId :: Text

    The unique identifier (ID) of the root, OU, or account that you want to detach the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent, or ListAccounts operations.

    The regex pattern for a target ID string requires one of the following:

    • Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
    • Account - A string that consists of exactly 12 digits.
    • Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.

Instances

Instances details
Eq DetachPolicy Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Methods

(==) :: DetachPolicy -> DetachPolicy -> Bool #

(/=) :: DetachPolicy -> DetachPolicy -> Bool #

Read DetachPolicy Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Methods

readsPrec :: Int -> ReadS DetachPolicy #

readList :: ReadS [DetachPolicy] #

readPrec :: ReadPrec DetachPolicy #

readListPrec :: ReadPrec [DetachPolicy] #

Show DetachPolicy Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Methods

showsPrec :: Int -> DetachPolicy -> ShowS #

show :: DetachPolicy -> String #

showList :: [DetachPolicy] -> ShowS #

Generic DetachPolicy Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Associated Types

type Rep DetachPolicy :: Type -> Type #

Methods

from :: DetachPolicy -> Rep DetachPolicy x #

to :: Rep DetachPolicy x -> DetachPolicy #

NFData DetachPolicy Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Methods

rnf :: DetachPolicy -> () #

Hashable DetachPolicy Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Methods

hashWithSalt :: Int -> DetachPolicy -> Int #

hash :: DetachPolicy -> Int #

ToJSON DetachPolicy Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Methods

toJSON :: DetachPolicy -> Value #

toEncoding :: DetachPolicy -> Encoding #

toJSONList :: [DetachPolicy] -> Value #

toEncodingList :: [DetachPolicy] -> Encoding #

AWSRequest DetachPolicy Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Associated Types

type AWSResponse DetachPolicy #

Methods

request :: DetachPolicy -> Request DetachPolicy #

response :: MonadResource m => Logger -> Service -> Proxy DetachPolicy -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse DetachPolicy))) #

ToHeaders DetachPolicy Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Methods

toHeaders :: DetachPolicy -> [Header] #

ToPath DetachPolicy Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Methods

toPath :: DetachPolicy -> ByteString #

ToQuery DetachPolicy Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Methods

toQuery :: DetachPolicy -> QueryString #

type Rep DetachPolicy Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

type Rep DetachPolicy = D1 ('MetaData "DetachPolicy" "Amazonka.Organizations.DetachPolicy" "libZSservicesZSamazonka-organizationsZSamazonka-organizations" 'False) (C1 ('MetaCons "DetachPolicy'" 'PrefixI 'True) (S1 ('MetaSel ('Just "policyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "targetId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))
type AWSResponse DetachPolicy Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

type AWSResponse DetachPolicy = DetachPolicyResponse

newDetachPolicy Source #

Arguments

:: Text

$sel:policyId:DetachPolicy'

-> Text

$sel:targetId:DetachPolicy'

-> DetachPolicy 

Create a value of DetachPolicy with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:policyId:DetachPolicy', detachPolicy_policyId - The unique identifier (ID) of the policy you want to detach. You can get the ID from the ListPolicies or ListPoliciesForTarget operations.

The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).

$sel:targetId:DetachPolicy', detachPolicy_targetId - The unique identifier (ID) of the root, OU, or account that you want to detach the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent, or ListAccounts operations.

The regex pattern for a target ID string requires one of the following:

  • Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
  • Account - A string that consists of exactly 12 digits.
  • Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.

Request Lenses

detachPolicy_policyId :: Lens' DetachPolicy Text Source #

The unique identifier (ID) of the policy you want to detach. You can get the ID from the ListPolicies or ListPoliciesForTarget operations.

The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).

detachPolicy_targetId :: Lens' DetachPolicy Text Source #

The unique identifier (ID) of the root, OU, or account that you want to detach the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent, or ListAccounts operations.

The regex pattern for a target ID string requires one of the following:

  • Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.
  • Account - A string that consists of exactly 12 digits.
  • Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.

Destructuring the Response

data DetachPolicyResponse Source #

See: newDetachPolicyResponse smart constructor.

Constructors

DetachPolicyResponse' 

Instances

Instances details
Eq DetachPolicyResponse Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Methods

(==) :: DetachPolicyResponse -> DetachPolicyResponse -> Bool #

(/=) :: DetachPolicyResponse -> DetachPolicyResponse -> Bool #

Read DetachPolicyResponse Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Methods

readsPrec :: Int -> ReadS DetachPolicyResponse #

readList :: ReadS [DetachPolicyResponse] #

readPrec :: ReadPrec DetachPolicyResponse #

readListPrec :: ReadPrec [DetachPolicyResponse] #

Show DetachPolicyResponse Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Methods

showsPrec :: Int -> DetachPolicyResponse -> ShowS #

show :: DetachPolicyResponse -> String #

showList :: [DetachPolicyResponse] -> ShowS #

Generic DetachPolicyResponse Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Associated Types

type Rep DetachPolicyResponse :: Type -> Type #

Methods

from :: DetachPolicyResponse -> Rep DetachPolicyResponse x #

to :: Rep DetachPolicyResponse x -> DetachPolicyResponse #

NFData DetachPolicyResponse Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

Methods

rnf :: DetachPolicyResponse -> () #

type Rep DetachPolicyResponse Source # 
Instance details

Defined in Amazonka.Organizations.DetachPolicy

type Rep DetachPolicyResponse = D1 ('MetaData "DetachPolicyResponse" "Amazonka.Organizations.DetachPolicy" "libZSservicesZSamazonka-organizationsZSamazonka-organizations" 'False) (C1 ('MetaCons "DetachPolicyResponse'" 'PrefixI 'False) (U1 :: Type -> Type))

newDetachPolicyResponse :: DetachPolicyResponse Source #

Create a value of DetachPolicyResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.