{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.Organizations.CreateGovCloudAccount
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- This action is available if all of the following are true:
--
-- -   You\'re authorized to create accounts in the AWS GovCloud (US)
--     Region. For more information on the AWS GovCloud (US) Region, see
--     the
--     <http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html AWS GovCloud User Guide.>
--
-- -   You already have an account in the AWS GovCloud (US) Region that is
--     paired with a management account of an organization in the
--     commercial Region.
--
-- -   You call this action from the management account of your
--     organization in the commercial Region.
--
-- -   You have the @organizations:CreateGovCloudAccount@ permission.
--
-- AWS Organizations automatically creates the required service-linked role
-- named @AWSServiceRoleForOrganizations@. For more information, see
-- <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs AWS Organizations and Service-Linked Roles>
-- in the /AWS Organizations User Guide./
--
-- AWS automatically enables AWS CloudTrail for AWS GovCloud (US) accounts,
-- but you should also do the following:
--
-- -   Verify that AWS CloudTrail is enabled to store logs.
--
-- -   Create an S3 bucket for AWS CloudTrail log storage.
--
--     For more information, see
--     <http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html Verifying AWS CloudTrail Is Enabled>
--     in the /AWS GovCloud User Guide/.
--
-- If the request includes tags, then the requester must have the
-- @organizations:TagResource@ permission. The tags are attached to the
-- commercial account associated with the GovCloud account, rather than the
-- GovCloud account itself. To add tags to the GovCloud account, call the
-- TagResource operation in the GovCloud Region after the new GovCloud
-- account exists.
--
-- You call this action from the management account of your organization in
-- the commercial Region to create a standalone AWS account in the AWS
-- GovCloud (US) Region. After the account is created, the management
-- account of an organization in the AWS GovCloud (US) Region can invite it
-- to that organization. For more information on inviting standalone
-- accounts in the AWS GovCloud (US) to join an organization, see
-- <http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html AWS Organizations>
-- in the /AWS GovCloud User Guide./
--
-- Calling @CreateGovCloudAccount@ is an asynchronous request that AWS
-- performs in the background. Because @CreateGovCloudAccount@ operates
-- asynchronously, it can return a successful completion message even
-- though account initialization might still be in progress. You might need
-- to wait a few minutes before you can successfully access the account. To
-- check the status of the request, do one of the following:
--
-- -   Use the @OperationId@ response element from this operation to
--     provide as a parameter to the DescribeCreateAccountStatus operation.
--
-- -   Check the AWS CloudTrail log for the @CreateAccountResult@ event.
--     For information on using AWS CloudTrail with Organizations, see
--     <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html Monitoring the Activity in Your Organization>
--     in the /AWS Organizations User Guide./
--
-- When you call the @CreateGovCloudAccount@ action, you create two
-- accounts: a standalone account in the AWS GovCloud (US) Region and an
-- associated account in the commercial Region for billing and support
-- purposes. The account in the commercial Region is automatically a member
-- of the organization whose credentials made the request. Both accounts
-- are associated with the same email address.
--
-- A role is created in the new account in the commercial Region that
-- allows the management account in the organization in the commercial
-- Region to assume it. An AWS GovCloud (US) account is then created and
-- associated with the commercial account that you just created. A role is
-- also created in the new AWS GovCloud (US) account that can be assumed by
-- the AWS GovCloud (US) account that is associated with the management
-- account of the commercial organization. For more information and to view
-- a diagram that explains how account access works, see
-- <http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html AWS Organizations>
-- in the /AWS GovCloud User Guide./
--
-- For more information about creating accounts, see
-- <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html Creating an AWS Account in Your Organization>
-- in the /AWS Organizations User Guide./
--
-- -   When you create an account in an organization using the AWS
--     Organizations console, API, or CLI commands, the information
--     required for the account to operate as a standalone account is /not/
--     automatically collected. This includes a payment method and signing
--     the end user license agreement (EULA). If you must remove an account
--     from your organization later, you can do so only after you provide
--     the missing information. Follow the steps at
--     <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info To leave an organization as a member account>
--     in the /AWS Organizations User Guide./
--
-- -   If you get an exception that indicates that you exceeded your
--     account limits for the organization, contact
--     <https://console.aws.amazon.com/support/home#/ AWS Support>.
--
-- -   If you get an exception that indicates that the operation failed
--     because your organization is still initializing, wait one hour and
--     then try again. If the error persists, contact
--     <https://console.aws.amazon.com/support/home#/ AWS Support>.
--
-- -   Using @CreateGovCloudAccount@ to create multiple temporary accounts
--     isn\'t recommended. You can only close an account from the AWS
--     Billing and Cost Management console, and you must be signed in as
--     the root user. For information on the requirements and process for
--     closing an account, see
--     <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html Closing an AWS Account>
--     in the /AWS Organizations User Guide/.
--
-- When you create a member account with this operation, you can choose
-- whether to create the account with the __IAM User and Role Access to
-- Billing Information__ switch enabled. If you enable it, IAM users and
-- roles that have appropriate permissions can view billing information for
-- the account. If you disable it, only the account root user can access
-- billing information. For information about how to disable this switch
-- for an account, see
-- <https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html Granting Access to Your Billing Information and Tools>.
module Amazonka.Organizations.CreateGovCloudAccount
  ( -- * Creating a Request
    CreateGovCloudAccount (..),
    newCreateGovCloudAccount,

