Weitere AWS SDK-Beispiele sind im GitHub Repo [AWS Doc SDK Examples](https://github.com/awsdocs/aws-doc-sdk-examples) verfügbar.
Die vorliegende Übersetzung wurde maschinell erstellt. Im Falle eines Konflikts oder eines Widerspruchs zwischen dieser übersetzten Fassung und der englischen Fassung (einschließlich infolge von Verzögerungen bei der Übersetzung) ist die englische Fassung maßgeblich.
# Codebeispiele für die Verwendung AWS Control Tower AWS SDKs
Die folgenden Codebeispiele zeigen Ihnen, wie Sie es AWS Control Tower mit einem AWS Software Development Kit (SDK) verwenden.
Bei *Grundlagen* handelt es sich um Codebeispiele, die Ihnen zeigen, wie Sie die wesentlichen Vorgänge innerhalb eines Services ausführen.
*Aktionen* sind Codeauszüge aus größeren Programmen und müssen im Kontext ausgeführt werden. Während Aktionen Ihnen zeigen, wie Sie einzelne Service-Funktionen aufrufen, können Sie Aktionen im Kontext der zugehörigen Szenarien anzeigen.
**Weitere -Quellen**
+ **[AWS Control Tower Benutzerhandbuch](https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html)** — Weitere Informationen zu AWS Control Tower.
+ **[AWS Control Tower API-Referenz](https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html)** — Details zu allen verfügbaren AWS Control Tower Aktionen.
+ **[AWS Developer Center](https://aws.amazon.com/developer/code-examples/?awsf.sdk-code-examples-product=product%23)** — Codebeispiele, die Sie nach Kategorie oder Volltextsuche filtern können.
+ **[AWS SDK-Beispiele](https://github.com/awsdocs/aws-doc-sdk-examples)** — GitHub Repo mit vollständigem Code in bevorzugten Sprachen. Enthält Anleitungen zum Einrichten und Ausführen des Codes.
**Contents**
+ [Grundlagen](controltower_code_examples_basics.md)
+ [Hallo AWS Control Tower](controltower_example_controltower_Hello_section.md)
+ [Kennenlernen der Grundlagen](controltower_example_controltower_Scenario_section.md)
+ [Aktionen](controltower_code_examples_actions.md)
+ [`DisableBaseline`](controltower_example_controltower_DisableBaseline_section.md)
+ [`DisableControl`](controltower_example_controltower_DisableControl_section.md)
+ [`EnableBaseline`](controltower_example_controltower_EnableBaseline_section.md)
+ [`EnableControl`](controltower_example_controltower_EnableControl_section.md)
+ [`GetBaselineOperation`](controltower_example_controltower_GetBaselineOperation_section.md)
+ [`GetControlOperation`](controltower_example_controltower_GetControlOperation_section.md)
+ [`ListBaselines`](controltower_example_controltower_ListBaselines_section.md)
+ [`ListEnabledBaselines`](controltower_example_controltower_ListEnabledBaselines_section.md)
+ [`ListEnabledControls`](controltower_example_controltower_ListEnabledControls_section.md)
+ [`ListLandingZones`](controltower_example_controltower_ListLandingZones_section.md)
+ [`ResetEnabledBaseline`](controltower_example_controltower_ResetEnabledBaseline_section.md)
# Grundlegende Beispiele für die Verwendung AWS Control Tower AWS SDKs
Die folgenden Codebeispiele zeigen, wie die Grundlagen von AWS Control Tower with verwendet AWS SDKs werden.
**Contents**
+ [Hallo AWS Control Tower](controltower_example_controltower_Hello_section.md)
+ [Kennenlernen der Grundlagen](controltower_example_controltower_Scenario_section.md)
+ [Aktionen](controltower_code_examples_actions.md)
+ [`DisableBaseline`](controltower_example_controltower_DisableBaseline_section.md)
+ [`DisableControl`](controltower_example_controltower_DisableControl_section.md)
+ [`EnableBaseline`](controltower_example_controltower_EnableBaseline_section.md)
+ [`EnableControl`](controltower_example_controltower_EnableControl_section.md)
+ [`GetBaselineOperation`](controltower_example_controltower_GetBaselineOperation_section.md)
+ [`GetControlOperation`](controltower_example_controltower_GetControlOperation_section.md)
+ [`ListBaselines`](controltower_example_controltower_ListBaselines_section.md)
+ [`ListEnabledBaselines`](controltower_example_controltower_ListEnabledBaselines_section.md)
+ [`ListEnabledControls`](controltower_example_controltower_ListEnabledControls_section.md)
+ [`ListLandingZones`](controltower_example_controltower_ListLandingZones_section.md)
+ [`ResetEnabledBaseline`](controltower_example_controltower_ResetEnabledBaseline_section.md)
# Hallo AWS Control Tower
Die folgenden Codebeispiele zeigen, wie Sie mit der Verwendung von AWS Control Tower beginnen.
------
#### [ .NET ]
**SDK für .NET (v4)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/ControlTower#code-examples) einrichten und ausführen.
```
using Amazon.ControlTower;
using Amazon.ControlTower.Model;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Logging.Console;
using Microsoft.Extensions.Logging.Debug;
using LogLevel = Microsoft.Extensions.Logging.LogLevel;
namespace ControlTowerActions;
///
/// A class that introduces the AWS Control Tower by listing the
/// available baselines for the account.
///
public class HelloControlTower
{
private static ILogger logger = null!;
static async Task Main(string[] args)
{
// Set up dependency injection for AWS Control Tower.
using var host = Host.CreateDefaultBuilder(args)
.ConfigureLogging(logging =>
logging.AddFilter("System", LogLevel.Debug)
.AddFilter("Microsoft", LogLevel.Information)
.AddFilter("Microsoft", LogLevel.Trace))
.ConfigureServices((_, services) =>
services.AddAWSService()
)
.Build();
logger = LoggerFactory.Create(builder => { builder.AddConsole(); })
.CreateLogger();
var amazonClient = host.Services.GetRequiredService();
Console.Clear();
Console.WriteLine("Hello, AWS Control Tower! Let's list available baselines:");
Console.WriteLine();
var baselines = new List();
try
{
var baselinesPaginator = amazonClient.Paginators.ListBaselines(new ListBaselinesRequest());
await foreach (var response in baselinesPaginator.Responses)
{
baselines.AddRange(response.Baselines);
}
Console.WriteLine($"{baselines.Count} baseline(s) retrieved.");
foreach (var baseline in baselines)
{
Console.WriteLine($"\t{baseline.Name}");
}
}
catch (Amazon.ControlTower.Model.AccessDeniedException)
{
Console.WriteLine("Access denied. Please ensure you have the necessary permissions.");
}
catch (Exception ex)
{
Console.WriteLine($"An error occurred: {ex.Message}");
}
}
}
```
+ Einzelheiten zur API finden Sie [ListBaselines](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/ListBaselines)in der *AWS SDK für .NET API-Referenz*.
