{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.Organizations.Types
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.Organizations.Types
  ( -- * Service Configuration
    defaultService,

    -- * Errors
    _PolicyNotFoundException,
    _PolicyTypeAlreadyEnabledException,
    _HandshakeConstraintViolationException,
    _AccessDeniedException,
    _MalformedPolicyDocumentException,
    _RootNotFoundException,
    _MasterCannotLeaveOrganizationException,
    _AccountNotFoundException,
    _AccountAlreadyRegisteredException,
    _DuplicatePolicyException,
    _ConstraintViolationException,
    _AccountNotRegisteredException,
    _FinalizingOrganizationException,
    _HandshakeNotFoundException,
    _PolicyTypeNotAvailableForOrganizationException,
    _ChildNotFoundException,
    _UnsupportedAPIEndpointException,
    _EffectivePolicyNotFoundException,
    _OrganizationalUnitNotFoundException,
    _DestinationParentNotFoundException,
    _OrganizationNotEmptyException,
    _AccountOwnerNotVerifiedException,
    _PolicyTypeNotEnabledException,
    _DuplicateHandshakeException,
    _OrganizationalUnitNotEmptyException,
    _TooManyRequestsException,
    _ConcurrentModificationException,
    _ServiceException,
    _SourceParentNotFoundException,
    _TargetNotFoundException,
    _CreateAccountStatusNotFoundException,
    _AlreadyInOrganizationException,
    _DuplicateOrganizationalUnitException,
    _InvalidInputException,
    _PolicyChangesInProgressException,
    _PolicyNotAttachedException,
    _ParentNotFoundException,
    _AccessDeniedForDependencyException,
    _AWSOrganizationsNotInUseException,
    _PolicyInUseException,
    _InvalidHandshakeTransitionException,
    _HandshakeAlreadyInStateException,
    _DuplicateAccountException,
    _DuplicatePolicyAttachmentException,

    -- * AccountJoinedMethod
    AccountJoinedMethod (..),

    -- * AccountStatus
    AccountStatus (..),

    -- * ActionType
    ActionType (..),

    -- * ChildType
    ChildType (..),

    -- * CreateAccountFailureReason
    CreateAccountFailureReason (..),

    -- * CreateAccountState
    CreateAccountState (..),

    -- * EffectivePolicyType
    EffectivePolicyType (..),

    -- * HandshakePartyType
    HandshakePartyType (..),

    -- * HandshakeResourceType
    HandshakeResourceType (..),

    -- * HandshakeState
    HandshakeState (..),

    -- * IAMUserAccessToBilling
    IAMUserAccessToBilling (..),

    -- * OrganizationFeatureSet
    OrganizationFeatureSet (..),

    -- * ParentType
    ParentType (..),

    -- * PolicyType
    PolicyType (..),

    -- * PolicyTypeStatus
    PolicyTypeStatus (..),

    -- * TargetType
    TargetType (..),

    -- * Account
    Account (..),
    newAccount,
    account_status,
    account_joinedMethod,
    account_email,
    account_arn,
    account_joinedTimestamp,
    account_name,
    account_id,

    -- * Child
    Child (..),
    newChild,
    child_id,
    child_type,

    -- * CreateAccountStatus
    CreateAccountStatus (..),
    newCreateAccountStatus,
    createAccountStatus_failureReason,
    createAccountStatus_state,
    createAccountStatus_completedTimestamp,
    createAccountStatus_accountName,
    createAccountStatus_accountId,
    createAccountStatus_id,
    createAccountStatus_govCloudAccountId,
    createAccountStatus_requestedTimestamp,

    -- * DelegatedAdministrator
    DelegatedAdministrator (..),
    newDelegatedAdministrator,
    delegatedAdministrator_status,
    delegatedAdministrator_joinedMethod,
    delegatedAdministrator_email,
    delegatedAdministrator_arn,
    delegatedAdministrator_joinedTimestamp,
    delegatedAdministrator_delegationEnabledDate,
    delegatedAdministrator_name,
    delegatedAdministrator_id,

    -- * DelegatedService
    DelegatedService (..),
    newDelegatedService,
    delegatedService_servicePrincipal,
    delegatedService_delegationEnabledDate,

    -- * EffectivePolicy
    EffectivePolicy (..),
    newEffectivePolicy,
    effectivePolicy_targetId,
    effectivePolicy_policyType,
    effectivePolicy_lastUpdatedTimestamp,
    effectivePolicy_policyContent,