    -- * Request Lenses
    createGovCloudAccount_iamUserAccessToBilling,
    createGovCloudAccount_roleName,
    createGovCloudAccount_tags,
    createGovCloudAccount_email,
    createGovCloudAccount_accountName,

    -- * Destructuring the Response
    CreateGovCloudAccountResponse (..),
    newCreateGovCloudAccountResponse,

    -- * Response Lenses
    createGovCloudAccountResponse_createAccountStatus,
    createGovCloudAccountResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import Amazonka.Organizations.Types
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newCreateGovCloudAccount' smart constructor.
data CreateGovCloudAccount = CreateGovCloudAccount'
  { -- | If set to @ALLOW@, the new linked account in the commercial Region
    -- enables IAM users to access account billing information /if/ they have
    -- the required permissions. If set to @DENY@, only the root user of the
    -- new account can access account billing information. For more
    -- information, see
    -- <https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate Activating Access to the Billing and Cost Management Console>
    -- in the /AWS Billing and Cost Management User Guide./
    --
    -- If you don\'t specify this parameter, the value defaults to @ALLOW@, and
    -- IAM users and roles with the required permissions can access billing
    -- information for the new account.
    CreateGovCloudAccount -> Maybe IAMUserAccessToBilling
iamUserAccessToBilling :: Prelude.Maybe IAMUserAccessToBilling,
    -- | (Optional)
    --
    -- The name of an IAM role that AWS Organizations automatically
    -- preconfigures in the new member accounts in both the AWS GovCloud (US)
    -- Region and in the commercial Region. This role trusts the management
    -- account, allowing users in the management account to assume the role, as
    -- permitted by the management account administrator. The role has
    -- administrator permissions in the new member account.
    --
    -- If you don\'t specify this parameter, the role name defaults to
    -- @OrganizationAccountAccessRole@.
    --
    -- For more information about how to use this role to access the member
    -- account, see
    -- <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role Accessing and Administering the Member Accounts in Your Organization>
    -- in the /AWS Organizations User Guide/ and steps 2 and 3 in
    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html Tutorial: Delegate Access Across AWS Accounts Using IAM Roles>
    -- in the /IAM User Guide./
    --
    -- The <http://wikipedia.org/wiki/regex regex pattern> that is used to
    -- validate this parameter. The pattern can include uppercase letters,
    -- lowercase letters, digits with no spaces, and any of the following
    -- characters: =,.\@-
    CreateGovCloudAccount -> Maybe Text
roleName :: Prelude.Maybe Prelude.Text,
    -- | A list of tags that you want to attach to the newly created account.
    -- These tags are attached to the commercial account associated with the
    -- GovCloud account, and not to the GovCloud account itself. To add tags to
    -- the actual GovCloud account, call the TagResource operation in the
    -- GovCloud region after the new GovCloud account exists.
    --
    -- For each tag in the list, you must specify both a tag key and a value.
    -- You can set the value to an empty string, but you can\'t set it to
    -- @null@. For more information about tagging, see
    -- <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html Tagging AWS Organizations resources>
    -- in the AWS Organizations User Guide.
    --
    -- If any one of the tags is invalid or if you exceed the allowed number of
    -- tags for an account, then the entire request fails and the account is
    -- not created.
    CreateGovCloudAccount -> Maybe [Tag]
tags :: Prelude.Maybe [Tag],
    -- | The email address of the owner to assign to the new member account in
    -- the commercial Region. This email address must not already be associated
    -- with another AWS account. You must use a valid email address to complete
    -- account creation. You can\'t access the root user of the account or
    -- remove an account that was created with an invalid email address. Like
    -- all request parameters for @CreateGovCloudAccount@, the request for the
    -- email address for the AWS GovCloud (US) account originates from the
    -- commercial Region, not from the AWS GovCloud (US) Region.
    CreateGovCloudAccount -> Sensitive Text
email :: Core.Sensitive Prelude.Text,
    -- | The friendly name of the member account.
    CreateGovCloudAccount -> Sensitive Text
accountName :: Core.Sensitive Prelude.Text
  }
  deriving (CreateGovCloudAccount -> CreateGovCloudAccount -> Bool
(CreateGovCloudAccount -> CreateGovCloudAccount -> Bool)
-> (CreateGovCloudAccount -> CreateGovCloudAccount -> Bool)
-> Eq CreateGovCloudAccount
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateGovCloudAccount -> CreateGovCloudAccount -> Bool
$c/= :: CreateGovCloudAccount -> CreateGovCloudAccount -> Bool
== :: CreateGovCloudAccount -> CreateGovCloudAccount -> Bool
$c== :: CreateGovCloudAccount -> CreateGovCloudAccount -> Bool
Prelude.Eq, Int -> CreateGovCloudAccount -> ShowS
[CreateGovCloudAccount] -> ShowS
CreateGovCloudAccount -> String
(Int -> CreateGovCloudAccount -> ShowS)
-> (CreateGovCloudAccount -> String)
-> ([CreateGovCloudAccount] -> ShowS)
-> Show CreateGovCloudAccount
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateGovCloudAccount] -> ShowS
$cshowList :: [CreateGovCloudAccount] -> ShowS
show :: CreateGovCloudAccount -> String
$cshow :: CreateGovCloudAccount -> String
showsPrec :: Int -> CreateGovCloudAccount -> ShowS
$cshowsPrec :: Int -> CreateGovCloudAccount -> ShowS
Prelude.Show, (forall x. CreateGovCloudAccount -> Rep CreateGovCloudAccount x)
-> (forall x. Rep CreateGovCloudAccount x -> CreateGovCloudAccount)
-> Generic CreateGovCloudAccount
forall x. Rep CreateGovCloudAccount x -> CreateGovCloudAccount
forall x. CreateGovCloudAccount -> Rep CreateGovCloudAccount x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep CreateGovCloudAccount x -> CreateGovCloudAccount
$cfrom :: forall x. CreateGovCloudAccount -> Rep CreateGovCloudAccount x
Prelude.Generic)

-- |
-- Create a value of 'CreateGovCloudAccount' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'iamUserAccessToBilling', 'createGovCloudAccount_iamUserAccessToBilling' - If set to @ALLOW@, the new linked account in the commercial Region
-- enables IAM users to access account billing information /if/ they have
-- the required permissions. If set to @DENY@, only the root user of the
-- new account can access account billing information. For more
-- information, see
-- <https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate Activating Access to the Billing and Cost Management Console>
-- in the /AWS Billing and Cost Management User Guide./
--
-- If you don\'t specify this parameter, the value defaults to @ALLOW@, and
-- IAM users and roles with the required permissions can access billing
-- information for the new account.
--
-- 'roleName', 'createGovCloudAccount_roleName' - (Optional)
--
-- The name of an IAM role that AWS Organizations automatically
-- preconfigures in the new member accounts in both the AWS GovCloud (US)
-- Region and in the commercial Region. This role trusts the management
-- account, allowing users in the management account to assume the role, as
-- permitted by the management account administrator. The role has
-- administrator permissions in the new member account.
--
-- If you don\'t specify this parameter, the role name defaults to
-- @OrganizationAccountAccessRole@.
--
-- For more information about how to use this role to access the member
-- account, see
-- <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role Accessing and Administering the Member Accounts in Your Organization>
-- in the /AWS Organizations User Guide/ and steps 2 and 3 in
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html Tutorial: Delegate Access Across AWS Accounts Using IAM Roles>
-- in the /IAM User Guide./
--
-- The <http://wikipedia.org/wiki/regex regex pattern> that is used to
-- validate this parameter. The pattern can include uppercase letters,
-- lowercase letters, digits with no spaces, and any of the following
-- characters: =,.\@-
--
-- 'tags', 'createGovCloudAccount_tags' - A list of tags that you want to attach to the newly created account.
-- These tags are attached to the commercial account associated with the
-- GovCloud account, and not to the GovCloud account itself. To add tags to
-- the actual GovCloud account, call the TagResource operation in the
-- GovCloud region after the new GovCloud account exists.
--
-- For each tag in the list, you must specify both a tag key and a value.
-- You can set the value to an empty string, but you can\'t set it to
-- @null@. For more information about tagging, see
-- <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html Tagging AWS Organizations resources>
-- in the AWS Organizations User Guide.
--
-- If any one of the tags is invalid or if you exceed the allowed number of
-- tags for an account, then the entire request fails and the account is
-- not created.
--
-- 'email', 'createGovCloudAccount_email' - The email address of the owner to assign to the new member account in
-- the commercial Region. This email address must not already be associated
-- with another AWS account. You must use a valid email address to complete
-- account creation. You can\'t access the root user of the account or
-- remove an account that was created with an invalid email address. Like
-- all request parameters for @CreateGovCloudAccount@, the request for the
-- email address for the AWS GovCloud (US) account originates from the
-- commercial Region, not from the AWS GovCloud (US) Region.
--
-- 'accountName', 'createGovCloudAccount_accountName' - The friendly name of the member account.
newCreateGovCloudAccount ::
  -- | 'email'
  Prelude.Text ->
  -- | 'accountName'
  Prelude.Text ->
  CreateGovCloudAccount
newCreateGovCloudAccount :: Text -> Text -> CreateGovCloudAccount
newCreateGovCloudAccount Text
pEmail_ Text
pAccountName_ =
  CreateGovCloudAccount' :: Maybe IAMUserAccessToBilling
-> Maybe Text
-> Maybe [Tag]
-> Sensitive Text
-> Sensitive Text
-> CreateGovCloudAccount
CreateGovCloudAccount'
    { $sel:iamUserAccessToBilling:CreateGovCloudAccount' :: Maybe IAMUserAccessToBilling
iamUserAccessToBilling =
        Maybe IAMUserAccessToBilling
forall a. Maybe a
Prelude.Nothing,
      $sel:roleName:CreateGovCloudAccount' :: Maybe Text
roleName = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:tags:CreateGovCloudAccount' :: Maybe [Tag]
tags = Maybe [Tag]
forall a. Maybe a
Prelude.Nothing,
      $sel:email:CreateGovCloudAccount' :: Sensitive Text
email = Tagged Text (Identity Text)
-> Tagged (Sensitive Text) (Identity (Sensitive Text))
forall a. Iso' (Sensitive a) a
Core._Sensitive (Tagged Text (Identity Text)
 -> Tagged (Sensitive Text) (Identity (Sensitive Text)))
-> Text -> Sensitive Text
forall t b. AReview t b -> b -> t
Lens.# Text
pEmail_,
      $sel:accountName:CreateGovCloudAccount' :: Sensitive Text
accountName = Tagged Text (Identity Text)
-> Tagged (Sensitive Text) (Identity (Sensitive Text))
forall a. Iso' (Sensitive a) a
Core._Sensitive (Tagged Text (Identity Text)
 -> Tagged (Sensitive Text) (Identity (Sensitive Text)))
-> Text -> Sensitive Text
forall t b. AReview t b -> b -> t
Lens.# Text
pAccountName_
    }