------
#### [ Java ]
**SDK für Java 2.x**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/controltower#code-examples) einrichten und ausführen.
```
public class HelloControlTower {
public static void main(String[] args) {
try {
ControlTowerClient controlTowerClient = ControlTowerClient.builder()
.build() ;
helloControlTower(controlTowerClient);
} catch (ControlTowerException e) {
System.out.println("Control Tower error occurred: " + e.awsErrorDetails().errorMessage());
}
}
/**
* Use the AWS SDK for Java (v2) to create an AWS Control Tower client
* and list all available baselines.
* This example uses the default settings specified in your shared credentials
* and config files.
*
* @param controlTowerClient A ControlTowerClient object. This object wraps
* the low-level AWS Control Tower service API.
*/
public static void helloControlTower(ControlTowerClient controlTowerClient) {
System.out.println("Hello, AWS Control Tower! Let's list available baselines:\n");
ListBaselinesIterable paginator = controlTowerClient.listBaselinesPaginator(
ListBaselinesRequest.builder().build());
List baselineNames = new ArrayList<>();
try {
paginator.stream()
.flatMap(response -> response.baselines().stream())
.forEach(baseline -> baselineNames.add(baseline.name()));
System.out.println(baselineNames.size() + " baseline(s) retrieved.");
for (String baselineName : baselineNames) {
System.out.println("\t" + baselineName);
}
} catch (ControlTowerException e) {
if ("AccessDeniedException".equals(e.awsErrorDetails().errorCode())) {
System.out.println("Access denied. Please ensure you have the necessary permissions.");
} else {
System.out.println("An error occurred: " + e.getMessage());
}
}
}
}
```
+ Einzelheiten zur API finden Sie [ListBaselines](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/ListBaselines)in der *AWS SDK for Java 2.x API-Referenz*.
------
#### [ Python ]
**SDK für Python (Boto3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/controltower#code-examples) einrichten und ausführen.
```
import boto3
from typing import Any, List
def hello_controltower(controltower_client: Any) -> None:
"""
Use the AWS SDK for Python (Boto3) to create an AWS Control Tower client
and list all available baselines.
This example uses the default settings specified in your shared credentials
and config files.
:param controltower_client: A Boto3 AWS Control Tower Client object. This object wraps
the low-level AWS Control Tower service API.
"""
print("Hello, AWS Control Tower! Let's list available baselines:\n")
paginator = controltower_client.get_paginator("list_baselines")
page_iterator = paginator.paginate()
baseline_names: List[str] = []
try:
for page in page_iterator:
for baseline in page["baselines"]:
baseline_names.append(baseline["name"])
print(f"{len(baseline_names)} baseline(s) retrieved.")
for baseline_name in baseline_names:
print(f"\t{baseline_name}")
except controltower_client.exceptions.AccessDeniedException:
print("Access denied. Please ensure you have the necessary permissions.")
except Exception as e:
print(f"An error occurred: {str(e)}")
if __name__ == "__main__":
hello_controltower(boto3.client("controltower"))
```
+ Einzelheiten zur API finden Sie [ListBaselines](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/ListBaselines)in *AWS SDK for Python (Boto3) API* Reference.
------
# Lernen Sie die Grundlagen von AWS Control Tower mit einem SDK kennen AWS
Die folgenden Code-Beispiele veranschaulichen Folgendes:
+ Auflisten der Landing Zones
+ Listen Sie Baselines auf, aktivieren Sie sie, rufen Sie sie ab, setzen Sie sie zurück und deaktivieren Sie sie.
+ Listen Sie Steuerelemente auf, aktivieren Sie sie, rufen Sie sie ab und deaktivieren Sie sie.
------
#### [ .NET ]
**SDK für .NET (v4)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/ControlTower#code-examples) einrichten und ausführen.
Führen Sie ein interaktives Szenario durch, in dem AWS Control Tower Funktionen demonstriert werden.
```
using Amazon.ControlCatalog;
using Amazon.ControlTower;
using Amazon.ControlTower.Model;
using Amazon.Organizations;
using Amazon.Organizations.Model;
using Amazon.SecurityToken;
using Amazon.SecurityToken.Model;
using ControlTowerActions;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
namespace ControlTowerBasics;
///
/// Scenario class for AWS Control Tower basics.
///
public class ControlTowerBasics
{
public static bool isInteractive = true;
public static ILogger logger = null!;
public static IAmazonOrganizations? orgClient = null;
public static IAmazonSecurityTokenService? stsClient = null;
public static ControlTowerWrapper? wrapper = null;
private static string? ouArn;
private static bool useLandingZone = false;
///
/// Main entry point for the AWS Control Tower basics scenario.
///
/// Command line arguments.
public static async Task Main(string[] args)
{
using var host = Host.CreateDefaultBuilder(args)
.ConfigureServices((_, services) =>
services.AddAWSService()
.AddAWSService()
.AddAWSService()
.AddAWSService()
.AddTransient()
)
.Build();
logger = LoggerFactory.Create(builder => { builder.AddConsole(); })
.CreateLogger();
wrapper = host.Services.GetRequiredService();
orgClient = host.Services.GetRequiredService();
stsClient = host.Services.GetRequiredService();
await RunScenario();
}
///
/// Runs the example scenario.
