DisableOrganizationsRootSessions
Disables root user sessions for privileged tasks across member accounts in your organization. When you disable this feature, the management account and the delegated administrator for IAM can no longer perform privileged tasks on member accounts in your organization.
Response Elements
The following elements are returned by the service.
- EnabledFeatures.member.N
-
The features you have enabled for centralized root access of member accounts in your organization.
Type: Array of strings
Valid Values:
RootCredentialsManagement | RootSessions
- OrganizationId
-
The unique identifier (ID) of an organization.
Type: String
Length Constraints: Maximum length of 34.
Pattern:
^o-[a-z0-9]{10,32}$
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccountNotManagementOrDelegatedAdministrator
-
The request was rejected because the account making the request is not the management account or delegated administrator account for centralized root access.
HTTP Status Code: 400
- OrganizationNotFound
-
The request was rejected because no organization is associated with your account.
HTTP Status Code: 400
- OrganizationNotInAllFeaturesMode
-
The request was rejected because your organization does not have All features enabled. For more information, see Available feature sets in the AWS Organizations User Guide.
HTTP Status Code: 400
- ServiceAccessNotEnabled
-
The request was rejected because trusted access is not enabled for IAM in AWS Organizations. For details, see IAM and AWS Organizations in the AWS Organizations User Guide.
HTTP Status Code: 400
Examples
Example
This example illustrates one usage of DisableOrganizationsRootSessions.
Sample Request
https://iam.amazonaws.com/?Action=DisableOrganizationsRootSessions
&Version=2010-05-08
&AUTHPARAMS
Sample Response
<DisableOrganizationsRootSessionsResponse xmlns="https://iam.amazonaws.com/doc/2024-11-03/">
<ResponseMetadata>
<EnabledFeatures>
<member><RootCredentialsManagement></member>
</EnabledFeatures>
<OrganizationId>o111122223333</OrganizationId>
</ResponseMetadata>
</DisableOrganizationsRootSessionsResponse>
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: