Organizations / Client / describe_handshake
describe_handshake#
- Organizations.Client.describe_handshake(**kwargs)#
Retrieves information about a previously requested handshake. The handshake ID comes from the response to the original InviteAccountToOrganization operation that generated the handshake.
You can access handshakes that are
ACCEPTED
,DECLINED
, orCANCELED
for only 30 days after they change to that state. They’re then deleted and no longer accessible.This operation can be called from any account in the organization.
See also: AWS API Documentation
Request Syntax
response = client.describe_handshake( HandshakeId='string' )
- Parameters:
HandshakeId (string) –
[REQUIRED]
The unique identifier (ID) of the handshake that you want information about. You can get the ID from the original call to InviteAccountToOrganization, or from a call to ListHandshakesForAccount or ListHandshakesForOrganization.
The regex pattern for handshake ID string requires “h-” followed by from 8 to 32 lowercase letters or digits.
- Return type:
dict
- Returns:
Response Syntax
{ 'Handshake': { 'Id': 'string', 'Arn': 'string', 'Parties': [ { 'Id': 'string', 'Type': 'ACCOUNT'|'ORGANIZATION'|'EMAIL' }, ], 'State': 'REQUESTED'|'OPEN'|'CANCELED'|'ACCEPTED'|'DECLINED'|'EXPIRED', 'RequestedTimestamp': datetime(2015, 1, 1), 'ExpirationTimestamp': datetime(2015, 1, 1), 'Action': 'INVITE'|'ENABLE_ALL_FEATURES'|'APPROVE_ALL_FEATURES'|'ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE', 'Resources': [ { 'Value': 'string', 'Type': 'ACCOUNT'|'ORGANIZATION'|'ORGANIZATION_FEATURE_SET'|'EMAIL'|'MASTER_EMAIL'|'MASTER_NAME'|'NOTES'|'PARENT_HANDSHAKE', 'Resources': {'... recursive ...'} }, ] } }
Response Structure
(dict) –
Handshake (dict) –
A structure that contains information about the specified handshake.
Id (string) –
The unique identifier (ID) of a handshake. The originating account creates the ID when it initiates the handshake.
The regex pattern for handshake ID string requires “h-” followed by from 8 to 32 lowercase letters or digits.
Arn (string) –
The Amazon Resource Name (ARN) of a handshake.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
Parties (list) –
Information about the two accounts that are participating in the handshake.
(dict) –
Identifies a participant in a handshake.
Id (string) –
The unique identifier (ID) for the party.
The regex pattern for handshake ID string requires “h-” followed by from 8 to 32 lowercase letters or digits.
Type (string) –
The type of party.
State (string) –
The current state of the handshake. Use the state to trace the flow of the handshake through the process from its creation to its acceptance. The meaning of each of the valid values is as follows:
REQUESTED: This handshake was sent to multiple recipients (applicable to only some handshake types) and not all recipients have responded yet. The request stays in this state until all recipients respond.
OPEN: This handshake was sent to multiple recipients (applicable to only some policy types) and all recipients have responded, allowing the originator to complete the handshake action.
CANCELED: This handshake is no longer active because it was canceled by the originating account.
ACCEPTED: This handshake is complete because it has been accepted by the recipient.
DECLINED: This handshake is no longer active because it was declined by the recipient account.
EXPIRED: This handshake is no longer active because the originator did not receive a response of any kind from the recipient before the expiration time (15 days).
RequestedTimestamp (datetime) –
The date and time that the handshake request was made.
ExpirationTimestamp (datetime) –
The date and time that the handshake expires. If the recipient of the handshake request fails to respond before the specified date and time, the handshake becomes inactive and is no longer valid.
Action (string) –
The type of handshake, indicating what action occurs when the recipient accepts the handshake. The following handshake types are supported:
INVITE: This type of handshake represents a request to join an organization. It is always sent from the management account to only non-member accounts.
ENABLE_ALL_FEATURES: This type of handshake represents a request to enable all features in an organization. It is always sent from the management account to only invited member accounts. Created accounts do not receive this because those accounts were created by the organization’s management account and approval is inferred.
APPROVE_ALL_FEATURES: This type of handshake is sent from the Organizations service when all member accounts have approved the
ENABLE_ALL_FEATURES
invitation. It is sent only to the management account and signals the master that it can finalize the process to enable all features.
Resources (list) –
Additional information that is needed to process the handshake.
(dict) –
Contains additional data that is needed to process a handshake.
Value (string) –
The information that is passed to the other party in the handshake. The format of the value string must match the requirements of the specified type.
Type (string) –
The type of information being passed, specifying how the value is to be interpreted by the other party:
ACCOUNT
- Specifies an Amazon Web Services account ID number.ORGANIZATION
- Specifies an organization ID number.EMAIL
- Specifies the email address that is associated with the account that receives the handshake.OWNER_EMAIL
- Specifies the email address associated with the management account. Included as information about an organization.OWNER_NAME
- Specifies the name associated with the management account. Included as information about an organization.NOTES
- Additional text provided by the handshake initiator and intended for the recipient to read.
Resources (list) –
When needed, contains an additional array of
HandshakeResource
objects.
Exceptions
Examples
The following example shows you how to request details about a handshake. The handshake ID comes either from the original call to “InviteAccountToOrganization”, or from a call to “ListHandshakesForAccount” or “ListHandshakesForOrganization”:
response = client.describe_handshake( HandshakeId='h-examplehandshakeid111', ) print(response)
Expected Output:
{ 'Handshake': { 'Action': 'INVITE', 'Arn': 'arn:aws:organizations::111111111111:handshake/o-exampleorgid/invite/h-examplehandshakeid111', 'ExpirationTimestamp': datetime(2016, 11, 30, 17, 24, 58, 2, 335, 0), 'Id': 'h-examplehandshakeid111', 'Parties': [ { 'Id': 'o-exampleorgid', 'Type': 'ORGANIZATION', }, { 'Id': '333333333333', 'Type': 'ACCOUNT', }, ], 'RequestedTimestamp': datetime(2016, 11, 30, 17, 24, 58, 2, 335, 0), 'Resources': [ { 'Resources': [ { 'Type': 'MASTER_EMAIL', 'Value': 'bill@example.com', }, { 'Type': 'MASTER_NAME', 'Value': 'Master Account', }, ], 'Type': 'ORGANIZATION', 'Value': 'o-exampleorgid', }, { 'Type': 'ACCOUNT', 'Value': '333333333333', }, ], 'State': 'OPEN', }, 'ResponseMetadata': { '...': '...', }, }