///
public static async Task RunScenario()
{
Console.WriteLine(new string('-', 88));
Console.WriteLine("\tWelcome to the AWS Control Tower with ControlCatalog example scenario.");
Console.WriteLine(new string('-', 88));
Console.WriteLine("This demo will walk you through working with AWS Control Tower for landing zones,");
Console.WriteLine("managing baselines, and working with controls.");
try
{
var accountId = (await stsClient!.GetCallerIdentityAsync(new GetCallerIdentityRequest())).Account;
Console.WriteLine($"\nAccount ID: {accountId}");
Console.WriteLine("\nSome demo operations require the use of a landing zone.");
Console.WriteLine("You can use an existing landing zone or opt out of these operations in the demo.");
Console.WriteLine("For instructions on how to set up a landing zone,");
Console.WriteLine("see https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-from-console.html");
// List available landing zones
var landingZones = await wrapper!.ListLandingZonesAsync();
if (landingZones.Count > 0)
{
Console.WriteLine("\nAvailable Landing Zones:");
for (int i = 0; i < landingZones.Count; i++)
{
Console.WriteLine($"{i + 1}. {landingZones[i].Arn}");
}
Console.Write($"\nDo you want to use the first landing zone in the list ({landingZones[0].Arn})? (y/n): ");
if (GetUserConfirmation())
{
useLandingZone = true;
Console.WriteLine($"Using landing zone: {landingZones[0].Arn}");
ouArn = await SetupOrganizationAsync();
}
}
// Managing Baselines
Console.WriteLine("\nManaging Baselines:");
var baselines = await wrapper.ListBaselinesAsync();
Console.WriteLine("\nListing available Baselines:");
BaselineSummary? controlTowerBaseline = null;
foreach (var baseline in baselines)
{
if (baseline.Name == "AWSControlTowerBaseline")
controlTowerBaseline = baseline;
Console.WriteLine($" - {baseline.Name}");
}
EnabledBaselineSummary? identityCenterBaseline = null;
string? baselineArn = null;
if (useLandingZone && ouArn != null)
{
Console.WriteLine("\nListing enabled baselines:");
var enabledBaselines = await wrapper.ListEnabledBaselinesAsync();
foreach (var baseline in enabledBaselines)
{
if (baseline.BaselineIdentifier.Contains("baseline/LN25R72TTG6IGPTQ"))
identityCenterBaseline = baseline;
Console.WriteLine($" - {baseline.BaselineIdentifier}");
}
if (controlTowerBaseline != null)
{
Console.Write("\nDo you want to enable the Control Tower Baseline? (y/n): ");
if (GetUserConfirmation())
{
Console.WriteLine("\nEnabling Control Tower Baseline.");
var icBaselineArn = identityCenterBaseline?.Arn;
baselineArn = await wrapper.EnableBaselineAsync(ouArn,
controlTowerBaseline.Arn, "5.0", icBaselineArn ?? "");
var alreadyEnabled = false;
if (baselineArn != null)
{
Console.WriteLine($"Enabled baseline ARN: {baselineArn}");
}
else
{
// Find the enabled baseline
foreach (var enabled in enabledBaselines)
{
if (enabled.BaselineIdentifier == controlTowerBaseline.Arn)
{
baselineArn = enabled.Arn;
alreadyEnabled = true;
Console.WriteLine("No change, the selected baseline was already enabled.");
break;
}
}
}
if (baselineArn != null)
{
Console.Write("\nDo you want to reset the Control Tower Baseline? (y/n): ");
if (GetUserConfirmation())
{
Console.WriteLine($"\nResetting Control Tower Baseline: {baselineArn}");
var operationId = await wrapper.ResetEnabledBaselineAsync(baselineArn);
Console.WriteLine($"Reset baseline operation id: {operationId}");
}
Console.Write("\nDo you want to disable the Control Tower Baseline? (y/n): ");
if (GetUserConfirmation())
{
Console.WriteLine($"Disabling baseline ARN: {baselineArn}");
var operationId = await wrapper.DisableBaselineAsync(baselineArn);
Console.WriteLine($"Disabled baseline operation id: {operationId}");
if (alreadyEnabled)
{
Console.WriteLine($"\nRe-enabling Control Tower Baseline: {baselineArn}");
// Re-enable the Control Tower baseline if it was originally enabled.
await wrapper.EnableBaselineAsync(ouArn,
controlTowerBaseline.Arn, "5.0", icBaselineArn ?? "");
}
}
}
}
}
}
// Managing Controls
Console.WriteLine("\nManaging Controls:");
var controls = await wrapper.ListControlsAsync();
Console.WriteLine("\nListing first 5 available Controls:");
for (int i = 0; i < Math.Min(5, controls.Count); i++)
{
Console.WriteLine($"{i + 1}. {controls[i].Name} - {controls[i].Arn}");
}
if (useLandingZone && ouArn != null)
{
var enabledControls = await wrapper.ListEnabledControlsAsync(ouArn);
Console.WriteLine("\nListing enabled controls:");
for (int i = 0; i < enabledControls.Count; i++)
{
Console.WriteLine($"{i + 1}. {enabledControls[i].ControlIdentifier}");
}
// Find first non-enabled control
var enabledControlArns = enabledControls.Select(c => c.Arn).ToHashSet();
var controlArn = controls.FirstOrDefault(c => !enabledControlArns.Contains(c.Arn))?.Arn;
if (controlArn != null)
{
Console.Write($"\nDo you want to enable the control {controlArn}? (y/n): ");
if (GetUserConfirmation())
{
Console.WriteLine($"\nEnabling control: {controlArn}");
var operationId = await wrapper.EnableControlAsync(controlArn, ouArn);
if (operationId != null)
{
Console.WriteLine($"Enabled control with operation id: {operationId}");
Console.Write("\nDo you want to disable the control? (y/n): ");
if (GetUserConfirmation())
{
Console.WriteLine("\nDisabling the control...");
var disableOpId = await wrapper.DisableControlAsync(controlArn, ouArn);
Console.WriteLine($"Disable operation ID: {disableOpId}");
}
}
}
}
}
Console.WriteLine("\nThis concludes the example scenario.");
Console.WriteLine("Thanks for watching!");
Console.WriteLine(new string('-', 88));
}
catch (Exception ex)
{
logger.LogError(ex, "An error occurred during the Control Tower scenario.");
Console.WriteLine($"An error occurred: {ex.Message}");
}
}
///
/// Sets up AWS Organizations and creates or finds a Sandbox OU.