    -- * EnabledServicePrincipal
    EnabledServicePrincipal (..),
    newEnabledServicePrincipal,
    enabledServicePrincipal_servicePrincipal,
    enabledServicePrincipal_dateEnabled,

    -- * Handshake
    Handshake (..),
    newHandshake,
    handshake_state,
    handshake_arn,
    handshake_action,
    handshake_resources,
    handshake_id,
    handshake_expirationTimestamp,
    handshake_parties,
    handshake_requestedTimestamp,

    -- * HandshakeFilter
    HandshakeFilter (..),
    newHandshakeFilter,
    handshakeFilter_parentHandshakeId,
    handshakeFilter_actionType,

    -- * HandshakeParty
    HandshakeParty (..),
    newHandshakeParty,
    handshakeParty_id,
    handshakeParty_type,

    -- * HandshakeResource
    HandshakeResource (..),
    newHandshakeResource,
    handshakeResource_value,
    handshakeResource_resources,
    handshakeResource_type,

    -- * Organization
    Organization (..),
    newOrganization,
    organization_arn,
    organization_masterAccountId,
    organization_masterAccountArn,
    organization_masterAccountEmail,
    organization_availablePolicyTypes,
    organization_id,
    organization_featureSet,

    -- * OrganizationalUnit
    OrganizationalUnit (..),
    newOrganizationalUnit,
    organizationalUnit_arn,
    organizationalUnit_name,
    organizationalUnit_id,

    -- * Parent
    Parent (..),
    newParent,
    parent_id,
    parent_type,

    -- * Policy
    Policy (..),
    newPolicy,
    policy_content,
    policy_policySummary,

    -- * PolicySummary
    PolicySummary (..),
    newPolicySummary,
    policySummary_arn,
    policySummary_name,
    policySummary_id,
    policySummary_awsManaged,
    policySummary_type,
    policySummary_description,

    -- * PolicyTargetSummary
    PolicyTargetSummary (..),
    newPolicyTargetSummary,
    policyTargetSummary_targetId,
    policyTargetSummary_arn,
    policyTargetSummary_name,
    policyTargetSummary_type,

    -- * PolicyTypeSummary
    PolicyTypeSummary (..),
    newPolicyTypeSummary,
    policyTypeSummary_status,
    policyTypeSummary_type,

    -- * Root
    Root (..),
    newRoot,
    root_arn,
    root_name,
    root_id,
    root_policyTypes,

    -- * Tag
    Tag (..),
    newTag,
    tag_key,
    tag_value,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import Amazonka.Organizations.Types.Account
import Amazonka.Organizations.Types.AccountJoinedMethod
import Amazonka.Organizations.Types.AccountStatus
import Amazonka.Organizations.Types.ActionType
import Amazonka.Organizations.Types.Child
import Amazonka.Organizations.Types.ChildType
import Amazonka.Organizations.Types.CreateAccountFailureReason
import Amazonka.Organizations.Types.CreateAccountState
import Amazonka.Organizations.Types.CreateAccountStatus
import Amazonka.Organizations.Types.DelegatedAdministrator
import Amazonka.Organizations.Types.DelegatedService
import Amazonka.Organizations.Types.EffectivePolicy
import Amazonka.Organizations.Types.EffectivePolicyType
import Amazonka.Organizations.Types.EnabledServicePrincipal
import Amazonka.Organizations.Types.Handshake
import Amazonka.Organizations.Types.HandshakeFilter
import Amazonka.Organizations.Types.HandshakeParty
import Amazonka.Organizations.Types.HandshakePartyType
import Amazonka.Organizations.Types.HandshakeResource
import Amazonka.Organizations.Types.HandshakeResourceType
import Amazonka.Organizations.Types.HandshakeState
import Amazonka.Organizations.Types.IAMUserAccessToBilling
import Amazonka.Organizations.Types.Organization
import Amazonka.Organizations.Types.OrganizationFeatureSet
import Amazonka.Organizations.Types.OrganizationalUnit
import Amazonka.Organizations.Types.Parent
import Amazonka.Organizations.Types.ParentType
import Amazonka.Organizations.Types.Policy
import Amazonka.Organizations.Types.PolicySummary
import Amazonka.Organizations.Types.PolicyTargetSummary
import Amazonka.Organizations.Types.PolicyType
import Amazonka.Organizations.Types.PolicyTypeStatus
import Amazonka.Organizations.Types.PolicyTypeSummary
import Amazonka.Organizations.Types.Root
import Amazonka.Organizations.Types.Tag
import Amazonka.Organizations.Types.TargetType
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Sign.V4 as Sign

