2022/09/01 - AWS Control Tower - 4 new api methods
Changes This release contains the first SDK for AWS Control Tower. It introduces a new set of APIs: EnableControl, DisableControl, GetControlOperation, and ListEnabledControls.
This API call turns off a control. It starts an asynchronous operation that deletes AWS resources on the specified organizational unit and the accounts it contains. The resources will vary according to the control that you specify.
See also: AWS API Documentation
Request Syntax
client.disable_control( controlIdentifier='string', targetIdentifier='string' )
string
[REQUIRED]
The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny guardrail.
string
[REQUIRED]
The ARN of the organizational unit.
dict
Response Syntax
{ 'operationIdentifier': 'string' }
Response Structure
(dict) --
operationIdentifier (string) --
The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.
Lists the controls enabled by AWS Control Tower on the specified organizational unit and the accounts it contains.
See also: AWS API Documentation
Request Syntax
client.list_enabled_controls( maxResults=123, nextToken='string', targetIdentifier='string' )
integer
How many results to return per API call.
string
The token to continue the list from a previous API call with the same parameters.
string
[REQUIRED]
The ARN of the organizational unit.
dict
Response Syntax
{ 'enabledControls': [ { 'controlIdentifier': 'string' }, ], 'nextToken': 'string' }
Response Structure
(dict) --
enabledControls (list) --
Lists the controls enabled by AWS Control Tower on the specified organizational unit and the accounts it contains.
(dict) --
A summary of enabled controls.
controlIdentifier (string) --
The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny guardrail.
nextToken (string) --
Retrieves the next page of results. If the string is empty, the current response is the end of the results.
This API call activates a control. It starts an asynchronous operation that creates AWS resources on the specified organizational unit and the accounts it contains. The resources created will vary according to the control that you specify.
See also: AWS API Documentation
Request Syntax
client.enable_control( controlIdentifier='string', targetIdentifier='string' )
string
[REQUIRED]
The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny guardrail.
string
[REQUIRED]
The ARN of the organizational unit.
dict
Response Syntax
{ 'operationIdentifier': 'string' }
Response Structure
(dict) --
operationIdentifier (string) --
The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.
Returns the status of a particular EnableControl or DisableControl operation. Displays a message in case of error. Details for an operation are available for 90 days.
See also: AWS API Documentation
Request Syntax
client.get_control_operation( operationIdentifier='string' )
string
[REQUIRED]
The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.
dict
Response Syntax
{ 'controlOperation': { 'endTime': datetime(2015, 1, 1), 'operationType': 'ENABLE_CONTROL'|'DISABLE_CONTROL', 'startTime': datetime(2015, 1, 1), 'status': 'SUCCEEDED'|'FAILED'|'IN_PROGRESS', 'statusMessage': 'string' } }
Response Structure
(dict) --
controlOperation (dict) --
endTime (datetime) --
The time that the operation finished.
operationType (string) --
One of ENABLE_CONTROL or DISABLE_CONTROL .
startTime (datetime) --
The time that the operation began.
status (string) --
One of IN_PROGRESS , SUCEEDED , or FAILED .
statusMessage (string) --
If the operation result is FAILED , this string contains a message explaining why the operation failed.