///
/// The ARN of the Sandbox organizational unit.
private static async Task SetupOrganizationAsync()
{
Console.WriteLine("\nChecking organization status...");
try
{
var orgResponse = await orgClient!.DescribeOrganizationAsync(new DescribeOrganizationRequest());
var orgId = orgResponse.Organization.Id;
Console.WriteLine($"Account is part of organization: {orgId}");
}
catch (AWSOrganizationsNotInUseException)
{
Console.WriteLine("No organization found. Creating a new organization...");
var createResponse = await orgClient!.CreateOrganizationAsync(new CreateOrganizationRequest { FeatureSet = OrganizationFeatureSet.ALL });
var orgId = createResponse.Organization.Id;
Console.WriteLine($"Created new organization: {orgId}");
}
// Look for Sandbox OU
var roots = await orgClient.ListRootsAsync(new ListRootsRequest());
var rootId = roots.Roots[0].Id;
Console.WriteLine("Checking for Sandbox OU...");
var ous = await orgClient.ListOrganizationalUnitsForParentAsync(new ListOrganizationalUnitsForParentRequest { ParentId = rootId });
var sandboxOu = ous.OrganizationalUnits.FirstOrDefault(ou => ou.Name == "Sandbox");
if (sandboxOu == null)
{
Console.WriteLine("Creating Sandbox OU...");
var createOuResponse = await orgClient.CreateOrganizationalUnitAsync(new CreateOrganizationalUnitRequest { ParentId = rootId, Name = "Sandbox" });
sandboxOu = createOuResponse.OrganizationalUnit;
Console.WriteLine($"Created new Sandbox OU: {sandboxOu.Id}");
}
else
{
Console.WriteLine($"Found existing Sandbox OU: {sandboxOu.Id}");
}
return sandboxOu.Arn;
}
///
/// Gets user confirmation by waiting for input or returning true if not interactive.
///
/// True if user enters 'y' or if isInteractive is false, otherwise false.
private static bool GetUserConfirmation()
{
return Console.ReadLine()?.ToLower() == "y" || !isInteractive;
}
}
```
Wrapper-Methoden, die vom Szenario aufgerufen werden, um Aurora-Aktionen zu verwalten.
```
using Amazon.ControlCatalog;
using Amazon.ControlCatalog.Model;
using Amazon.ControlTower;
using Amazon.ControlTower.Model;
using ValidationException = Amazon.ControlTower.Model.ValidationException;
namespace ControlTowerActions;
///
/// Methods to perform AWS Control Tower actions.
///
public class ControlTowerWrapper
{
private readonly IAmazonControlTower _controlTowerService;
private readonly IAmazonControlCatalog _controlCatalogService;
///
/// Constructor for the wrapper class containing AWS Control Tower actions.
///
/// The AWS Control Tower client object.
/// The AWS Control Catalog client object.
public ControlTowerWrapper(IAmazonControlTower controlTowerService, IAmazonControlCatalog controlCatalogService)
{
_controlTowerService = controlTowerService;
_controlCatalogService = controlCatalogService;
}
///
/// List the AWS Control Tower landing zones for an account.
///
/// A list of LandingZoneSummary objects.
public async Task> ListLandingZonesAsync()
{
try
{
var landingZones = new List();
var landingZonesPaginator = _controlTowerService.Paginators.ListLandingZones(new ListLandingZonesRequest());
await foreach (var response in landingZonesPaginator.Responses)
{
landingZones.AddRange(response.LandingZones);
}
return landingZones;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't list landing zones. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
///
/// List all baselines.
///
/// A list of baseline summaries.
public async Task> ListBaselinesAsync()
{
try
{
var baselines = new List();
var baselinesPaginator = _controlTowerService.Paginators.ListBaselines(new ListBaselinesRequest());
await foreach (var response in baselinesPaginator.Responses)
{
baselines.AddRange(response.Baselines);
}
return baselines;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't list baselines. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
///
/// List all enabled baselines.
///
/// A list of enabled baseline summaries.
public async Task> ListEnabledBaselinesAsync()
{
try
{
var enabledBaselines = new List();
var enabledBaselinesPaginator = _controlTowerService.Paginators.ListEnabledBaselines(new ListEnabledBaselinesRequest());
await foreach (var response in enabledBaselinesPaginator.Responses)
{
enabledBaselines.AddRange(response.EnabledBaselines);
}
return enabledBaselines;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't list enabled baselines. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
///
/// Enable a baseline for the specified target.
///
/// The ARN of the target.
/// The identifier of baseline to enable.
/// The version of baseline to enable.
/// The identifier of identity center baseline if it is enabled.
/// The enabled baseline ARN or null.
public async Task EnableBaselineAsync(string targetIdentifier, string baselineIdentifier, string baselineVersion, string identityCenterBaseline)
{
try
{
var parameters = new List();
if (!string.IsNullOrEmpty(identityCenterBaseline))
{
parameters.Add(
new EnabledBaselineParameter
{
Key = "IdentityCenterEnabledBaselineArn",
Value = identityCenterBaseline
});
}
var request = new EnableBaselineRequest
{
BaselineIdentifier = baselineIdentifier,
BaselineVersion = baselineVersion,
TargetIdentifier = targetIdentifier,
Parameters = parameters
};
var response = await _controlTowerService.EnableBaselineAsync(request);
var operationId = response.OperationIdentifier;
// Wait for operation to complete
while (true)
{
var status = await GetBaselineOperationAsync(operationId);
Console.WriteLine($"Baseline operation status: {status}");
if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED)
{
break;
}
await Task.Delay(30000); // Wait 30 seconds
}
return response.Arn;
}
catch (ValidationException ex)
{
if (ex.Message.Contains("already enabled"))
Console.WriteLine("Baseline is already enabled for this target");
else { Console.WriteLine(ex.Message); }
// Write the message and return null if baseline cannot be enabled.
return null;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't enable baseline. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
///
/// Disable a baseline for a specific target and wait for the operation to complete.
///
/// The identifier of the baseline to disable.
/// The operation ID or null if there was a conflict.
public async Task DisableBaselineAsync(string enabledBaselineIdentifier)
{
try
{
var request = new DisableBaselineRequest
{
EnabledBaselineIdentifier = enabledBaselineIdentifier
};
var response = await _controlTowerService.DisableBaselineAsync(request);
var operationId = response.OperationIdentifier;
// Wait for operation to complete
while (true)
{
var status = await GetBaselineOperationAsync(operationId);
Console.WriteLine($"Baseline operation status: {status}");
if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED)
{
break;
}
await Task.Delay(30000); // Wait 30 seconds
}
return operationId;
}
catch (ConflictException ex)
{
Console.WriteLine($"Conflict disabling baseline: {ex.Message}. Skipping disable step.");
return null;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't disable baseline. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
///
/// Reset an enabled baseline for a specific target.
///
/// The identifier of the enabled baseline to reset.