-- | API version @2016-11-28@ of the Amazon Organizations SDK configuration.
defaultService :: Core.Service
defaultService :: Service
defaultService =
  Service :: Abbrev
-> Signer
-> ByteString
-> ByteString
-> ByteString
-> (Region -> Endpoint)
-> Maybe Seconds
-> (Status -> Bool)
-> (Status -> [Header] -> ByteStringLazy -> Error)
-> Retry
-> Service
Core.Service
    { $sel:_serviceAbbrev:Service :: Abbrev
Core._serviceAbbrev = Abbrev
"Organizations",
      $sel:_serviceSigner:Service :: Signer
Core._serviceSigner = Signer
Sign.v4,
      $sel:_serviceEndpointPrefix:Service :: ByteString
Core._serviceEndpointPrefix = ByteString
"organizations",
      $sel:_serviceSigningName:Service :: ByteString
Core._serviceSigningName = ByteString
"organizations",
      $sel:_serviceVersion:Service :: ByteString
Core._serviceVersion = ByteString
"2016-11-28",
      $sel:_serviceEndpoint:Service :: Region -> Endpoint
Core._serviceEndpoint =
        Service -> Region -> Endpoint
Core.defaultEndpoint Service
defaultService,
      $sel:_serviceTimeout:Service :: Maybe Seconds
Core._serviceTimeout = Seconds -> Maybe Seconds
forall a. a -> Maybe a
Prelude.Just Seconds
70,
      $sel:_serviceCheck:Service :: Status -> Bool
Core._serviceCheck = Status -> Bool
Core.statusSuccess,
      $sel:_serviceError:Service :: Status -> [Header] -> ByteStringLazy -> Error
Core._serviceError =
        Abbrev -> Status -> [Header] -> ByteStringLazy -> Error
Core.parseJSONError Abbrev
"Organizations",
      $sel:_serviceRetry:Service :: Retry
Core._serviceRetry = Retry
retry
    }
  where
    retry :: Retry
retry =
      Exponential :: Double -> Int -> Int -> (ServiceError -> Maybe Text) -> Retry
Core.Exponential
        { $sel:_retryBase:Exponential :: Double
Core._retryBase = Double
5.0e-2,
          $sel:_retryGrowth:Exponential :: Int
Core._retryGrowth = Int
2,
          $sel:_retryAttempts:Exponential :: Int
Core._retryAttempts = Int
5,
          $sel:_retryCheck:Exponential :: ServiceError -> Maybe Text
Core._retryCheck = ServiceError -> Maybe Text
forall a. IsString a => ServiceError -> Maybe a
check
        }
    check :: ServiceError -> Maybe a
check ServiceError
e
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has
          ( ErrorCode -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
ErrorCode -> Optic' p f ServiceError ServiceError
Core.hasCode ErrorCode
"ThrottledException"
              Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400
          )
          ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"throttled_exception"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has (Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
429) ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"too_many_requests"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has
          ( ErrorCode -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
ErrorCode -> Optic' p f ServiceError ServiceError
Core.hasCode ErrorCode
"ThrottlingException"
              Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400
          )
          ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"throttling_exception"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has
          ( ErrorCode -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
ErrorCode -> Optic' p f ServiceError ServiceError
Core.hasCode ErrorCode
"Throttling"
              Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400
          )
          ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"throttling"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has
          ( ErrorCode -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
ErrorCode -> Optic' p f ServiceError ServiceError
Core.hasCode
              ErrorCode
"ProvisionedThroughputExceededException"
              Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400
          )
          ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"throughput_exceeded"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has (Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
504) ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"gateway_timeout"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has
          ( ErrorCode -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
ErrorCode -> Optic' p f ServiceError ServiceError
Core.hasCode ErrorCode
"RequestThrottledException"
              Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400
          )
          ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"request_throttled_exception"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has (Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
502) ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"bad_gateway"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has (Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
503) ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"service_unavailable"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has (Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
500) ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"general_server_error"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has (Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
509) ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"limit_exceeded"
      | Bool
Prelude.otherwise = Maybe a
forall a. Maybe a
Prelude.Nothing

