accept_handshake
(**kwargs)¶Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request.
You can only call this operation by the following principals when they also have the relevant IAM permissions:
organizations:AcceptHandshake
permission. If you enabled all features in the organization, the user must also have the iam:CreateServiceLinkedRole
permission so that Organizations can create the required service-linked role named AWSServiceRoleForOrganizations
. For more information, see Organizations and Service-Linked Roles in the Organizations User Guide .After you accept a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
See also: AWS API Documentation
Request Syntax
response = client.accept_handshake(
HandshakeId='string'
)
[REQUIRED]
The unique identifier (ID) of the handshake that you want to accept.
The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lowercase letters or digits.
{
'Handshake': {
'Id': 'string',
'Arn': 'string',
'Parties': [
{
'Id': 'string',
'Type': 'ACCOUNT'|'ORGANIZATION'|'EMAIL'
},
],
'State': 'REQUESTED'|'OPEN'|'CANCELED'|'ACCEPTED'|'DECLINED'|'EXPIRED',
'RequestedTimestamp': datetime(2015, 1, 1),
'ExpirationTimestamp': datetime(2015, 1, 1),
'Action': 'INVITE'|'ENABLE_ALL_FEATURES'|'APPROVE_ALL_FEATURES'|'ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE',
'Resources': [
{
'Value': 'string',
'Type': 'ACCOUNT'|'ORGANIZATION'|'ORGANIZATION_FEATURE_SET'|'EMAIL'|'MASTER_EMAIL'|'MASTER_NAME'|'NOTES'|'PARENT_HANDSHAKE',
'Resources': {'... recursive ...'}
},
]
}
}
Response Structure
A structure that contains details about the accepted handshake.
The unique identifier (ID) of a handshake. The originating account creates the ID when it initiates the handshake.
The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lowercase letters or digits.
The Amazon Resource Name (ARN) of a handshake.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference .
Information about the two accounts that are participating in the handshake.
Identifies a participant in a handshake.
The unique identifier (ID) for the party.
The regex pattern for handshake ID string requires "h-" followed by from 8 to 32 lowercase letters or digits.
The type of party.
The current state of the handshake. Use the state to trace the flow of the handshake through the process from its creation to its acceptance. The meaning of each of the valid values is as follows:
The date and time that the handshake request was made.
The date and time that the handshake expires. If the recipient of the handshake request fails to respond before the specified date and time, the handshake becomes inactive and is no longer valid.
The type of handshake, indicating what action occurs when the recipient accepts the handshake. The following handshake types are supported:
ENABLE_ALL_FEATURES
invitation. It is sent only to the management account and signals the master that it can finalize the process to enable all features.Additional information that is needed to process the handshake.
Contains additional data that is needed to process a handshake.
The information that is passed to the other party in the handshake. The format of the value string must match the requirements of the specified type.
The type of information being passed, specifying how the value is to be interpreted by the other party:
ACCOUNT
- Specifies an Amazon Web Services account ID number.ORGANIZATION
- Specifies an organization ID number.EMAIL
- Specifies the email address that is associated with the account that receives the handshake.OWNER_EMAIL
- Specifies the email address associated with the management account. Included as information about an organization.OWNER_NAME
- Specifies the name associated with the management account. Included as information about an organization.NOTES
- Additional text provided by the handshake initiator and intended for the recipient to read.When needed, contains an additional array of HandshakeResource
objects.
Exceptions
Organizations.Client.exceptions.AccessDeniedException
Organizations.Client.exceptions.AWSOrganizationsNotInUseException
Organizations.Client.exceptions.HandshakeConstraintViolationException
Organizations.Client.exceptions.HandshakeNotFoundException
Organizations.Client.exceptions.InvalidHandshakeTransitionException
Organizations.Client.exceptions.HandshakeAlreadyInStateException
Organizations.Client.exceptions.InvalidInputException
Organizations.Client.exceptions.ConcurrentModificationException
Organizations.Client.exceptions.ServiceException
Organizations.Client.exceptions.TooManyRequestsException
Organizations.Client.exceptions.AccessDeniedForDependencyException
Examples
Bill is the owner of an organization, and he invites Juan's account (222222222222) to join his organization. The following example shows Juan's account accepting the handshake and thus agreeing to the invitation.
response = client.accept_handshake(
HandshakeId='h-examplehandshakeid111',
)
print(response)
Expected Output:
{
'Handshake': {
'Action': 'INVITE',
'Arn': 'arn:aws:organizations::111111111111:handshake/o-exampleorgid/invite/h-examplehandshakeid111',
'ExpirationTimestamp': datetime(2017, 2, 28, 12, 15, 0, 1, 59, 0),
'Id': 'h-examplehandshakeid111',
'Parties': [
{
'Id': 'o-exampleorgid',
'Type': 'ORGANIZATION',
},
{
'Id': 'juan@example.com',
'Type': 'EMAIL',
},
],
'RequestedTimestamp': datetime(2017, 2, 14, 12, 15, 0, 1, 45, 0),
'Resources': [
{
'Resources': [
{
'Type': 'MASTER_EMAIL',
'Value': 'bill@amazon.com',
},
{
'Type': 'MASTER_NAME',
'Value': 'Org Master Account',
},
{
'Type': 'ORGANIZATION_FEATURE_SET',
'Value': 'ALL',
},
],
'Type': 'ORGANIZATION',
'Value': 'o-exampleorgid',
},
{
'Type': 'ACCOUNT',
'Value': '222222222222',
},
],
'State': 'ACCEPTED',
},
'ResponseMetadata': {
'...': '...',
},
}