-- | If set to @ALLOW@, the new linked account in the commercial Region
-- enables IAM users to access account billing information /if/ they have
-- the required permissions. If set to @DENY@, only the root user of the
-- new account can access account billing information. For more
-- information, see
-- <https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate Activating Access to the Billing and Cost Management Console>
-- in the /AWS Billing and Cost Management User Guide./
--
-- If you don\'t specify this parameter, the value defaults to @ALLOW@, and
-- IAM users and roles with the required permissions can access billing
-- information for the new account.
createGovCloudAccount_iamUserAccessToBilling :: Lens.Lens' CreateGovCloudAccount (Prelude.Maybe IAMUserAccessToBilling)
createGovCloudAccount_iamUserAccessToBilling :: (Maybe IAMUserAccessToBilling -> f (Maybe IAMUserAccessToBilling))
-> CreateGovCloudAccount -> f CreateGovCloudAccount
createGovCloudAccount_iamUserAccessToBilling = (CreateGovCloudAccount -> Maybe IAMUserAccessToBilling)
-> (CreateGovCloudAccount
    -> Maybe IAMUserAccessToBilling -> CreateGovCloudAccount)
-> Lens
     CreateGovCloudAccount
     CreateGovCloudAccount
     (Maybe IAMUserAccessToBilling)
     (Maybe IAMUserAccessToBilling)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateGovCloudAccount' {Maybe IAMUserAccessToBilling
iamUserAccessToBilling :: Maybe IAMUserAccessToBilling
$sel:iamUserAccessToBilling:CreateGovCloudAccount' :: CreateGovCloudAccount -> Maybe IAMUserAccessToBilling
iamUserAccessToBilling} -> Maybe IAMUserAccessToBilling
iamUserAccessToBilling) (\s :: CreateGovCloudAccount
s@CreateGovCloudAccount' {} Maybe IAMUserAccessToBilling
a -> CreateGovCloudAccount
s {$sel:iamUserAccessToBilling:CreateGovCloudAccount' :: Maybe IAMUserAccessToBilling
iamUserAccessToBilling = Maybe IAMUserAccessToBilling
a} :: CreateGovCloudAccount)