-- | We can\'t find a policy with the @PolicyId@ that you specified.
_PolicyNotFoundException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_PolicyNotFoundException :: Getting (First ServiceError) a ServiceError
_PolicyNotFoundException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"PolicyNotFoundException"

-- | The specified policy type is already enabled in the specified root.
_PolicyTypeAlreadyEnabledException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_PolicyTypeAlreadyEnabledException :: Getting (First ServiceError) a ServiceError
_PolicyTypeAlreadyEnabledException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"PolicyTypeAlreadyEnabledException"

-- | The requested operation would violate the constraint identified in the
-- reason code.
--
-- Some of the reasons in the following list might not be applicable to
-- this specific API or operation:
--
-- -   ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
--     the number of accounts in an organization. Note that deleted and
--     closed accounts still count toward your limit.
--
--     If you get this exception immediately after creating the
--     organization, wait one hour and try again. If after an hour it
--     continues to fail with this error, contact
--     <https://console.aws.amazon.com/support/home#/ AWS Support>.
--
-- -   ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
--     the invited account is already a member of an organization.
--
-- -   HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
--     handshakes that you can send in one day.
--
-- -   INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can\'t issue new
--     invitations to join an organization while it\'s in the process of
--     enabling all features. You can resume inviting accounts after you
--     finalize the process when all accounts have agreed to the change.
--
-- -   ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is
--     invalid because the organization has already enabled all features.
--
-- -   ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The
--     handshake request is invalid because the organization has already
--     started the process to enable all features.
--
-- -   ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed
--     because the account is from a different marketplace than the
--     accounts in the organization. For example, accounts with India
--     addresses must be associated with the AISPL marketplace. All
--     accounts in an organization must be from the same marketplace.
--
-- -   ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
--     change the membership of an account too quickly after its previous
--     change.
--
-- -   PAYMENT_INSTRUMENT_REQUIRED: You can\'t complete the operation with
--     an account that doesn\'t have a payment instrument, such as a credit
--     card, associated with it.
_HandshakeConstraintViolationException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_HandshakeConstraintViolationException :: Getting (First ServiceError) a ServiceError
_HandshakeConstraintViolationException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"HandshakeConstraintViolationException"

-- | You don\'t have permissions to perform the requested operation. The user
-- or role that is making the request must have at least one IAM
-- permissions policy attached that grants the required permissions. For
-- more information, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html Access Management>
-- in the /IAM User Guide./
_AccessDeniedException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_AccessDeniedException :: Getting (First ServiceError) a ServiceError
_AccessDeniedException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"AccessDeniedException"

-- | The provided policy document doesn\'t meet the requirements of the
-- specified policy type. For example, the syntax might be incorrect. For
-- details about service control policy syntax, see
-- <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html Service Control Policy Syntax>
-- in the /AWS Organizations User Guide./
_MalformedPolicyDocumentException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_MalformedPolicyDocumentException :: Getting (First ServiceError) a ServiceError
_MalformedPolicyDocumentException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"MalformedPolicyDocumentException"

-- | We can\'t find a root with the @RootId@ that you specified.
_RootNotFoundException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_RootNotFoundException :: Getting (First ServiceError) a ServiceError
_RootNotFoundException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"RootNotFoundException"

-- | You can\'t remove a management account from an organization. If you want
-- the management account to become a member account in another
-- organization, you must first delete the current organization of the
-- management account.
_MasterCannotLeaveOrganizationException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_MasterCannotLeaveOrganizationException :: Getting (First ServiceError) a ServiceError
_MasterCannotLeaveOrganizationException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"MasterCannotLeaveOrganizationException"

-- | We can\'t find an AWS account with the @AccountId@ that you specified,
-- or the account whose credentials you used to make this request isn\'t a
-- member of an organization.
_AccountNotFoundException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_AccountNotFoundException :: Getting (First ServiceError) a ServiceError
_AccountNotFoundException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"AccountNotFoundException"

-- | The specified account is already a delegated administrator for this AWS
-- service.
_AccountAlreadyRegisteredException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_AccountAlreadyRegisteredException :: Getting (First ServiceError) a ServiceError
_AccountAlreadyRegisteredException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"AccountAlreadyRegisteredException"

-- | A policy with the same name already exists.
_DuplicatePolicyException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_DuplicatePolicyException :: Getting (First ServiceError) a ServiceError
_DuplicatePolicyException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"DuplicatePolicyException"