/// The operation ID.
public async Task ResetEnabledBaselineAsync(string enabledBaselineIdentifier)
{
try
{
var request = new ResetEnabledBaselineRequest
{
EnabledBaselineIdentifier = enabledBaselineIdentifier
};
var response = await _controlTowerService.ResetEnabledBaselineAsync(request);
var operationId = response.OperationIdentifier;
// Wait for operation to complete
while (true)
{
var status = await GetBaselineOperationAsync(operationId);
Console.WriteLine($"Baseline operation status: {status}");
if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED)
{
break;
}
await Task.Delay(30000); // Wait 30 seconds
}
return operationId;
}
catch (Amazon.ControlTower.Model.ResourceNotFoundException)
{
Console.WriteLine("Target not found, unable to reset enabled baseline.");
throw;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't reset enabled baseline. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
///
/// Get the status of a baseline operation.
///
/// The ID of the baseline operation.
/// The operation status.
public async Task GetBaselineOperationAsync(string operationId)
{
try
{
var request = new GetBaselineOperationRequest
{
OperationIdentifier = operationId
};
var response = await _controlTowerService.GetBaselineOperationAsync(request);
return response.BaselineOperation.Status;
}
catch (Amazon.ControlTower.Model.ResourceNotFoundException)
{
Console.WriteLine("Operation not found.");
throw;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't get baseline operation status. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
///
/// List enabled controls for a target organizational unit.
///
/// The target organizational unit identifier.
/// A list of enabled control summaries.
public async Task> ListEnabledControlsAsync(string targetIdentifier)
{
try
{
var request = new ListEnabledControlsRequest
{
TargetIdentifier = targetIdentifier
};
var enabledControls = new List();
var enabledControlsPaginator = _controlTowerService.Paginators.ListEnabledControls(request);
await foreach (var response in enabledControlsPaginator.Responses)
{
enabledControls.AddRange(response.EnabledControls);
}
return enabledControls;
}
catch (Amazon.ControlTower.Model.ResourceNotFoundException ex) when (ex.Message.Contains("not registered with AWS Control Tower"))
{
Console.WriteLine("AWS Control Tower must be enabled to work with enabling controls.");
return new List();
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't list enabled controls. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
///
/// Enable a control for a specified target.
///
/// The ARN of the control to enable.
/// The identifier of the target (e.g., OU ARN).
/// The operation ID or null if already enabled.
public async Task EnableControlAsync(string controlArn, string targetIdentifier)
{
try
{
Console.WriteLine(controlArn);
Console.WriteLine(targetIdentifier);
var request = new EnableControlRequest
{
ControlIdentifier = controlArn,
TargetIdentifier = targetIdentifier
};
var response = await _controlTowerService.EnableControlAsync(request);
var operationId = response.OperationIdentifier;
// Wait for operation to complete
while (true)
{
var status = await GetControlOperationAsync(operationId);
Console.WriteLine($"Control operation status: {status}");
if (status == ControlOperationStatus.SUCCEEDED || status == ControlOperationStatus.FAILED)
{
break;
}
await Task.Delay(30000); // Wait 30 seconds
}
return operationId;
}
catch (Amazon.ControlTower.Model.ValidationException ex) when (ex.Message.Contains("already enabled"))
{
Console.WriteLine("Control is already enabled for this target");
return null;
}
catch (Amazon.ControlTower.Model.ResourceNotFoundException ex) when (ex.Message.Contains("not registered with AWS Control Tower"))
{
Console.WriteLine("AWS Control Tower must be enabled to work with enabling controls.");
return null;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't enable control. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
///
/// Disable a control for a specified target.
///
/// The ARN of the control to disable.
/// The identifier of the target (e.g., OU ARN).
/// The operation ID.
public async Task DisableControlAsync(string controlArn, string targetIdentifier)
{
try
{
var request = new DisableControlRequest
{
ControlIdentifier = controlArn,
TargetIdentifier = targetIdentifier
};
var response = await _controlTowerService.DisableControlAsync(request);
var operationId = response.OperationIdentifier;
// Wait for operation to complete
while (true)
{
var status = await GetControlOperationAsync(operationId);
Console.WriteLine($"Control operation status: {status}");
if (status == ControlOperationStatus.SUCCEEDED || status == ControlOperationStatus.FAILED)
{
break;
}
await Task.Delay(30000); // Wait 30 seconds
}
return operationId;
}
catch (Amazon.ControlTower.Model.ResourceNotFoundException)
{
Console.WriteLine("Control not found.");
throw;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't disable control. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
///
/// Get the status of a control operation.
///
/// The ID of the control operation.
/// The operation status.
public async Task GetControlOperationAsync(string operationId)
{
try
{
var request = new GetControlOperationRequest
{
OperationIdentifier = operationId
};
var response = await _controlTowerService.GetControlOperationAsync(request);
return response.ControlOperation.Status;
}
catch (Amazon.ControlTower.Model.ResourceNotFoundException)
{
Console.WriteLine("Operation not found.");
throw;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't get control operation status. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
///
/// List all controls in the Control Tower control catalog.
///
/// A list of control summaries.
public async Task> ListControlsAsync()
{
try
{
var controls = new List();
var controlsPaginator = _controlCatalogService.Paginators.ListControls(new Amazon.ControlCatalog.Model.ListControlsRequest());
await foreach (var response in controlsPaginator.Responses)
{
controls.AddRange(response.Controls);
}
return controls;
}
catch (AmazonControlCatalogException ex)
{
Console.WriteLine($"Couldn't list controls. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
}
```
+ Weitere API-Informationen finden Sie in den folgenden Themen der *AWS SDK für .NET -API-Referenz*.
+ [CreateLandingZone](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/CreateLandingZone)
+ [DeleteLandingZone](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/DeleteLandingZone)
+ [DisableBaseline](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/DisableBaseline)
+ [DisableControl](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/DisableControl)
+ [EnableBaseline](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/EnableBaseline)
+ [EnableControl](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/EnableControl)
+ [GetControlOperation](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/GetControlOperation)
+ [GetLandingZoneOperation](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/GetLandingZoneOperation)
+ [ListBaselines](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/ListBaselines)
+ [ListEnabledBaselines](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/ListEnabledBaselines)
+ [ListEnabledControls](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/ListEnabledControls)
+ [ListLandingZones](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/ListLandingZones)
+ [ResetEnabledBaseline](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/ResetEnabledBaseline)
------
#### [ Java ]
**SDK für Java 2.x**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/controltower#code-examples) einrichten und ausführen.
