# Actions The following actions are supported: + [GetControl](API_GetControl.md) + [ListCommonControls](API_ListCommonControls.md) + [ListControlMappings](API_ListControlMappings.md) + [ListControls](API_ListControls.md) + [ListDomains](API_ListDomains.md) + [ListObjectives](API_ListObjectives.md) # GetControl Returns details about a specific control, most notably a list of AWS Regions where this control is supported. Input a value for the *ControlArn* parameter, in ARN form. `GetControl` accepts *controltower* or *controlcatalog* control ARNs as input. Returns a *controlcatalog* ARN format. In the API response, controls that have the value `GLOBAL` in the `Scope` field do not show the `DeployableRegions` field, because it does not apply. Controls that have the value `REGIONAL` in the `Scope` field return a value for the `DeployableRegions` field, as shown in the example. ## Request Syntax ``` POST /get-control HTTP/1.1 Content-type: application/json { "ControlArn": "string" } ``` ## URI Request Parameters The request does not use any URI parameters. ## Request Body The request accepts the following data in JSON format. ** [ControlArn](#API_GetControl_RequestSyntax) ** The Amazon Resource Name (ARN) of the control. It has one of the following formats: *Global format* `arn:{PARTITION}:controlcatalog:::control/{CONTROL_CATALOG_OPAQUE_ID}` *Or Regional format* `arn:{PARTITION}:controltower:{REGION}::control/{CONTROL_TOWER_OPAQUE_ID}` Here is a more general pattern that covers AWS Control Tower and Control Catalog ARNs: `^arn:(aws(?:[-a-z]*)?):(controlcatalog|controltower):[a-zA-Z0-9-]*::control/[0-9a-zA-Z_\\-]+$` Type: String Length Constraints: Minimum length of 34. Maximum length of 2048. Pattern: `arn:(aws(?:[-a-z]*)?):(controlcatalog|controltower):[a-zA-Z0-9-]*::control/[0-9a-zA-Z_\-]+` Required: Yes ## Response Syntax ``` HTTP/1.1 200 Content-type: application/json { "Aliases": [ "string" ], "Arn": "string", "Behavior": "string", "CreateTime": number, "Description": "string", "GovernedResources": [ "string" ], "Implementation": { "Identifier": "string", "Type": "string" }, "Name": "string", "Parameters": [ { "Name": "string" } ], "RegionConfiguration": { "DeployableRegions": [ "string" ], "Scope": "string" }, "Severity": "string" } ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in JSON format by the service. ** [Aliases](#API_GetControl_ResponseSyntax) ** A list of alternative identifiers for the control. These are human-readable designators, such as `SH.S3.1`. Several aliases can refer to the same control across different AWS services or compliance frameworks. Type: Array of strings Pattern: `[a-zA-Z0-9](?:[a-zA-Z0-9_.-]{0,254}[a-zA-Z0-9])` ** [Arn](#API_GetControl_ResponseSyntax) ** The Amazon Resource Name (ARN) of the control. Type: String Length Constraints: Minimum length of 34. Maximum length of 2048. Pattern: `arn:(aws(?:[-a-z]*)?):(controlcatalog|controltower):[a-zA-Z0-9-]*::control/[0-9a-zA-Z_\-]+` ** [Behavior](#API_GetControl_ResponseSyntax) ** A term that identifies the control's functional behavior. One of `Preventive`, `Detective`, `Proactive` Type: String Valid Values: `PREVENTIVE | PROACTIVE | DETECTIVE` ** [CreateTime](#API_GetControl_ResponseSyntax) ** A timestamp that notes the time when the control was released (start of its life) as a governance capability in AWS. Type: Timestamp ** [Description](#API_GetControl_ResponseSyntax) ** A description of what the control does. Type: String ** [GovernedResources](#API_GetControl_ResponseSyntax) ** A list of AWS resource types that are governed by this control. This information helps you understand which controls can govern certain types of resources, and conversely, which resources are affected when the control is implemented. The resources are represented as AWS CloudFormation resource types. If `GovernedResources` cannot be represented by available CloudFormation resource types, it’s returned as an empty list. Type: Array of strings Pattern: `[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}` ** [Implementation](#API_GetControl_ResponseSyntax) ** Returns information about the control, as an `ImplementationDetails` object that shows the underlying implementation type for a control. Type: [ImplementationDetails](API_ImplementationDetails.md) object ** [Name](#API_GetControl_ResponseSyntax) ** The display name of the control. Type: String ** [Parameters](#API_GetControl_ResponseSyntax) ** Returns an array of `ControlParameter` objects that specify the parameters a control supports. An empty list is returned for controls that don’t support parameters. Type: Array of [ControlParameter](API_ControlParameter.md) objects ** [RegionConfiguration](#API_GetControl_ResponseSyntax) ** Returns information about the control, including the scope of the control, if enabled, and the Regions in which the control is available for deployment. For more information about scope, see [Global