-- | (Optional)
--
-- The name of an IAM role that AWS Organizations automatically
-- preconfigures in the new member accounts in both the AWS GovCloud (US)
-- Region and in the commercial Region. This role trusts the management
-- account, allowing users in the management account to assume the role, as
-- permitted by the management account administrator. The role has
-- administrator permissions in the new member account.
--
-- If you don\'t specify this parameter, the role name defaults to
-- @OrganizationAccountAccessRole@.
--
-- For more information about how to use this role to access the member
-- account, see
-- <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role Accessing and Administering the Member Accounts in Your Organization>
-- in the /AWS Organizations User Guide/ and steps 2 and 3 in
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html Tutorial: Delegate Access Across AWS Accounts Using IAM Roles>
-- in the /IAM User Guide./
--
-- The <http://wikipedia.org/wiki/regex regex pattern> that is used to
-- validate this parameter. The pattern can include uppercase letters,
-- lowercase letters, digits with no spaces, and any of the following
-- characters: =,.\@-
createGovCloudAccount_roleName :: Lens.Lens' CreateGovCloudAccount (Prelude.Maybe Prelude.Text)
createGovCloudAccount_roleName :: (Maybe Text -> f (Maybe Text))
-> CreateGovCloudAccount -> f CreateGovCloudAccount
createGovCloudAccount_roleName = (CreateGovCloudAccount -> Maybe Text)
-> (CreateGovCloudAccount -> Maybe Text -> CreateGovCloudAccount)
-> Lens
     CreateGovCloudAccount
     CreateGovCloudAccount
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateGovCloudAccount' {Maybe Text
roleName :: Maybe Text
$sel:roleName:CreateGovCloudAccount' :: CreateGovCloudAccount -> Maybe Text
roleName} -> Maybe Text
roleName) (\s :: CreateGovCloudAccount
s@CreateGovCloudAccount' {} Maybe Text
a -> CreateGovCloudAccount
s {$sel:roleName:CreateGovCloudAccount' :: Maybe Text
roleName = Maybe Text
a} :: CreateGovCloudAccount)