-- | Performing this operation violates a minimum or maximum value limit. For
-- example, attempting to remove the last service control policy (SCP) from
-- an OU or root, inviting or creating too many accounts to the
-- organization, or attaching too many policies to an account, OU, or root.
-- This exception includes a reason that contains additional information
-- about the violated limit:
--
-- Some of the reasons in the following list might not be applicable to
-- this specific API or operation.
--
-- -   ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the
--     management account from the organization. You can\'t remove the
--     management account. Instead, after you remove all member accounts,
--     delete the organization itself.
--
-- -   ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an
--     account from the organization that doesn\'t yet have enough
--     information to exist as a standalone account. This account requires
--     you to first agree to the AWS Customer Agreement. Follow the steps
--     at
--     <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master Removing a member account from your organization>in
--     the /AWS Organizations User Guide./
--
-- -   ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to
--     remove an account from the organization that doesn\'t yet have
--     enough information to exist as a standalone account. This account
--     requires you to first complete phone verification. Follow the steps
--     at
--     <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master Removing a member account from your organization>
--     in the /AWS Organizations User Guide./
--
-- -   ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the
--     number of accounts that you can create in one day.
--
-- -   ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
--     the number of accounts in an organization. If you need more
--     accounts, contact
--     <https://console.aws.amazon.com/support/home#/ AWS Support> to
--     request an increase in your limit.
--
--     Or the number of invitations that you tried to send would cause you
--     to exceed the limit of accounts in your organization. Send fewer
--     invitations or contact AWS Support to request an increase in the
--     number of accounts.
--
--     Deleted and closed accounts still count toward your limit.
--
--     If you get this exception when running a command immediately after
--     creating the organization, wait one hour and try again. After an
--     hour, if the command continues to fail with this error, contact
--     <https://console.aws.amazon.com/support/home#/ AWS Support>.
--
-- -   CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
--     register the management account of the organization as a delegated
--     administrator for an AWS service integrated with Organizations. You
--     can designate only a member account as a delegated administrator.
--
-- -   CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to
--     remove an account that is registered as a delegated administrator
--     for a service integrated with your organization. To complete this
--     operation, you must first deregister this account as a delegated
--     administrator.
--
-- -   CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
--     organization in the specified region, you must enable all features
--     mode.
--
-- -   DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to
--     register an AWS account as a delegated administrator for an AWS
--     service that already has a delegated administrator. To complete this
--     operation, you must first deregister any existing delegated
--     administrators for this service.
--
-- -   EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
--     valid for a limited period of time. You must resubmit the request
--     and generate a new verfication code.
--
-- -   HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
--     handshakes that you can send in one day.
--
-- -   MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an
--     account in this organization, you first must migrate the
--     organization\'s management account to the marketplace that
--     corresponds to the management account\'s address. For example,
--     accounts with India addresses must be associated with the AISPL
--     marketplace. All accounts in an organization must be associated with
--     the same marketplace.
--
-- -   MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS
--     Regions in China. To create an organization, the master must have a
--     valid business license. For more information, contact customer
--     support.
--
-- -   MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
--     must first provide a valid contact address and phone number for the
--     management account. Then try the operation again.
--
-- -   MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
--     management account must have an associated account in the AWS
--     GovCloud (US-West) Region. For more information, see
--     <http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html AWS Organizations>
--     in the /AWS GovCloud User Guide./
--
-- -   MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an
--     organization with this management account, you first must associate
--     a valid payment instrument, such as a credit card, with the account.
--     Follow the steps at
--     <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info To leave an organization when all required account information has not yet been provided>
--     in the /AWS Organizations User Guide./
--
-- -   MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You
--     attempted to register more delegated administrators than allowed for
--     the service principal.
--
-- -   MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed
--     the number of policies of a certain type that can be attached to an
--     entity at one time.
--
-- -   MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
--     on this resource.
--
-- -   MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this
--     operation with this member account, you first must associate a valid
--     payment instrument, such as a credit card, with the account. Follow
--     the steps at
--     <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info To leave an organization when all required account information has not yet been provided>
--     in the /AWS Organizations User Guide./
--
-- -   MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
--     policy from an entity that would cause the entity to have fewer than
--     the minimum number of policies of a certain type required.
--
-- -   ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an
--     operation that requires the organization to be configured to support
--     all features. An organization that supports only consolidated
--     billing features can\'t perform this operation.
--
-- -   OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
--     too many levels deep.
--
-- -   OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
--     that you can have in an organization.
--
-- -   POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
--     is larger than the maximum size.
--
-- -   POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
--     policies that you can have in an organization.
--
-- -   TAG_POLICY_VIOLATION: You attempted to create or update a resource
--     with tags that are not compliant with the tag policy requirements
--     for this account.
_ConstraintViolationException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_ConstraintViolationException :: Getting (First ServiceError) a ServiceError
_ConstraintViolationException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"ConstraintViolationException"