services](https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html). If you are applying controls through an AWS Control Tower landing zone environment, remember that the values returned in the `RegionConfiguration` API operation are not related to the governed Regions in your landing zone. For example, if you are governing Regions `A`,`B`,and `C` while the control is available in Regions `A`, `B`, C`,` and `D`, you'd see a response with `DeployableRegions` of `A`, `B`, `C`, and `D` for a control with `REGIONAL` scope, even though you may not intend to deploy the control in Region `D`, because you do not govern it through your landing zone. Type: [RegionConfiguration](API_RegionConfiguration.md) object ** [Severity](#API_GetControl_ResponseSyntax) ** An enumerated type, with the following possible values: Type: String Valid Values: `LOW | MEDIUM | HIGH | CRITICAL` ## Errors For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md). ** AccessDeniedException ** You do not have sufficient access to perform this action. HTTP Status Code: 403 ** InternalServerException ** An internal service error occurred during the processing of your request. Try again later. HTTP Status Code: 500 ** ResourceNotFoundException ** The requested resource does not exist. HTTP Status Code: 404 ** ThrottlingException ** The request was denied due to request throttling. HTTP Status Code: 429 ** ValidationException ** The request has invalid or missing parameters. HTTP Status Code: 400 ## Examples ### Retrieve information about a control Use this operation to retrieve information about a control, including a list of Regions in which the control is available for deployment. #### Sample Request ``` aws controlcatalog get-control --control-arn arn:aws:controlcatalog:::control/4b0nsxnd47747up54ytdqesxi --region us-east-1 ``` ``` ##Alternatively, a control with regional identifier ``` #### Sample Request ``` aws controlcatalog get-control --control-arn arn:aws:controltower:us-east-1::control/YEHYWYAUIQHZ --region us-east-1 ``` #### Sample Response ``` { "Arn": "arn:aws:controlcatalog:::control/4b0nsxnd47747up54ytdqesxi", "Aliases": [ "CT.CODEBUILD.PR.3" ], "Name": "Require any AWS CodeBuild project environment to have logging configured", "Description": "This control checks whether AWS CodeBuild projects environment has at least one logging option enabled.", "Behavior": "PROACTIVE", "Severity": "MEDIUM", "RegionConfiguration": { "Scope": "REGIONAL", "DeployableRegions": [ "af-south-1", "ap-east-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-south-1", "ap-south-2", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-southeast-4", "ap-southeast-5", "ap-southeast-7", "ca-central-1", "ca-west-1", "eu-central-1", "eu-central-2", "eu-north-1", "eu-south-1", "eu-south-2", "eu-west-1", "eu-west-2", "eu-west-3", "il-central-1", "me-central-1", "me-south-1", "mx-central-1", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2" ] }, "Implementation": { "Type": "AWS::CloudFormation::Type::HOOK" }, "Parameters": [], "CreateTime": "2022-11-27T16:00:00-08:00", "GovernedResources": [ "AWS::CodeBuild::Project" ] } ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/controlcatalog-2018-05-10/GetControl) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/controlcatalog-2018-05-10/GetControl) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/controlcatalog-2018-05-10/GetControl) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/controlcatalog-2018-05-10/GetControl) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/controlcatalog-2018-05-10/GetControl) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/controlcatalog-2018-05-10/GetControl) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/controlcatalog-2018-05-10/GetControl) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/controlcatalog-2018-05-10/GetControl) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/controlcatalog-2018-05-10/GetControl) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/controlcatalog-2018-05-10/GetControl) # ListCommonControls Returns a paginated list of common controls from the AWS Control Catalog. You can apply an optional filter to see common controls that have a specific objective. If you don’t provide a filter, the operation returns all common controls. ## Request Syntax ``` POST /common-controls?maxResults=MaxResults&nextToken=NextToken HTTP/1.1 Content-type: application/json { "CommonControlFilter": { "Objectives": [ { "Arn": "string" } ] } } ``` ## URI Request Parameters The request uses the following URI parameters. ** [MaxResults](#API_ListCommonControls_RequestSyntax) ** The maximum number of results on a page or for an API request call. Valid Range: Minimum value of 1. Maximum value of 100. ** [NextToken](#API_ListCommonControls_RequestSyntax) ** The pagination token that's used to fetch the next set of results. Length Constraints: Minimum length of 0. Maximum length of 1024. ## Request Body The request accepts the