-- | A list of tags that you want to attach to the newly created account.
-- These tags are attached to the commercial account associated with the
-- GovCloud account, and not to the GovCloud account itself. To add tags to
-- the actual GovCloud account, call the TagResource operation in the
-- GovCloud region after the new GovCloud account exists.
--
-- For each tag in the list, you must specify both a tag key and a value.
-- You can set the value to an empty string, but you can\'t set it to
-- @null@. For more information about tagging, see
-- <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html Tagging AWS Organizations resources>
-- in the AWS Organizations User Guide.
--
-- If any one of the tags is invalid or if you exceed the allowed number of
-- tags for an account, then the entire request fails and the account is
-- not created.
createGovCloudAccount_tags :: Lens.Lens' CreateGovCloudAccount (Prelude.Maybe [Tag])
createGovCloudAccount_tags :: (Maybe [Tag] -> f (Maybe [Tag]))
-> CreateGovCloudAccount -> f CreateGovCloudAccount
createGovCloudAccount_tags = (CreateGovCloudAccount -> Maybe [Tag])
-> (CreateGovCloudAccount -> Maybe [Tag] -> CreateGovCloudAccount)
-> Lens
     CreateGovCloudAccount
     CreateGovCloudAccount
     (Maybe [Tag])
     (Maybe [Tag])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateGovCloudAccount' {Maybe [Tag]
tags :: Maybe [Tag]
$sel:tags:CreateGovCloudAccount' :: CreateGovCloudAccount -> Maybe [Tag]
tags} -> Maybe [Tag]
tags) (\s :: CreateGovCloudAccount
s@CreateGovCloudAccount' {} Maybe [Tag]
a -> CreateGovCloudAccount
s {$sel:tags:CreateGovCloudAccount' :: Maybe [Tag]
tags = Maybe [Tag]
a} :: CreateGovCloudAccount) ((Maybe [Tag] -> f (Maybe [Tag]))
 -> CreateGovCloudAccount -> f CreateGovCloudAccount)
-> ((Maybe [Tag] -> f (Maybe [Tag]))
    -> Maybe [Tag] -> f (Maybe [Tag]))
-> (Maybe [Tag] -> f (Maybe [Tag]))
-> CreateGovCloudAccount
-> f CreateGovCloudAccount
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Tag] [Tag] [Tag] [Tag]
-> Iso (Maybe [Tag]) (Maybe [Tag]) (Maybe [Tag]) (Maybe [Tag])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Tag] [Tag] [Tag] [Tag]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The email address of the owner to assign to the new member account in
-- the commercial Region. This email address must not already be associated
-- with another AWS account. You must use a valid email address to complete
-- account creation. You can\'t access the root user of the account or
-- remove an account that was created with an invalid email address. Like
-- all request parameters for @CreateGovCloudAccount@, the request for the
-- email address for the AWS GovCloud (US) account originates from the
-- commercial Region, not from the AWS GovCloud (US) Region.
createGovCloudAccount_email :: Lens.Lens' CreateGovCloudAccount Prelude.Text
createGovCloudAccount_email :: (Text -> f Text)
-> CreateGovCloudAccount -> f CreateGovCloudAccount
createGovCloudAccount_email = (CreateGovCloudAccount -> Sensitive Text)
-> (CreateGovCloudAccount
    -> Sensitive Text -> CreateGovCloudAccount)
-> Lens
     CreateGovCloudAccount
     CreateGovCloudAccount
     (Sensitive Text)
     (Sensitive Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateGovCloudAccount' {Sensitive Text
email :: Sensitive Text
$sel:email:CreateGovCloudAccount' :: CreateGovCloudAccount -> Sensitive Text
email} -> Sensitive Text
email) (\s :: CreateGovCloudAccount
s@CreateGovCloudAccount' {} Sensitive Text
a -> CreateGovCloudAccount
s {$sel:email:CreateGovCloudAccount' :: Sensitive Text
email = Sensitive Text
a} :: CreateGovCloudAccount) ((Sensitive Text -> f (Sensitive Text))
 -> CreateGovCloudAccount -> f CreateGovCloudAccount)
-> ((Text -> f Text) -> Sensitive Text -> f (Sensitive Text))
-> (Text -> f Text)
-> CreateGovCloudAccount
-> f CreateGovCloudAccount
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. (Text -> f Text) -> Sensitive Text -> f (Sensitive Text)
forall a. Iso' (Sensitive a) a
Core._Sensitive

-- | The friendly name of the member account.
createGovCloudAccount_accountName :: Lens.Lens' CreateGovCloudAccount Prelude.Text
createGovCloudAccount_accountName :: (Text -> f Text)
-> CreateGovCloudAccount -> f CreateGovCloudAccount
createGovCloudAccount_accountName = (CreateGovCloudAccount -> Sensitive Text)
-> (CreateGovCloudAccount
    -> Sensitive Text -> CreateGovCloudAccount)
-> Lens
     CreateGovCloudAccount
     CreateGovCloudAccount
     (Sensitive Text)
     (Sensitive Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateGovCloudAccount' {Sensitive Text
accountName :: Sensitive Text
$sel:accountName:CreateGovCloudAccount' :: CreateGovCloudAccount -> Sensitive Text
accountName} -> Sensitive Text
accountName) (\s :: CreateGovCloudAccount
s@CreateGovCloudAccount' {} Sensitive Text
a -> CreateGovCloudAccount
s {$sel:accountName:CreateGovCloudAccount' :: Sensitive Text
accountName = Sensitive Text
a} :: CreateGovCloudAccount) ((Sensitive Text -> f (Sensitive Text))
 -> CreateGovCloudAccount -> f CreateGovCloudAccount)
-> ((Text -> f Text) -> Sensitive Text -> f (Sensitive Text))
-> (Text -> f Text)
-> CreateGovCloudAccount
-> f CreateGovCloudAccount
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. (Text -> f Text) -> Sensitive Text -> f (Sensitive Text)
forall a. Iso' (Sensitive a) a
Core._Sensitive

instance Core.AWSRequest CreateGovCloudAccount where
  type
    AWSResponse CreateGovCloudAccount =
      CreateGovCloudAccountResponse
  request :: CreateGovCloudAccount -> Request CreateGovCloudAccount
request = Service -> CreateGovCloudAccount -> Request CreateGovCloudAccount
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy CreateGovCloudAccount
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse CreateGovCloudAccount)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse CreateGovCloudAccount))
-> Logger
-> Service
-> Proxy CreateGovCloudAccount
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse CreateGovCloudAccount)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe CreateAccountStatus -> Int -> CreateGovCloudAccountResponse
CreateGovCloudAccountResponse'
            (Maybe CreateAccountStatus -> Int -> CreateGovCloudAccountResponse)
-> Either String (Maybe CreateAccountStatus)
-> Either String (Int -> CreateGovCloudAccountResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Either String (Maybe CreateAccountStatus)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"CreateAccountStatus")
            Either String (Int -> CreateGovCloudAccountResponse)
-> Either String Int -> Either String CreateGovCloudAccountResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable CreateGovCloudAccount