Führen Sie ein interaktives Szenario durch, in dem AWS Control Tower Funktionen demonstriert werden.
```
public class ControlTowerScenario {
public static final String DASHES = new String(new char[80]).replace("\0", "-");
private static final Scanner scanner = new Scanner(in);
private static OrganizationsClient orgClient;
private static ControlCatalogClient catClient;
private static String ouId = null;
private static String ouArn = null;
private static String landingZoneArn = null;
private static boolean useLandingZone = false;
private String stack = null;
private String accountId = null;
public static void main(String[] args) {
System.out.println(DASHES);
System.out.println("Welcome to the AWS Control Tower basics scenario!");
System.out.println(DASHES);
try {
runScenarioAsync();
} catch (Exception e) {
e.printStackTrace();
}
}
// -----------------------------
// Utilities
// -----------------------------
private static boolean askYesNo(String msg) {
System.out.println(msg);
return scanner.nextLine().trim().toLowerCase().startsWith("y");
}
private static void runScenarioAsync() {
try {
ControlTowerActions actions = new ControlTowerActions();
// -----------------------------
// Step 1: Landing Zones
// -----------------------------
System.out.println(DASHES);
System.out.println("""
Some demo operations require the use of a landing zone.
You can use an existing landing zone or opt out of these operations in the demo.
For instructions on how to set up a landing zone,
see https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-from-console.html
""");
System.out.println("Step 1: Listing landing zones...");
waitForInputToContinue(scanner);
List landingZones =
actions.listLandingZonesAsync().join();
if (landingZones.isEmpty()) {
System.out.println("No landing zones found. Landing-zone-dependent steps will be skipped.");
useLandingZone = false;
waitForInputToContinue(scanner);
} else {
System.out.println("\nAvailable Landing Zones:");
for (int i = 0; i < landingZones.size(); i++) {
System.out.printf("%d) %s%n", i + 1, landingZones.get(i).arn());
}
if (askYesNo("Do you want to use the first landing zone in the list (" +
landingZones.get(0).arn() + ")? (y/n): ")) {
useLandingZone = true;
landingZoneArn = landingZones.get(0).arn();
} else if (askYesNo("Do you want to use a different existing Landing Zone for this demo? (y/n): ")) {
useLandingZone = true;
System.out.println("Enter landing zone ARN: ");
landingZoneArn = scanner.nextLine().trim();
} else {
System.out.println("Proceeding without a landing zone.");
useLandingZone = false;
waitForInputToContinue(scanner);
}
}
// -----------------------------
// Setup Organization + Sandbox OU
// -----------------------------
if (useLandingZone) {
System.out.println("Using landing zone ARN: " + landingZoneArn);
ControlTowerActions.OrgSetupResult result =
actions.setupOrganizationAsync().join();
ouArn = result.sandboxOuArn();
ouId = result.sandboxOuArn();
System.out.println("Organization ID: " + result.orgId());
System.out.println("Using Sandbox OU ARN: " + ouArn);
}
// -----------------------------
// Step 2: Baselines
// -----------------------------
System.out.println(DASHES);
System.out.println("Step 2: Listing available baselines...");
System.out.println("""
In this step, the program lists available AWS Control Tower baselines and may perform
baseline-related operations (enable, disable, reset) if requested.
NOTE:
AWS Control Tower enforces governance through baselines and mandatory controls
(guardrails). Mandatory controls are required for landing zone governance and may
restrict certain operations depending on the account, region, or organizational policy.
For more information, see:
- Types of baselines in AWS Control Tower:
https://docs.aws.amazon.com/controltower/latest/userguide/types-of-baselines.html
- Mandatory controls (guardrails) in AWS Control Tower:
https://docs.aws.amazon.com/controltower/latest/controlreference/mandatory-controls.html
- Baseline API examples:
https://docs.aws.amazon.com/controltower/latest/userguide/baseline-api-examples.html
""");
waitForInputToContinue(scanner);
List baselines =
actions.listBaselinesAsync().join();
BaselineSummary controlTowerBaseline = null;
for (BaselineSummary b : baselines) {
System.out.println("Baseline: " + b.name());
System.out.println(" ARN: " + b.arn());
if ("AWSControlTowerBaseline".equals(b.name())) {
controlTowerBaseline = b;
}
}
waitForInputToContinue(scanner);
if (useLandingZone && controlTowerBaseline != null) {
System.out.println("\nListing enabled baselines:");
List enabledBaselines =
actions.listEnabledBaselinesAsync().join();
String enabledBaselineArn = null;
for (EnabledBaselineSummary eb : enabledBaselines) {
System.out.println("Checking enabled baseline ARN: " + eb.arn());
if (eb.baselineIdentifier().equals(controlTowerBaseline.arn())) {
enabledBaselineArn = eb.arn(); // correct enabled ARN for this baseline
break; // stop after finding the matching one
}
}
if (enabledBaselineArn == null) {
System.out.println("No enabled baseline found for " + controlTowerBaseline.arn());
} else {
System.out.println("Selected enabled baseline ARN for reset/disable: " + enabledBaselineArn);
}
// Enable the Baseline
if (askYesNo("Do you want to enable the Control Tower Baseline? (y/n): ")) {
System.out.println("\nEnabling Control Tower Baseline...");
String baselineId = controlTowerBaseline.arn();
String enabledBaselineId =
actions.enableBaselineAsync(
ouArn, // targetIdentifier → the OU or account ARN
baselineId, // baselineIdentifier → the Control Tower baseline ARN
"5.0" // baselineVersion → version string
).join();
System.out.println("Enabled baseline operation ID: " + enabledBaselineId);
if (enabledBaselineId == null) {
enabledBaselineId = enabledBaselineArn;
}
// Reset the Baseline
if (askYesNo("Do you want to reset the Control Tower Baseline? (y/n): ")) {
String operationId =
actions.resetEnabledBaselineAsync(enabledBaselineId).join();
System.out.println("Reset baseline operation ID: " + operationId);
}
if (askYesNo("Do you want to disable the Control Tower Baseline? (y/n): ")) {
String operationId =
actions.disableBaselineAsync(enabledBaselineId).join();
System.out.println("Disabled baseline operation ID: " + operationId);
System.out.println("Now we will re‑enable the baseline and wait 1 minute before making the call...");
try {
Thread.sleep(Duration.ofMinutes(1).toMillis());
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
System.out.println("Wait interrupted");
}
String reEnabledBaselineId = actions.enableBaselineAsync(
ouArn,
baselineId, // reuse baseline definition ARN
"5.0"
).join();
System.out.println("Re-enabled baseline operation ID: " + reEnabledBaselineId);
}
}
}
// -----------------------------
// Step 3: Controls
// -----------------------------
System.out.println(DASHES);