following data in JSON format. ** [CommonControlFilter](#API_ListCommonControls_RequestSyntax) ** An optional filter that narrows the results to a specific objective. This filter allows you to specify one objective ARN at a time. Passing multiple ARNs in the `CommonControlFilter` isn’t supported. Type: [CommonControlFilter](API_CommonControlFilter.md) object Required: No ## Response Syntax ``` HTTP/1.1 200 Content-type: application/json { "CommonControls": [ { "Arn": "string", "CreateTime": number, "Description": "string", "Domain": { "Arn": "string", "Name": "string" }, "LastUpdateTime": number, "Name": "string", "Objective": { "Arn": "string", "Name": "string" } } ], "NextToken": "string" } ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in JSON format by the service. ** [CommonControls](#API_ListCommonControls_ResponseSyntax) ** The list of common controls that the `ListCommonControls` API returns. Type: Array of [CommonControlSummary](API_CommonControlSummary.md) objects ** [NextToken](#API_ListCommonControls_ResponseSyntax) ** The pagination token that's used to fetch the next set of results. Type: String Length Constraints: Minimum length of 0. Maximum length of 1024. ## Errors For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md). ** AccessDeniedException ** You do not have sufficient access to perform this action. HTTP Status Code: 403 ** InternalServerException ** An internal service error occurred during the processing of your request. Try again later. HTTP Status Code: 500 ** ThrottlingException ** The request was denied due to request throttling. HTTP Status Code: 429 ** ValidationException ** The request has invalid or missing parameters. HTTP Status Code: 400 ## Examples ### Filtering common controls by objective You can use the `ListCommonControls` operation to return a filtered list of common controls. For example, you can see a list of all common controls that have the objective of *Asset inventory management*. **To filter results by objective** 1. Use the `ListObjectives` operation to see the objectives that you can use as filters. 1. Find the objective that you want to use as a filter, and take note of its ARN. 1. Use the `ListCommonControls` operation and include the `ControlObjectives` parameter. For the `ARN` attribute value, specify the objective ARN from step 2. **Note** Keep in mind that you can only filter by one objective at a time. Specifying multiple objective ARNs isn’t supported. If you want to filter by more than one ARN, we recommend that you run the `ListCommonControls` operation separately for each ARN. The sample request below uses the following objective ARN as a filter: `arn:aws:controlcatalog:::objective/ad11p1961s8erra9m185wa1nn`. This ARN represents the *Asset inventory management* objective. The sample response shows the result that the `ListCommonControls` operation might return if seven common controls matched the filter criteria of *Asset inventory management*. #### Sample Request ``` { "CommonControlFilter": { "Objectives": [{ "Arn": "arn:aws:controlcatalog:::objective/ad11p1961s8erra9m185wa1nn" }] } } ``` #### Sample Response ``` { "CommonControls": [{ "Arn": "arn:aws:controlcatalog:::common-control/d4s7ik8fgv8082v3x31hifzcc", "CreateTime": 1.710288E9, "Description": "Reconcile the organization's asset inventory with other data sources, and conduct asset audits to verify the accuracy of the asset inventory.", "Domain": { "Arn": "arn:aws:controlcatalog:::domain/d4msesd9vvmzmmuvlv06m92uq", "Name": "Asset management" }, "LastUpdateTime": 1.710288E9, "Name": "Asset inventory reconciliation and audit", "Objective": { "Arn": "arn:aws:controlcatalog:::objective/ad11p1961s8erra9m185wa1nn", "Name": "Asset inventory management" } }, { "Arn": "arn:aws:controlcatalog:::common-control/1ukpmkewk4i92tjmhsvewi4y7", "CreateTime": 1.710288E9, "Description": "Maintain an asset inventory of organization authorized and existing hardware, software, and media. Where possible, utilize automated tools to facilitate the discovery and ongoing tracking of such assets.", "Domain": { "Arn": "arn:aws:controlcatalog:::domain/d4msesd9vvmzmmuvlv06m92uq", "Name": "Asset management" }, "LastUpdateTime": 1.710288E9, "Name": "Inventory of authorized assets and automated discovery", "Objective": { "Arn": "arn:aws:controlcatalog:::objective/ad11p1961s8erra9m185wa1nn", "Name": "Asset inventory management" } }, { "Arn": "arn:aws:controlcatalog:::common-control/c0qrxhefhmxkbq22tiejp3enn", "CreateTime": 1.710288E9, "Description": "Take appropriate actions to identify and resolve unauthorized assets within the network environment on a periodic and consistent basis. Appropriate actions include, but are not limited to, removing the asset from the network, quarantining the asset, or denying connectivity to the asset.", "Domain": { "Arn": "arn:aws:controlcatalog:::domain/d4msesd9vvmzmmuvlv06m92uq", "Name": "Asset management" }, "LastUpdateTime": 1.710288E9, "Name": "Unauthorized