/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ /* * Do not modify this file. This file is generated from the organizations-2016-11-28.normal.json service model. */ using System; using System.Collections.Generic; using System.Xml.Serialization; using System.Text; using System.IO; using System.Net; using Amazon.Runtime; using Amazon.Runtime.Internal; namespace Amazon.Organizations.Model { ///

/// Container for the parameters to the DetachPolicy operation. /// Detaches a policy from a target root, organizational unit (OU), or account. /// /// /// /// If the policy being detached is a service control policy (SCP), the changes to permissions /// for Identity and Access Management (IAM) users and roles in affected accounts are /// immediate. /// /// /// /// Every root, OU, and account must have at least one SCP attached. If you want to replace /// the default FullAWSAccess policy with an SCP that limits the permissions /// that can be delegated, you must attach the replacement SCP before you can remove the /// default SCP. This is the authorization strategy of an "allow /// list". If you instead attach a second SCP and leave the FullAWSAccess /// SCP still attached, and specify "Effect": "Deny" in the second SCP to /// override the "Effect": "Allow" in the FullAWSAccess policy /// (or any other attached SCP), you're using the authorization strategy of a "deny /// list". /// /// /// /// This operation can be called only from the organization's management account. /// ///

public partial class DetachPolicyRequest : AmazonOrganizationsRequest { private string _policyId; private string _targetId; ///

/// Gets and sets the property PolicyId. /// /// The unique identifier (ID) of the policy you want to detach. You can get the ID from /// the ListPolicies or ListPoliciesForTarget operations. /// /// /// /// The regex pattern for a policy ID string /// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, or /// the underscore character (_). /// ///

[AWSProperty(Required=true, Max=130)] public string PolicyId { get { return this._policyId; } set { this._policyId = value; } } // Check to see if PolicyId property is set internal bool IsSetPolicyId() { return this._policyId != null; } ///

/// Gets and sets the property TargetId. /// /// The unique identifier (ID) of the root, OU, or account that you want to detach the /// policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent, /// or ListAccounts operations. /// /// /// /// The regex pattern for a target ID string /// requires one of the following: /// ///

/// /// Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters /// or digits. /// ///
/// /// Account - A string that consists of exactly 12 digits. /// ///
/// /// Organizational unit (OU) - A string that begins with "ou-" followed by from /// 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string /// is followed by a second "-" dash and from 8 to 32 additional lowercase letters or /// digits. /// ///

///

[AWSProperty(Required=true, Max=100)] public string TargetId { get { return this._targetId; } set { this._targetId = value; } } // Check to see if TargetId property is set internal bool IsSetTargetId() { return this._targetId != null; } } }