System.out.println("Step 3: Managing Controls:");
waitForInputToContinue(scanner);
List controls =
actions.listControlsAsync().join();
System.out.println("\nListing first 5 available Controls:");
for (int i = 0; i < Math.min(5, controls.size()); i++) {
ControlSummary c = controls.get(i);
System.out.println("%d. %s - %s".formatted(i + 1, c.name(), c.arn()));
}
if (useLandingZone) {
waitForInputToContinue(scanner);
List enabledControls =
actions.listEnabledControlsAsync(ouArn).join();
System.out.println("\nListing enabled controls:");
for (int i = 0; i < enabledControls.size(); i++) {
System.out.println("%d. %s".formatted(i + 1, enabledControls.get(i).controlIdentifier()));
}
String controlArnToEnable = null;
for (ControlSummary control : controls) {
boolean enabled = enabledControls.stream()
.anyMatch(ec -> ec.controlIdentifier().equals(control.arn()));
if (!enabled) {
controlArnToEnable = control.arn();
break;
}
}
waitForInputToContinue(scanner);
if (controlArnToEnable != null &&
askYesNo("Do you want to enable the control " + controlArnToEnable + "? (y/n): ")) {
String operationId =
actions.enableControlAsync(controlArnToEnable, ouArn).join();
System.out.println("Enabled control with operation ID: " + operationId);
}
waitForInputToContinue(scanner);
if (controlArnToEnable != null &&
askYesNo("Do you want to disable the control? (y/n): ")) {
String operationId =
actions.disableControlAsync(controlArnToEnable, ouArn).join();
System.out.println("Disable operation ID: " + operationId);
}
}
System.out.println("\nThis concludes the example scenario.");
System.out.println("Thanks for watching!");
System.out.println(DASHES);
} catch (CompletionException e) {
Throwable cause = e.getCause() != null ? e.getCause() : e;
System.out.println("Scenario failed: " + cause.getMessage());
throw e; // bubble up for tests / callers
} catch (Exception e) {
System.out.println("Unexpected error running scenario: " + e.getMessage());
throw new RuntimeException(e);
}
}
private static void waitForInputToContinue(Scanner sc) {
System.out.println("\nEnter 'c' then to continue:");
while (true) {
String input = sc.nextLine();
if ("c".equalsIgnoreCase(input.trim())) {
System.out.println("Continuing...");
break;
}
}
}
}
public class ControlTowerActions {
private static ControlCatalogAsyncClient controlCatalogAsyncClient;
private static ControlTowerAsyncClient controlTowerAsyncClient;
private static OrganizationsAsyncClient orgAsyncClient;
private static OrganizationsAsyncClient getAsyncOrgClient() {
if (orgAsyncClient == null) {
SdkAsyncHttpClient httpClient = NettyNioAsyncHttpClient.builder()
.maxConcurrency(50)
.connectionTimeout(Duration.ofSeconds(60))
.readTimeout(Duration.ofSeconds(60))
.writeTimeout(Duration.ofSeconds(60))
.build();
ClientOverrideConfiguration overrideConfig = ClientOverrideConfiguration.builder()
.apiCallTimeout(Duration.ofMinutes(2))
.apiCallAttemptTimeout(Duration.ofSeconds(90))
.build();
orgAsyncClient = OrganizationsAsyncClient.builder()
.httpClient(httpClient)
.overrideConfiguration(overrideConfig)
.build();
}
return orgAsyncClient;
}
private static ControlCatalogAsyncClient getAsyncCatClient() {
if (controlCatalogAsyncClient == null) {
SdkAsyncHttpClient httpClient = NettyNioAsyncHttpClient.builder()
.maxConcurrency(100)
.connectionTimeout(Duration.ofSeconds(60))
.readTimeout(Duration.ofSeconds(60))
.writeTimeout(Duration.ofSeconds(60))
.build();
ClientOverrideConfiguration overrideConfig = ClientOverrideConfiguration.builder()
.apiCallTimeout(Duration.ofMinutes(2))
.apiCallAttemptTimeout(Duration.ofSeconds(90))
.retryStrategy(RetryMode.STANDARD)
.build();
controlCatalogAsyncClient = ControlCatalogAsyncClient.builder()
.httpClient(httpClient)
.overrideConfiguration(overrideConfig)
.build();
}
return controlCatalogAsyncClient;
}
private static ControlTowerAsyncClient getAsyncClient() {
if (controlTowerAsyncClient == null) {
SdkAsyncHttpClient httpClient =
AwsCrtAsyncHttpClient.builder()
.maxConcurrency(100)
.connectionTimeout(Duration.ofSeconds(60))
.build();
ClientOverrideConfiguration overrideConfig =
ClientOverrideConfiguration.builder()
.apiCallTimeout(Duration.ofMinutes(2))
.apiCallAttemptTimeout(Duration.ofSeconds(90))
.retryStrategy(RetryMode.STANDARD)
.build();
controlTowerAsyncClient =
ControlTowerAsyncClient.builder()
.httpClient(httpClient)
.overrideConfiguration(overrideConfig)
.build();
}
return controlTowerAsyncClient;
}
public record OrgSetupResult(String orgId, String sandboxOuArn) {
}
public CompletableFuture setupOrganizationAsync() {
System.out.println("Starting organization setup…");
OrganizationsAsyncClient client = getAsyncOrgClient();
// Step 1: Describe or create organization
CompletableFuture orgFuture = client.describeOrganization()
.thenApply(desc -> {
System.out.println("Organization exists: " + desc.organization().id());
return desc.organization();
})
.exceptionallyCompose(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof AwsServiceException awsEx &&
"AWSOrganizationsNotInUseException".equals(awsEx.awsErrorDetails().errorCode())) {
System.out.println("No organization found. Creating one…");
return client.createOrganization(CreateOrganizationRequest.builder()
.featureSet(OrganizationFeatureSet.ALL)
.build())
.thenApply(createResp -> {
System.out.println("Created organization: {}" + createResp.organization().id());
return createResp.organization();
});
}
return CompletableFuture.failedFuture(
new CompletionException("Failed to describe or create organization", cause)
);
});
// Step 2: Locate Sandbox OU
return orgFuture.thenCompose(org -> {
String orgId = org.id();
System.out.println("Organization ID: {}" + orgId);
return client.listRoots()
.thenCompose(rootsResp -> {
if (rootsResp.roots().isEmpty()) {
return CompletableFuture.failedFuture(
new RuntimeException("No root found in organization")
);
}
String rootId = rootsResp.roots().get(0).id();
ListOrganizationalUnitsForParentRequest ouRequest =
ListOrganizationalUnitsForParentRequest.builder()
.parentId(rootId)
.build();
ListOrganizationalUnitsForParentPublisher paginator =
client.listOrganizationalUnitsForParentPaginator(ouRequest);
AtomicReference sandboxOuArnRef = new AtomicReference<>();
return paginator.subscribe(page -> {
for (OrganizationalUnit ou : page.organizationalUnits()) {
if ("Sandbox".equals(ou.name())) {
sandboxOuArnRef.set(ou.arn());
System.out.println("Found Sandbox OU: " + ou.id());
break;
}
}
})
.thenApply(v -> {
String sandboxArn = sandboxOuArnRef.get();
if (sandboxArn == null) {
System.out.println("Sandbox OU not found.");
}
return new OrgSetupResult(orgId, sandboxArn);
});
});
}).exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
System.out.println("Failed to setup organization: {}" + cause.getMessage());
throw new CompletionException(cause);
});
}
/**
* Lists all landing zones using pagination to retrieve complete results.