asset management", "Objective": { "Arn": "arn:aws:controlcatalog:::objective/ad11p1961s8erra9m185wa1nn", "Name": "Asset inventory management" } }, { "Arn": "arn:aws:controlcatalog:::common-control/5u2qgwuw3z1y0lrof60yf6264", "CreateTime": 1.710288E9, "Description": "Track all physical and digital assets to ensure proper use and protection. Monitor status of digital assets like systems, devices, software, applications, and data throughout their lifecycle. Use real-time location tracking for physical assets through technologies like GPS and RFID where possible.", "Domain": { "Arn": "arn:aws:controlcatalog:::domain/d4msesd9vvmzmmuvlv06m92uq", "Name": "Asset management" }, "LastUpdateTime": 1.710288E9, "Name": "Asset tracking", "Objective": { "Arn": "arn:aws:controlcatalog:::objective/ad11p1961s8erra9m185wa1nn", "Name": "Asset inventory management" } }, { "Arn": "arn:aws:controlcatalog:::common-control/1tejgq26c0djpzgskw31uscm4", "CreateTime": 1.710288E9, "Description": "Regularly analyze hardware and software assets to assess criticality, usage, value, and other key metrics. Generate comprehensive reports on the asset inventory.", "Domain": { "Arn": "arn:aws:controlcatalog:::domain/d4msesd9vvmzmmuvlv06m92uq", "Name": "Asset management" }, "LastUpdateTime": 1.710288E9, "Name": "Asset inventory analysis and reporting", "Objective": { "Arn": "arn:aws:controlcatalog:::objective/ad11p1961s8erra9m185wa1nn", "Name": "Asset inventory management" } }, { "Arn": "arn:aws:controlcatalog:::common-control/eg1hxxu2e77a7w2wv79quwaxl", "CreateTime": 1.710288E9, "Description": "Define asset owners, including who has responsibility for managing each asset.", "Domain": { "Arn": "arn:aws:controlcatalog:::domain/d4msesd9vvmzmmuvlv06m92uq", "Name": "Asset management" }, "LastUpdateTime": 1.710288E9, "Name": "Asset ownership", "Objective": { "Arn": "arn:aws:controlcatalog:::objective/ad11p1961s8erra9m185wa1nn", "Name": "Asset inventory management" } }, { "Arn": "arn:aws:controlcatalog:::common-control/ec1fxlvgtcxlf2nzremqcca7r", "CreateTime": 1.710288E9, "Description": "Track and monitor asset status, including whether they are operational, in maintenance, or out of service.", "Domain": { "Arn": "arn:aws:controlcatalog:::domain/d4msesd9vvmzmmuvlv06m92uq", "Name": "Asset management" }, "LastUpdateTime": 1.710288E9, "Name": "Asset status tracking", "Objective": { "Arn": "arn:aws:controlcatalog:::objective/ad11p1961s8erra9m185wa1nn", "Name": "Asset inventory management" } }] } ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/controlcatalog-2018-05-10/ListCommonControls) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/controlcatalog-2018-05-10/ListCommonControls) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/controlcatalog-2018-05-10/ListCommonControls) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/controlcatalog-2018-05-10/ListCommonControls) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/controlcatalog-2018-05-10/ListCommonControls) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/controlcatalog-2018-05-10/ListCommonControls) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/controlcatalog-2018-05-10/ListCommonControls) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/controlcatalog-2018-05-10/ListCommonControls) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/controlcatalog-2018-05-10/ListCommonControls) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/controlcatalog-2018-05-10/ListCommonControls) # ListControlMappings Returns a paginated list of control mappings from the Control Catalog. Control mappings show relationships between controls and other entities, such as common controls or compliance frameworks. ## Request Syntax ``` POST /list-control-mappings?maxResults=MaxResults&nextToken=NextToken HTTP/1.1 Content-type: application/json { "Filter": { "CommonControlArns": [ "string" ], "ControlArns": [ "string" ], "MappingTypes": [ "string" ] } } ``` ## URI Request Parameters The request uses the following URI parameters. ** [MaxResults](#API_ListControlMappings_RequestSyntax) ** The maximum number of results on a page or for an API request call. Valid Range: Minimum value of 1. Maximum value of 1000. ** [NextToken](#API_ListControlMappings_RequestSyntax) ** The pagination token that's used to fetch the next set of results. Length Constraints: Minimum length of 0. Maximum length of 1024. ## Request Body The request accepts the following data in JSON format. ** [Filter](#API_ListControlMappings_RequestSyntax) ** An optional filter that narrows the results to specific control mappings based on control ARNs, common control ARNs, or mapping types. Type: [ControlMappingFilter](API_ControlMappingFilter.md) object Required: No ## Response Syntax ``` HTTP/1.1 200 Content-type: application/json { "ControlMappings": [ { "ControlArn": "string", "Mapping": { ... }, "MappingType": "string" } ], "NextToken": "string" } ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in JSON format by the service. ** [ControlMappings](#API_ListControlMappings_ResponseSyntax) ** The list of control mappings that the ListControlMappings API returns. Type: Array of [ControlMapping](API_ControlMapping.md) objects ** [NextToken](#API_ListControlMappings_ResponseSyntax) ** The pagination token that's used to fetch the next set of results. Type: String Length Constraints: Minimum length of 0. Maximum length of 1024. ## Errors For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md). ** AccessDeniedException ** You do not have sufficient access to perform this action. HTTP Status Code: 403 ** InternalServerException ** An internal service error occurred during the processing of your request. Try again later. HTTP Status Code: 500 ** ThrottlingException ** The request was denied due to request throttling. HTTP Status Code: 429 ** ValidationException ** The request has invalid or missing parameters. HTTP Status Code: 400 ## Examples ### Retrieve information about control mappings Use this operation to retrieve information about a control, including common controls and compliance frameworks. #### Sample Request ``` aws controlcatalog list-control-mappings --filter "{\"ControlArns\":[\"arn:aws:controlcatalog:::control/br8o4lzgtvz3he7f8sxg76k7q\"],\"MappingTypes\": [\"FRAMEWORK\"]}" --max-results 2 --region us-east-1 ``` #### Sample Response ``` { "ControlMappings": [ { "ControlArn": "arn:aws:controlcatalog:::control/br8o4lzgtvz3he7f8sxg76k7q", "MappingType": "FRAMEWORK", "Mapping": { "Framework": { "Name": "FedRAMP-r4", "Item": "SC-7" } } }, { "ControlArn": "arn:aws:controlcatalog:::control/br8o4lzgtvz3he7f8sxg76k7q", "MappingType": "FRAMEWORK", "Mapping": { "Framework": { "Name": "ISO-IEC-27001:2013-Annex-A", "Item": "A.9.1.2" } } } ], "NextToken": "AAQA-EFRSURBSGkyaGRScGRQSmM5bnVFTUJMeFlHTHJqajdJSnFvSzkwb2ZscUR5TGs2UzNBR05BUUJZbmJjdEk2Y2tWRC9nWldjdkFBQUFmakI4QmdrcWhraUc5dzBCQndhZ2J6QnRBZ0VBTUdnR0NTcUdTSWIzRFFFSEFUQWVCZ2xnaGtnQlpRTUVBUzR3RVFRTXBmbEdBVWxERXl6R0MzUy9BZ0VRZ0R0VzNTZUlBdktBUHl5WmhnZG9zYVdhWDY4MDM0ZXd3SlYvb3ovQ09Ebmt1K0UvZWI4ZlNzV1VqMUkycG83ZEhSN3BBNmROOEF2Z1VJU0E5dz09ZqxBPRvCSvgdsbQ68I5yAK16M2Lf6p3OEiZ8zWjF41Byzd7h-r4eCDqFszhxe-Jtbl9EGekKLY06VXgEgQ==" } ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/controlcatalog-2018-05-10/ListControlMappings) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/controlcatalog-2018-05-10/ListControlMappings) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/controlcatalog-2018-05-10/ListControlMappings) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/controlcatalog-2018-05-10/ListControlMappings) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/controlcatalog-2018-05-10/ListControlMappings) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/controlcatalog-2018-05-10/ListControlMappings) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/controlcatalog-2018-05-10/ListControlMappings) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/controlcatalog-2018-05-10/ListControlMappings) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/controlcatalog-2018-05-10/ListControlMappings) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/controlcatalog-2018-05-10/ListControlMappings) # ListControls Returns a paginated list of all available controls in the Control Catalog library. Allows you to discover available controls. The list of controls is given as structures of type *controlSummary*. The ARN is returned in the global *controlcatalog* format, as shown in the examples. ## Request Syntax ``` POST /list-controls?maxResults=MaxResults&nextToken=NextToken HTTP/1.1 Content-type: application/json { "Filter": { "Implementations": { "Identifiers": [ "string" ], "Types": [ "string" ] } } } ``` ## URI Request Parameters The request uses the following URI parameters. ** [MaxResults](#API_ListControls_RequestSyntax) ** The maximum number of results on a page or for an API request call. Valid Range: Minimum value of 1. Maximum value of 100. ** [NextToken](#API_ListControls_RequestSyntax) ** The pagination token that's used to fetch the next set of results. Length Constraints: Minimum length of 0. Maximum length of 1024. ## Request Body The request accepts the following data in JSON format. ** [Filter](#API_ListControls_RequestSyntax) ** An optional filter that narrows the results to controls with specific implementation types or identifiers. If you don't provide a filter, the operation returns all available controls. Type: [ControlFilter](API_ControlFilter.md) object Required: No ## Response Syntax ``` HTTP/1.1 200 Content-type: application/json { "Controls": [ { "Aliases": [ "string" ], "Arn": "string", "Behavior": "string", "CreateTime": number, "Description": "string", "GovernedResources": [ "string" ], "Implementation": { "Identifier": "string", "Type": "string" }, "Name": "string", "Severity": "string" } ], "NextToken": "string" } ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in