-- | The specified account is not a delegated administrator for this AWS
-- service.
_AccountNotRegisteredException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_AccountNotRegisteredException :: Getting (First ServiceError) a ServiceError
_AccountNotRegisteredException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"AccountNotRegisteredException"

-- | AWS Organizations couldn\'t perform the operation because your
-- organization hasn\'t finished initializing. This can take up to an hour.
-- Try again later. If after one hour you continue to receive this error,
-- contact <https://console.aws.amazon.com/support/home#/ AWS Support>.
_FinalizingOrganizationException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_FinalizingOrganizationException :: Getting (First ServiceError) a ServiceError
_FinalizingOrganizationException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"FinalizingOrganizationException"

-- | We can\'t find a handshake with the @HandshakeId@ that you specified.
_HandshakeNotFoundException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_HandshakeNotFoundException :: Getting (First ServiceError) a ServiceError
_HandshakeNotFoundException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"HandshakeNotFoundException"

-- | You can\'t use the specified policy type with the feature set currently
-- enabled for this organization. For example, you can enable SCPs only
-- after you enable all features in the organization. For more information,
-- see
-- <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root Managing AWS Organizations Policies>in
-- the /AWS Organizations User Guide./
_PolicyTypeNotAvailableForOrganizationException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_PolicyTypeNotAvailableForOrganizationException :: Getting (First ServiceError) a ServiceError
_PolicyTypeNotAvailableForOrganizationException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"PolicyTypeNotAvailableForOrganizationException"

-- | We can\'t find an organizational unit (OU) or AWS account with the
-- @ChildId@ that you specified.
_ChildNotFoundException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_ChildNotFoundException :: Getting (First ServiceError) a ServiceError
_ChildNotFoundException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"ChildNotFoundException"

-- | This action isn\'t available in the current AWS Region.
_UnsupportedAPIEndpointException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_UnsupportedAPIEndpointException :: Getting (First ServiceError) a ServiceError
_UnsupportedAPIEndpointException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"UnsupportedAPIEndpointException"

-- | If you ran this action on the management account, this policy type is
-- not enabled. If you ran the action on a member account, the account
-- doesn\'t have an effective policy of this type. Contact the
-- administrator of your organization about attaching a policy of this type
-- to the account.
_EffectivePolicyNotFoundException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_EffectivePolicyNotFoundException :: Getting (First ServiceError) a ServiceError
_EffectivePolicyNotFoundException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"EffectivePolicyNotFoundException"

-- | We can\'t find an OU with the @OrganizationalUnitId@ that you specified.
_OrganizationalUnitNotFoundException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_OrganizationalUnitNotFoundException :: Getting (First ServiceError) a ServiceError
_OrganizationalUnitNotFoundException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"OrganizationalUnitNotFoundException"

-- | We can\'t find the destination container (a root or OU) with the
-- @ParentId@ that you specified.
_DestinationParentNotFoundException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_DestinationParentNotFoundException :: Getting (First ServiceError) a ServiceError
_DestinationParentNotFoundException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"DestinationParentNotFoundException"

-- | The organization isn\'t empty. To delete an organization, you must first
-- remove all accounts except the management account, delete all OUs, and
-- delete all policies.
_OrganizationNotEmptyException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_OrganizationNotEmptyException :: Getting (First ServiceError) a ServiceError
_OrganizationNotEmptyException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"OrganizationNotEmptyException"

-- | You can\'t invite an existing account to your organization until you
-- verify that you own the email address associated with the management
-- account. For more information, see
-- <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification Email Address Verification>
-- in the /AWS Organizations User Guide./
_AccountOwnerNotVerifiedException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_AccountOwnerNotVerifiedException :: Getting (First ServiceError) a ServiceError
_AccountOwnerNotVerifiedException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"AccountOwnerNotVerifiedException"