instance Prelude.NFData CreateGovCloudAccount

instance Core.ToHeaders CreateGovCloudAccount where
  toHeaders :: CreateGovCloudAccount -> ResponseHeaders
toHeaders =
    ResponseHeaders -> CreateGovCloudAccount -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"AWSOrganizationsV20161128.CreateGovCloudAccount" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON CreateGovCloudAccount where
  toJSON :: CreateGovCloudAccount -> Value
toJSON CreateGovCloudAccount' {Maybe [Tag]
Maybe Text
Maybe IAMUserAccessToBilling
Sensitive Text
accountName :: Sensitive Text
email :: Sensitive Text
tags :: Maybe [Tag]
roleName :: Maybe Text
iamUserAccessToBilling :: Maybe IAMUserAccessToBilling
$sel:accountName:CreateGovCloudAccount' :: CreateGovCloudAccount -> Sensitive Text
$sel:email:CreateGovCloudAccount' :: CreateGovCloudAccount -> Sensitive Text
$sel:tags:CreateGovCloudAccount' :: CreateGovCloudAccount -> Maybe [Tag]
$sel:roleName:CreateGovCloudAccount' :: CreateGovCloudAccount -> Maybe Text
$sel:iamUserAccessToBilling:CreateGovCloudAccount' :: CreateGovCloudAccount -> Maybe IAMUserAccessToBilling
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"IamUserAccessToBilling" Text -> IAMUserAccessToBilling -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (IAMUserAccessToBilling -> Pair)
-> Maybe IAMUserAccessToBilling -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe IAMUserAccessToBilling
iamUserAccessToBilling,
            (Text
"RoleName" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
roleName,
            (Text
"Tags" Text -> [Tag] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) ([Tag] -> Pair) -> Maybe [Tag] -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Tag]
tags,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"Email" Text -> Sensitive Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Sensitive Text
email),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"AccountName" Text -> Sensitive Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Sensitive Text
accountName)
          ]
      )

instance Core.ToPath CreateGovCloudAccount where
  toPath :: CreateGovCloudAccount -> ByteString
toPath = ByteString -> CreateGovCloudAccount -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery CreateGovCloudAccount where
  toQuery :: CreateGovCloudAccount -> QueryString
toQuery = QueryString -> CreateGovCloudAccount -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newCreateGovCloudAccountResponse' smart constructor.
data CreateGovCloudAccountResponse = CreateGovCloudAccountResponse'
  { CreateGovCloudAccountResponse -> Maybe CreateAccountStatus
createAccountStatus :: Prelude.Maybe CreateAccountStatus,
    -- | The response's http status code.
    CreateGovCloudAccountResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (CreateGovCloudAccountResponse
-> CreateGovCloudAccountResponse -> Bool
(CreateGovCloudAccountResponse
 -> CreateGovCloudAccountResponse -> Bool)
-> (CreateGovCloudAccountResponse
    -> CreateGovCloudAccountResponse -> Bool)
-> Eq CreateGovCloudAccountResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateGovCloudAccountResponse
-> CreateGovCloudAccountResponse -> Bool
$c/= :: CreateGovCloudAccountResponse
-> CreateGovCloudAccountResponse -> Bool
== :: CreateGovCloudAccountResponse
-> CreateGovCloudAccountResponse -> Bool
$c== :: CreateGovCloudAccountResponse
-> CreateGovCloudAccountResponse -> Bool
Prelude.Eq, Int -> CreateGovCloudAccountResponse -> ShowS
[CreateGovCloudAccountResponse] -> ShowS
CreateGovCloudAccountResponse -> String
(Int -> CreateGovCloudAccountResponse -> ShowS)
-> (CreateGovCloudAccountResponse -> String)
-> ([CreateGovCloudAccountResponse] -> ShowS)
-> Show CreateGovCloudAccountResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateGovCloudAccountResponse] -> ShowS
$cshowList :: [CreateGovCloudAccountResponse] -> ShowS
show :: CreateGovCloudAccountResponse -> String
$cshow :: CreateGovCloudAccountResponse -> String
showsPrec :: Int -> CreateGovCloudAccountResponse -> ShowS
$cshowsPrec :: Int -> CreateGovCloudAccountResponse -> ShowS
Prelude.Show, (forall x.
 CreateGovCloudAccountResponse
 -> Rep CreateGovCloudAccountResponse x)
-> (forall x.
    Rep CreateGovCloudAccountResponse x
    -> CreateGovCloudAccountResponse)
-> Generic CreateGovCloudAccountResponse
forall x.
Rep CreateGovCloudAccountResponse x
-> CreateGovCloudAccountResponse
forall x.
CreateGovCloudAccountResponse
-> Rep CreateGovCloudAccountResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep CreateGovCloudAccountResponse x
-> CreateGovCloudAccountResponse
$cfrom :: forall x.
CreateGovCloudAccountResponse
-> Rep CreateGovCloudAccountResponse x
Prelude.Generic)

