Lỗi sorry the parameters you provided were not valid năm 2024
Creates an AWS account that is automatically a member of the organization whose credentials made the request. This is an asynchronous request that AWS performs in the background. Because
The user who calls the API to create an account must have the`organizations:CreateAccount` permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named`AWSServiceRoleForOrganizations`. For more information, see in the AWS Organizations User Guide. If the request includes tags, then the requester must have the
0 permission. AWS Organizations preconfigures the new member account with a role (named
1 by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account. This operation can be called only from the organization's management account. For more information about creating accounts, see Creating a member account in your organization in the AWS Organizations User Guide. Important
Note When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable it, only the account root user can access billing information. For information about how to disable this switch for an account, see . Request Syntax
Request ParametersFor information about the parameters that are common to all actions, see Common Parameters. The request accepts the following data in JSON format. The friendly name of the member account. Type: String Length Constraints: Minimum length of 1. Maximum length of 50. Pattern:
3 Required: Yes The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. The rules for a valid email address:
You can't access the root user of the account or remove an account that was created with an invalid email address. Type: String Length Constraints: Minimum length of 6. Maximum length of 64. Pattern:
4 Required: Yes If set to
5, the new account enables IAM users to access account billing information if they have the required permissions. If set to
6, only the root user of the new account can access account billing information. For more information, see in the AWS Billing and Cost Management User Guide. If you don't specify this parameter, the value defaults to
5, and IAM users and roles with the required permissions can access billing information for the new account. Type: String Valid Values:
8 Required: No The name of an IAM role that AWS Organizations automatically preconfigures in the new member account. This role trusts the management account, allowing users in the management account to assume the role, as permitted by the management account administrator. The role has administrator permissions in the new member account. If you don't specify this parameter, the role name defaults to
1. For more information about how to use this role to access the member account, see the following links:
The regex pattern that is used to validate this parameter. The pattern can include uppercase letters, lowercase letters, digits with no spaces, and any of the following characters: =,.@- Type: String Length Constraints: Maximum length of 64. Pattern:
0 Required: No A list of tags that you want to attach to the newly created account. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to
1. For more information about tagging, see Tagging AWS Organizations resources in the AWS Organizations User Guide. Note If any one of the tags is not valid or if you exceed the maximum allowed number of tags for an account, then the entire request fails and the account is not created. Type: Array of Tag objects Required: No Response Syntax
Response ElementsIf the action is successful, the service sends back an HTTP 200 response. The following data is returned in JSON format by the service. A structure that contains details about the request to create an account. This response structure might not be fully populated when you first receive it because account creation is an asynchronous process. You can pass the returned`CreateAccountStatus` ID as a parameter to DescribeCreateAccountStatus to get status about the progress of the request at later times. You can also check the CloudTrail log for the`CreateAccountResult` event. For more information, see Logging and monitoring in AWS Organizations in the AWS Organizations User Guide. Type: CreateAccountStatus object ErrorsFor information about the errors that are common to all actions, see Common Errors. AccessDeniedException You don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access Management in the IAM User Guide. HTTP Status Code: 400 AWSOrganizationsNotInUseException Your account isn't a member of an organization. To make this request, you must use the credentials of an account that belongs to an organization. HTTP Status Code: 400 ConcurrentModificationException The target of the operation is currently being modified by a different request. Try again later. HTTP Status Code: 400 ConstraintViolationException Performing this operation violates a minimum or maximum value limit. For example, attempting to remove the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit: Note Some of the reasons in the following list might not be applicable to this specific API or operation.
HTTP Status Code: 400 FinalizingOrganizationException AWS Organizations couldn't perform the operation because your organization hasn't finished initializing. This can take up to an hour. Try again later. If after one hour you continue to receive this error, contact . HTTP Status Code: 400 InvalidInputException The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit: Note Some of the reasons in the following list might not be applicable to this specific API or operation.
HTTP Status Code: 400 ServiceException AWS Organizations can't complete your request because of an internal service error. Try again later. HTTP Status Code: 500 TooManyRequestsException You have sent too many requests in too short a period of time. The quota helps protect against denial-of-service attacks. Try again later. For information about quotas that affect AWS Organizations, see Quotas for AWS Organizations in the AWS Organizations User Guide. HTTP Status Code: 400 UnsupportedAPIEndpointException This action isn't available in the current AWS Region. HTTP Status Code: 400 ExamplesExampleThe following example shows how to create a member account in an organization. The member account is configured with the name
7 and the email address of
8. AWS Organizations automatically creates an IAM role using the default name of
1 because the
0 parameter isn't specified. Also, the setting that allows IAM users or roles with sufficient permissions to access account billing data is set to the default value of
5 because the
2 parameter isn't specified. AWS Organizations automatically sends Anaya a "Welcome to AWS" email. Sample Request
Sample Response
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following: |