AWS Control Tower

2022/09/01 - AWS Control Tower - 4 new api methods

Changes  This release contains the first SDK for AWS Control Tower. It introduces a new set of APIs: EnableControl, DisableControl, GetControlOperation, and ListEnabledControls.

DisableControl (new) Link ¶

This API call turns off a control. It starts an asynchronous operation that deletes AWS resources on the specified organizational unit and the accounts it contains. The resources will vary according to the control that you specify.

See also: AWS API Documentation

Request Syntax

client.disable_control(
    controlIdentifier='string',
    targetIdentifier='string'
)
type controlIdentifier

string

param controlIdentifier

[REQUIRED]

The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny guardrail.

type targetIdentifier

string

param targetIdentifier

[REQUIRED]

The ARN of the organizational unit.

rtype

dict

returns

Response Syntax

{
    'operationIdentifier': 'string'
}

Response Structure

  • (dict) --

    • operationIdentifier (string) --

      The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.

ListEnabledControls (new) Link ¶

Lists the controls enabled by AWS Control Tower on the specified organizational unit and the accounts it contains.

See also: AWS API Documentation

Request Syntax

client.list_enabled_controls(
    maxResults=123,
    nextToken='string',
    targetIdentifier='string'
)
type maxResults

integer

param maxResults

How many results to return per API call.

type nextToken

string

param nextToken

The token to continue the list from a previous API call with the same parameters.

type targetIdentifier

string

param targetIdentifier

[REQUIRED]

The ARN of the organizational unit.

rtype

dict

returns

Response Syntax

{
    'enabledControls': [
        {
            'controlIdentifier': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • enabledControls (list) --

      Lists the controls enabled by AWS Control Tower on the specified organizational unit and the accounts it contains.

      • (dict) --

        A summary of enabled controls.

        • controlIdentifier (string) --

          The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny guardrail.

    • nextToken (string) --

      Retrieves the next page of results. If the string is empty, the current response is the end of the results.

EnableControl (new) Link ¶

This API call activates a control. It starts an asynchronous operation that creates AWS resources on the specified organizational unit and the accounts it contains. The resources created will vary according to the control that you specify.

See also: AWS API Documentation

Request Syntax

client.enable_control(
    controlIdentifier='string',
    targetIdentifier='string'
)
type controlIdentifier

string

param controlIdentifier

[REQUIRED]

The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny guardrail.

type targetIdentifier

string

param targetIdentifier

[REQUIRED]

The ARN of the organizational unit.

rtype

dict

returns

Response Syntax

{
    'operationIdentifier': 'string'
}

Response Structure

  • (dict) --

    • operationIdentifier (string) --

      The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.

GetControlOperation (new) Link ¶

Returns the status of a particular EnableControl or DisableControl operation. Displays a message in case of error. Details for an operation are available for 90 days.

See also: AWS API Documentation

Request Syntax

client.get_control_operation(
    operationIdentifier='string'
)
type operationIdentifier

string

param operationIdentifier

[REQUIRED]

The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.

rtype

dict

returns

Response Syntax

{
    'controlOperation': {
        'endTime': datetime(2015, 1, 1),
        'operationType': 'ENABLE_CONTROL'|'DISABLE_CONTROL',
        'startTime': datetime(2015, 1, 1),
        'status': 'SUCCEEDED'|'FAILED'|'IN_PROGRESS',
        'statusMessage': 'string'
    }
}

Response Structure

  • (dict) --

    • controlOperation (dict) --

      • endTime (datetime) --

        The time that the operation finished.

      • operationType (string) --

        One of ENABLE_CONTROL or DISABLE_CONTROL .

      • startTime (datetime) --

        The time that the operation began.

      • status (string) --

        One of IN_PROGRESS , SUCEEDED , or FAILED .

      • statusMessage (string) --

        If the operation result is FAILED , this string contains a message explaining why the operation failed.