-- |
-- Create a value of 'CreateGovCloudAccountResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'createAccountStatus', 'createGovCloudAccountResponse_createAccountStatus' - Undocumented member.
--
-- 'httpStatus', 'createGovCloudAccountResponse_httpStatus' - The response's http status code.
newCreateGovCloudAccountResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  CreateGovCloudAccountResponse
newCreateGovCloudAccountResponse :: Int -> CreateGovCloudAccountResponse
newCreateGovCloudAccountResponse Int
pHttpStatus_ =
  CreateGovCloudAccountResponse' :: Maybe CreateAccountStatus -> Int -> CreateGovCloudAccountResponse
CreateGovCloudAccountResponse'
    { $sel:createAccountStatus:CreateGovCloudAccountResponse' :: Maybe CreateAccountStatus
createAccountStatus =
        Maybe CreateAccountStatus
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:CreateGovCloudAccountResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | Undocumented member.
createGovCloudAccountResponse_createAccountStatus :: Lens.Lens' CreateGovCloudAccountResponse (Prelude.Maybe CreateAccountStatus)
createGovCloudAccountResponse_createAccountStatus :: (Maybe CreateAccountStatus -> f (Maybe CreateAccountStatus))
-> CreateGovCloudAccountResponse -> f CreateGovCloudAccountResponse
createGovCloudAccountResponse_createAccountStatus = (CreateGovCloudAccountResponse -> Maybe CreateAccountStatus)
-> (CreateGovCloudAccountResponse
    -> Maybe CreateAccountStatus -> CreateGovCloudAccountResponse)
-> Lens
     CreateGovCloudAccountResponse
     CreateGovCloudAccountResponse
     (Maybe CreateAccountStatus)
     (Maybe CreateAccountStatus)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateGovCloudAccountResponse' {Maybe CreateAccountStatus
createAccountStatus :: Maybe CreateAccountStatus
$sel:createAccountStatus:CreateGovCloudAccountResponse' :: CreateGovCloudAccountResponse -> Maybe CreateAccountStatus
createAccountStatus} -> Maybe CreateAccountStatus
createAccountStatus) (\s :: CreateGovCloudAccountResponse
s@CreateGovCloudAccountResponse' {} Maybe CreateAccountStatus
a -> CreateGovCloudAccountResponse
s {$sel:createAccountStatus:CreateGovCloudAccountResponse' :: Maybe CreateAccountStatus
createAccountStatus = Maybe CreateAccountStatus
a} :: CreateGovCloudAccountResponse)

-- | The response's http status code.
createGovCloudAccountResponse_httpStatus :: Lens.Lens' CreateGovCloudAccountResponse Prelude.Int
createGovCloudAccountResponse_httpStatus :: (Int -> f Int)
-> CreateGovCloudAccountResponse -> f CreateGovCloudAccountResponse
createGovCloudAccountResponse_httpStatus = (CreateGovCloudAccountResponse -> Int)
-> (CreateGovCloudAccountResponse
    -> Int -> CreateGovCloudAccountResponse)
-> Lens
     CreateGovCloudAccountResponse CreateGovCloudAccountResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateGovCloudAccountResponse' {Int
httpStatus :: Int
$sel:httpStatus:CreateGovCloudAccountResponse' :: CreateGovCloudAccountResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: CreateGovCloudAccountResponse
s@CreateGovCloudAccountResponse' {} Int
a -> CreateGovCloudAccountResponse
s {$sel:httpStatus:CreateGovCloudAccountResponse' :: Int
httpStatus = Int
a} :: CreateGovCloudAccountResponse)

instance Prelude.NFData CreateGovCloudAccountResponse