JSON format by the service. ** [Controls](#API_ListControls_ResponseSyntax) ** Returns a list of controls, given as structures of type *controlSummary*. Type: Array of [ControlSummary](API_ControlSummary.md) objects ** [NextToken](#API_ListControls_ResponseSyntax) ** The pagination token that's used to fetch the next set of results. Type: String Length Constraints: Minimum length of 0. Maximum length of 1024. ## Errors For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md). ** AccessDeniedException ** You do not have sufficient access to perform this action. HTTP Status Code: 403 ** InternalServerException ** An internal service error occurred during the processing of your request. Try again later. HTTP Status Code: 500 ** ThrottlingException ** The request was denied due to request throttling. HTTP Status Code: 429 ** ValidationException ** The request has invalid or missing parameters. HTTP Status Code: 400 ## Examples ### Retrieve a list of controls Use this operation to retrieve a paginated list of available controls, by Region. #### Sample Request ``` aws controlcatalog list-controls --max-result 2 --region us-east-1 ``` #### Sample Response ``` { "Controls": [ { "Arn": "arn:aws:controlcatalog:::control/m7a5gbdf08wg2o0en010mkng", "Aliases": [ "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK" ], "Name": "Checks if a recovery point expires no earlier than after the specified period", "Description": "Checks if a recovery point expires no earlier than after the specified period. The rule is NON_COMPLIANT if the recovery point has a retention point that is less than the required retention period.", "Behavior": "DETECTIVE", "Severity": "MEDIUM", "Implementation": { "Type": "AWS::Config::ConfigRule", "Identifier": "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK" }, "CreateTime": "2021-07-22T17:00:00-07:00", "GovernedResources": [] }, { "Arn": "arn:aws:controlcatalog:::control/4b0nsxnd47747up54ytdqesxi", "Aliases": [ "CT.CODEBUILD.PR.3" ], "Name": "Require any AWS CodeBuild project environment to have logging configured", "Description": "This control checks whether AWS CodeBuild projects environment has at least one logging option enabled.", "Behavior": "PROACTIVE", "Severity": "MEDIUM", "Implementation": { "Type": "AWS::CloudFormation::Type::HOOK" }, "CreateTime": "2022-11-27T16:00:00-08:00", "GovernedResources": [ "AWS::CodeBuild::Project" ] } ], "NextToken": "..." } ``` ### Retrieve a list of controls with a filter Use this operation to retrieve a paginated list of available controls, filtered by identifier and implementation type. #### Sample Request ``` aws controlcatalog list-controls --filter "{\"Implementations\":{\"Identifiers\":[\"CODEPIPELINE_DEPLOYMENT_COUNT_CHECK\"], \"Types\":[\"AWS::Config::ConfigRule\"]}}" --region us-east-1 ``` #### Sample Response ``` { "Controls": [ { "Arn": "arn:aws:controlcatalog:::control/8k65jh499ji8qa5tb3it7tdi5", "Aliases": [ "CONFIG.CODEPIPELINE.DT.1" ], "Name": "Checks if the first deployment stage of AWS CodePipeline performs more than one deployment", "Description": "Checks if the first deployment stage of AWS CodePipeline performs more than one deployment. Optionally checks if each of the subsequent remaining stages deploy to more than the specified number of deployments (deploymentLimit).", "Behavior": "DETECTIVE", "Severity": "MEDIUM", "Implementation": { "Type": "AWS::Config::ConfigRule", "Identifier": "CODEPIPELINE_DEPLOYMENT_COUNT_CHECK" }, "CreateTime": "2018-10-31T17:00:00-07:00", "GovernedResources": ["AWS::CodePipeline::Pipeline"] } ] } ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/controlcatalog-2018-05-10/ListControls) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/controlcatalog-2018-05-10/ListControls) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/controlcatalog-2018-05-10/ListControls) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/controlcatalog-2018-05-10/ListControls) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/controlcatalog-2018-05-10/ListControls) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/controlcatalog-2018-05-10/ListControls) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/controlcatalog-2018-05-10/ListControls) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/controlcatalog-2018-05-10/ListControls) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/controlcatalog-2018-05-10/ListControls) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/controlcatalog-2018-05-10/ListControls) # ListDomains Returns a paginated list of domains from the Control Catalog. ## Request Syntax ``` POST /domains?maxResults=MaxResults&nextToken=NextToken HTTP/1.1 ``` ## URI Request Parameters The request uses the following URI parameters. ** [MaxResults](#API_ListDomains_RequestSyntax) ** The maximum number of results on a page or for an API request call. Valid Range: Minimum value of 1. Maximum value of 100. ** [NextToken](#API_ListDomains_RequestSyntax) ** The