Disables the integration of an AWS service (the service that is
specified by ServicePrincipal) with AWS Organizations. When you
disable integration, the specified service no longer can create a
service-linked role
in new accounts in your organization. This means the service can\'t
perform operations on your behalf on any new accounts in your
organization. The service can still perform operations in older accounts
until the service completes its clean-up from AWS Organizations.
organizations_disable_aws_service_access(ServicePrincipal)[required] The service principal name of the AWS service for which you want to
disable integration with your organization. This is typically in the
form of a URL, such as <i>service-abbreviation</i>.amazonaws.com.
svc$disable_aws_service_access( ServicePrincipal = "string" )
We recommend that you disable integration between AWS Organizations and the specified AWS service by using the console or commands that are provided by the specified service. Doing so ensures that the other service is aware that it can clean up any resources that are required only for the integration. How the service cleans up its resources in the organization\'s accounts depends on that service. For more information, see the documentation for the other AWS service.
After you perform the DisableAWSServiceAccess operation, the specified
service can no longer perform operations in your organization\'s
accounts. The only exception is when the operations are explicitly
permitted by IAM policies that are attached to your roles.
For more information about integrating other services with AWS Organizations, including the list of services that work with Organizations, see Integrating AWS Organizations with Other AWS Services in the AWS Organizations User Guide.
This operation can be called only from the organization\'s master account.