-- | The specified policy type isn\'t currently enabled in this root. You
-- can\'t attach policies of the specified type to entities in a root until
-- you enable that type in the root. For more information, see
-- <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html Enabling All Features in Your Organization>
-- in the /AWS Organizations User Guide./
_PolicyTypeNotEnabledException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_PolicyTypeNotEnabledException :: Getting (First ServiceError) a ServiceError
_PolicyTypeNotEnabledException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"PolicyTypeNotEnabledException"

-- | A handshake with the same action and target already exists. For example,
-- if you invited an account to join your organization, the invited account
-- might already have a pending invitation from this organization. If you
-- intend to resend an invitation to an account, ensure that existing
-- handshakes that might be considered duplicates are canceled or declined.
_DuplicateHandshakeException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_DuplicateHandshakeException :: Getting (First ServiceError) a ServiceError
_DuplicateHandshakeException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"DuplicateHandshakeException"

-- | The specified OU is not empty. Move all accounts to another root or to
-- other OUs, remove all child OUs, and try the operation again.
_OrganizationalUnitNotEmptyException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_OrganizationalUnitNotEmptyException :: Getting (First ServiceError) a ServiceError
_OrganizationalUnitNotEmptyException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"OrganizationalUnitNotEmptyException"

-- | You have sent too many requests in too short a period of time. The quota
-- helps protect against denial-of-service attacks. Try again later.
--
-- For information about quotas that affect AWS Organizations, see
-- <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html Quotas for AWS Organizations>in
-- the /AWS Organizations User Guide./
_TooManyRequestsException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_TooManyRequestsException :: Getting (First ServiceError) a ServiceError
_TooManyRequestsException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"TooManyRequestsException"

-- | The target of the operation is currently being modified by a different
-- request. Try again later.
_ConcurrentModificationException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_ConcurrentModificationException :: Getting (First ServiceError) a ServiceError
_ConcurrentModificationException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"ConcurrentModificationException"

-- | AWS Organizations can\'t complete your request because of an internal
-- service error. Try again later.
_ServiceException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_ServiceException :: Getting (First ServiceError) a ServiceError
_ServiceException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"ServiceException"

-- | We can\'t find a source root or OU with the @ParentId@ that you
-- specified.
_SourceParentNotFoundException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_SourceParentNotFoundException :: Getting (First ServiceError) a ServiceError
_SourceParentNotFoundException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"SourceParentNotFoundException"

-- | We can\'t find a root, OU, account, or policy with the @TargetId@ that
-- you specified.
_TargetNotFoundException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_TargetNotFoundException :: Getting (First ServiceError) a ServiceError
_TargetNotFoundException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"TargetNotFoundException"

-- | We can\'t find an create account request with the
-- @CreateAccountRequestId@ that you specified.
_CreateAccountStatusNotFoundException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_CreateAccountStatusNotFoundException :: Getting (First ServiceError) a ServiceError
_CreateAccountStatusNotFoundException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"CreateAccountStatusNotFoundException"

-- | This account is already a member of an organization. An account can
-- belong to only one organization at a time.
_AlreadyInOrganizationException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_AlreadyInOrganizationException :: Getting (First ServiceError) a ServiceError
_AlreadyInOrganizationException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"AlreadyInOrganizationException"

-- | An OU with the same name already exists.
_DuplicateOrganizationalUnitException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_DuplicateOrganizationalUnitException :: Getting (First ServiceError) a ServiceError
_DuplicateOrganizationalUnitException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"DuplicateOrganizationalUnitException"