pagination token that's used to fetch the next set of results. Length Constraints: Minimum length of 0. Maximum length of 1024. ## Request Body The request does not have a request body. ## Response Syntax ``` HTTP/1.1 200 Content-type: application/json { "Domains": [ { "Arn": "string", "CreateTime": number, "Description": "string", "LastUpdateTime": number, "Name": "string" } ], "NextToken": "string" } ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in JSON format by the service. ** [Domains](#API_ListDomains_ResponseSyntax) ** The list of domains that the `ListDomains` API returns. Type: Array of [DomainSummary](API_DomainSummary.md) objects ** [NextToken](#API_ListDomains_ResponseSyntax) ** The pagination token that's used to fetch the next set of results. Type: String Length Constraints: Minimum length of 0. Maximum length of 1024. ## Errors For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md). ** AccessDeniedException ** You do not have sufficient access to perform this action. HTTP Status Code: 403 ** InternalServerException ** An internal service error occurred during the processing of your request. Try again later. HTTP Status Code: 500 ** ThrottlingException ** The request was denied due to request throttling. HTTP Status Code: 429 ** ValidationException ** The request has invalid or missing parameters. HTTP Status Code: 400 ## Examples ### Returning a list of domains Use this operation to see a paginated list of all domains that are available in the Control Catalog. #### Sample Request ``` aws controlcatalog list-domains ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/controlcatalog-2018-05-10/ListDomains) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/controlcatalog-2018-05-10/ListDomains) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/controlcatalog-2018-05-10/ListDomains) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/controlcatalog-2018-05-10/ListDomains) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/controlcatalog-2018-05-10/ListDomains) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/controlcatalog-2018-05-10/ListDomains) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/controlcatalog-2018-05-10/ListDomains) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/controlcatalog-2018-05-10/ListDomains) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/controlcatalog-2018-05-10/ListDomains) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/controlcatalog-2018-05-10/ListDomains) # ListObjectives Returns a paginated list of objectives from the Control Catalog. You can apply an optional filter to see the objectives that belong to a specific domain. If you don’t provide a filter, the operation returns all objectives. ## Request Syntax ``` POST /objectives?maxResults=MaxResults&nextToken=NextToken HTTP/1.1 Content-type: application/json { "ObjectiveFilter": { "Domains": [ { "Arn": "string" } ] } } ``` ## URI Request Parameters The request uses the following URI parameters. ** [MaxResults](#API_ListObjectives_RequestSyntax) ** The maximum number of results on a page or for an API request call. Valid Range: Minimum value of 1. Maximum value of 100. ** [NextToken](#API_ListObjectives_RequestSyntax) ** The pagination token that's used to fetch the next set of results. Length Constraints: Minimum length of 0. Maximum length of 1024. ## Request Body The request accepts the following data in JSON format. ** [ObjectiveFilter](#API_ListObjectives_RequestSyntax) ** An optional filter that narrows the results to a specific domain. This filter allows you to specify one domain ARN at a time. Passing multiple ARNs in the `ObjectiveFilter` isn’t supported. Type: [ObjectiveFilter](API_ObjectiveFilter.md) object Required: No ## Response Syntax ``` HTTP/1.1 200 Content-type: application/json { "NextToken": "string", "Objectives": [ { "Arn": "string", "CreateTime": number, "Description": "string", "Domain": { "Arn": "string", "Name": "string" }, "LastUpdateTime": number, "Name": "string" } ] } ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response. The following data is returned in JSON format by the service. ** [NextToken](#API_ListObjectives_ResponseSyntax) ** The pagination token that's used to fetch the next set of results. Type: String Length Constraints: Minimum length of 0. Maximum length of 1024. ** [Objectives](#API_ListObjectives_ResponseSyntax) ** The list of objectives that the `ListObjectives` API returns. Type: Array of [ObjectiveSummary](API_ObjectiveSummary.md) objects ## Errors For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md). ** AccessDeniedException ** You do not have sufficient access to perform this action. HTTP Status Code: 403 ** InternalServerException ** An internal service error occurred during the processing of your request. Try again later. HTTP Status Code: 500 ** ThrottlingException ** The request was denied due to request throttling. HTTP Status Code: 429 ** ValidationException ** The request has invalid or missing parameters. HTTP Status Code: 400 ## Examples ### Filtering objectives by domain You can use the `ListObjectives` operation to return a filtered list of objectives. For example, you can see all of the objectives that fall under a specific domain such as *Asset management*. **To filter results by domain** 1. Use the `ListDomains` operation to see the domains that you can use as filters. 