-- | The requested operation failed because you provided invalid values for
-- one or more of the request parameters. This exception includes a reason
-- that contains additional information about the violated limit:
--
-- Some of the reasons in the following list might not be applicable to
-- this specific API or operation.
--
-- -   DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached
--     to the same entity.
--
-- -   IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
--     can\'t be modified.
--
-- -   INPUT_REQUIRED: You must include a value for all required
--     parameters.
--
-- -   INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
--     for the invited account owner.
--
-- -   INVALID_ENUM: You specified an invalid value.
--
-- -   INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type
--     string.
--
-- -   INVALID_FULL_NAME_TARGET: You specified a full name that contains
--     invalid characters.
--
-- -   INVALID_LIST_MEMBER: You provided a list to a parameter that
--     contains at least one invalid value.
--
-- -   INVALID_PAGINATION_TOKEN: Get the value for the @NextToken@
--     parameter from the response to a previous call of the operation.
--
-- -   INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity
--     (account, organization, or email) as a party.
--
-- -   INVALID_PATTERN: You provided a value that doesn\'t match the
--     required pattern.
--
-- -   INVALID_PATTERN_TARGET_ID: You specified a policy target ID that
--     doesn\'t match the required pattern.
--
-- -   INVALID_ROLE_NAME: You provided a role name that isn\'t valid. A
--     role name can\'t begin with the reserved prefix @AWSServiceRoleFor@.
--
-- -   INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon
--     Resource Name (ARN) for the organization.
--
-- -   INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
--
-- -   INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a
--     system tag. You can’t add, edit, or delete system tag keys because
--     they\'re reserved for AWS use. System tags don’t count against your
--     tags per resource limit.
--
-- -   MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
--     for the operation.
--
-- -   MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
--     than allowed.
--
-- -   MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a
--     larger value than allowed.
--
-- -   MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
--     than allowed.
--
-- -   MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a
--     smaller value than allowed.
--
-- -   MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
--     between entities in the same root.
--
-- -   TARGET_NOT_SUPPORTED: You can\'t perform the specified operation on
--     that target entity.
--
-- -   UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal
--     that isn\'t recognized.
_InvalidInputException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_InvalidInputException :: Getting (First ServiceError) a ServiceError
_InvalidInputException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"InvalidInputException"

-- | Changes to the effective policy are in progress, and its contents can\'t
-- be returned. Try the operation again later.
_PolicyChangesInProgressException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_PolicyChangesInProgressException :: Getting (First ServiceError) a ServiceError
_PolicyChangesInProgressException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"PolicyChangesInProgressException"

-- | The policy isn\'t attached to the specified target in the specified
-- root.
_PolicyNotAttachedException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_PolicyNotAttachedException :: Getting (First ServiceError) a ServiceError
_PolicyNotAttachedException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"PolicyNotAttachedException"

-- | We can\'t find a root or OU with the @ParentId@ that you specified.
_ParentNotFoundException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_ParentNotFoundException :: Getting (First ServiceError) a ServiceError
_ParentNotFoundException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"ParentNotFoundException"

-- | The operation that you attempted requires you to have the
-- @iam:CreateServiceLinkedRole@ for @organizations.amazonaws.com@
-- permission so that AWS Organizations can create the required
-- service-linked role. You don\'t have that permission.
_AccessDeniedForDependencyException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_AccessDeniedForDependencyException :: Getting (First ServiceError) a ServiceError
_AccessDeniedForDependencyException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"AccessDeniedForDependencyException"

-- | Your account isn\'t a member of an organization. To make this request,
-- you must use the credentials of an account that belongs to an
-- organization.
_AWSOrganizationsNotInUseException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_AWSOrganizationsNotInUseException :: Getting (First ServiceError) a ServiceError
_AWSOrganizationsNotInUseException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"AWSOrganizationsNotInUseException"

-- | The policy is attached to one or more entities. You must detach it from
-- all roots, OUs, and accounts before performing this operation.
_PolicyInUseException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_PolicyInUseException :: Getting (First ServiceError) a ServiceError
_PolicyInUseException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"PolicyInUseException"

-- | You can\'t perform the operation on the handshake in its current state.
-- For example, you can\'t cancel a handshake that was already accepted or
-- accept a handshake that was already declined.
_InvalidHandshakeTransitionException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_InvalidHandshakeTransitionException :: Getting (First ServiceError) a ServiceError
_InvalidHandshakeTransitionException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"InvalidHandshakeTransitionException"

-- | The specified handshake is already in the requested state. For example,
-- you can\'t accept a handshake that was already accepted.
_HandshakeAlreadyInStateException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_HandshakeAlreadyInStateException :: Getting (First ServiceError) a ServiceError
_HandshakeAlreadyInStateException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"HandshakeAlreadyInStateException"

-- | That account is already present in the specified destination.
_DuplicateAccountException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_DuplicateAccountException :: Getting (First ServiceError) a ServiceError
_DuplicateAccountException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"DuplicateAccountException"

-- | The selected policy is already attached to the specified target.
_DuplicatePolicyAttachmentException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_DuplicatePolicyAttachmentException :: Getting (First ServiceError) a ServiceError
_DuplicatePolicyAttachmentException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"DuplicatePolicyAttachmentException"