1. Find the domain that you want to use as a filter, and take note of its ARN. 1. Use the `ListObjectives` operation and include the `Domains` parameter. For the `ARN` attribute value, specify the domain ARN from step 2. **Note** Keep in mind that you can only filter by one domain at a time. Specifying multiple domain ARNs isn’t supported. If you want to filter by more than one ARN, we recommend that you run the `ListObjectives` operation separately for each ARN. The sample request below uses the following domain ARN as a filter: `arn:aws:controlcatalog:::domain/d4msesd9vvmzmmuvlv06m92uq`. This ARN represents the *Asset management* domain. The sample response shows the result that the `ListObjectives` operation might return if five objectives matched the filter criteria of *Asset management*. #### Sample Request ``` { "ObjectiveFilter": { "Domains": [{ "Arn": "arn:aws:controlcatalog:::domain/d4msesd9vvmzmmuvlv06m92uq" }] } } ``` #### Sample Response ``` { "Objectives": [{ "Arn": "arn:aws:controlcatalog:::objective/ad11p1961s8erra9m185wa1nn", "CreateTime": 1.710288E9, "Description": "This control objective focuses on maintaining an accurate and up-to-date inventory of assets, including hardware, software, and data, to protect organization investments from harm or loss.", "Domain": { "Arn": "arn:aws:controlcatalog:::domain/d4msesd9vvmzmmuvlv06m92uq", "Name": "Asset management" }, "LastUpdateTime": 1.710288E9, "Name": "Asset inventory management" }, { "Arn": "arn:aws:controlcatalog:::objective/90gifwthorhxhxq7m0rtss98u", "CreateTime": 1.710288E9, "Description": "This control objective focuses on classifying assets based on their value, sensitivity, and criticality to the organization to manage investment risk and unauthorized access to assets and information.", "Domain": { "Arn": "arn:aws:controlcatalog:::domain/d4msesd9vvmzmmuvlv06m92uq", "Name": "Asset management" }, "LastUpdateTime": 1.710288E9, "Name": "Asset classification" }, { "Arn": "arn:aws:controlcatalog:::objective/3frxxgl64u9kzttiuheywykf7", "CreateTime": 1.710288E9, "Description": "This control objective focuses on maintaining the availability and integrity of assets, including performance management, regular maintenance, and repairs to protect and extract the maximum value of the organization's IT investments.", "Domain": { "Arn": "arn:aws:controlcatalog:::domain/d4msesd9vvmzmmuvlv06m92uq", "Name": "Asset management" }, "LastUpdateTime": 1.710288E9, "Name": "Asset maintenance" }, { "Arn": "arn:aws:controlcatalog:::objective/5ve4jodybrg8wnky75fp50sbf", "CreateTime": 1.710288E9, "Description": "This control objective focuses on managing assets throughout their entire lifecycle, including acquisition, deployment, use, and retirement. This helps manage risks associated with asset costs by ensuring optimum asset productivity, performance, efficiency, and profitability.", "Domain": { "Arn": "arn:aws:controlcatalog:::domain/d4msesd9vvmzmmuvlv06m92uq", "Name": "Asset management" }, "LastUpdateTime": 1.710288E9, "Name": "Asset lifecycle management" }, { "Arn": "arn:aws:controlcatalog:::objective/ags5wgkyvwriix77zegtwhyo9", "CreateTime": 1.710288E9, "Description": "This control objective focuses on preventing asset loss, and responding to and recovering lost, stolen, or damaged assets to contribute to the organization's profitability by reducing losses.", "Domain": { "Arn": "arn:aws:controlcatalog:::domain/d4msesd9vvmzmmuvlv06m92uq", "Name": "Asset management" }, "LastUpdateTime": 1.710288E9, "Name": "Asset loss prevention, response, and recovery" }] } ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/controlcatalog-2018-05-10/ListObjectives) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/controlcatalog-2018-05-10/ListObjectives) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/controlcatalog-2018-05-10/ListObjectives) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/controlcatalog-2018-05-10/ListObjectives) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/controlcatalog-2018-05-10/ListObjectives) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/controlcatalog-2018-05-10/ListObjectives) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/controlcatalog-2018-05-10/ListObjectives) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/controlcatalog-2018-05-10/ListObjectives) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/controlcatalog-2018-05-10/ListObjectives) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/controlcatalog-2018-05-10/ListObjectives)