*
* @return a list of all landing zones
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture> listLandingZonesAsync() {
System.out.println("Starting list landing zones paginator…");
ListLandingZonesRequest request = ListLandingZonesRequest.builder().build();
ListLandingZonesPublisher paginator = getAsyncClient().listLandingZonesPaginator(request);
List landingZones = new ArrayList<>();
return paginator.subscribe(response -> {
if (response.landingZones() != null && !response.landingZones().isEmpty()) {
response.landingZones().forEach(lz -> {
System.out.println("Landing zone ARN: " + lz.arn());
landingZones.add(lz);
});
} else {
System.out.println("Page contained no landing zones.");
}
})
.thenRun(() -> System.out.println("Successfully retrieved "+ landingZones.size() + " landing zones." ))
.thenApply(v -> landingZones)
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
switch (errorCode) {
case "AccessDeniedException":
throw new CompletionException(
"Access denied when listing landing zones: " + e.getMessage(), e);
default:
throw new CompletionException(
"Error listing landing zones: " + e.getMessage(), e);
}
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error listing landing zones: " + cause.getMessage(), cause);
}
throw new CompletionException("Failed to list landing zones", cause);
});
}
/**
* Lists all available baselines using pagination to retrieve complete results.
*
* @return a list of all baselines
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture> listBaselinesAsync() {
System.out.println("Starting list baselines paginator…");
ListBaselinesRequest request = ListBaselinesRequest.builder().build();
ListBaselinesPublisher paginator =
getAsyncClient().listBaselinesPaginator(request);
List baselines = new ArrayList<>();
return paginator.subscribe(response -> {
if (response.baselines() != null && !response.baselines().isEmpty()) {
response.baselines().forEach(baseline -> {
baselines.add(baseline);
});
} else {
System.out.println("Page contained no baselines.");
}
})
.thenRun(() ->
System.out.println("Successfully listed baselines. Total: " + baselines.size())
)
.thenApply(v -> baselines)
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
if ("AccessDeniedException".equals(errorCode)) {
throw new CompletionException(
"Access denied when listing baselines: %s".formatted(e.getMessage()),
e
);
}
throw new CompletionException(
"Error listing baselines: %s".formatted(e.getMessage()),
e
);
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error listing baselines: %s".formatted(cause.getMessage()),
cause
);
}
throw new CompletionException("Failed to list baselines", cause);
});
}
/**
* Lists all enabled baselines using pagination to retrieve complete results.
*
* @return a list of all enabled baselines
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture> listEnabledBaselinesAsync() {
System.out.println("Starting list enabled baselines paginator…");
ListEnabledBaselinesRequest request =
ListEnabledBaselinesRequest.builder().build();
ListEnabledBaselinesPublisher paginator =
getAsyncClient().listEnabledBaselinesPaginator(request);
List enabledBaselines = new ArrayList<>();
return paginator.subscribe(response -> {
if (response.enabledBaselines() != null
&& !response.enabledBaselines().isEmpty()) {
response.enabledBaselines().forEach(baseline -> {
enabledBaselines.add(baseline);
});
} else {
System.out.println("Page contained no enabled baselines.");
}
})
.thenRun(() ->
System.out.println(
"Successfully listed enabled baselines. Total: " +
enabledBaselines.size()
)
)
.thenApply(v -> enabledBaselines)
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
if ("AccessDeniedException".equals(errorCode)) {
throw new CompletionException(
"Access denied when listing enabled baselines: %s".formatted(e.getMessage()), e);
}
throw new CompletionException(
"Error listing enabled baselines: %s"
.formatted(e.getMessage()),
e
);
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error listing enabled baselines: %s"
.formatted(cause.getMessage()),
cause
);
}
throw new CompletionException(
"Failed to list enabled baselines",
cause
);
});
}
/**
* Asynchronously enables a baseline for the specified target if not already enabled.
*
* @param targetIdentifier The ARN of the target (OU or account).
* @param baselineIdentifier The baseline definition ARN to enable.
* @param baselineVersion The baseline version to enable.
* @return A CompletableFuture containing the enabled baseline ARN, or null if already enabled.
*/
public CompletableFuture enableBaselineAsync(
String targetIdentifier,
String baselineIdentifier,
String baselineVersion
) {
EnableBaselineRequest request = EnableBaselineRequest.builder()
.baselineIdentifier(baselineIdentifier)
.baselineVersion(baselineVersion)
.targetIdentifier(targetIdentifier)
.build();
return getAsyncClient().enableBaseline(request)
.handle((resp, exception) -> {
if (exception != null) {
Throwable cause = exception.getCause() != null ? exception.getCause() : exception;
if (cause instanceof ControlTowerException e) {
String code = e.awsErrorDetails() != null ? e.awsErrorDetails().errorCode() : "UNKNOWN";
String msg = e.awsErrorDetails() != null ? e.awsErrorDetails().errorMessage() : e.getMessage();
if ("ValidationException".equals(code) && msg.contains("already enabled")) {
System.out.println("Baseline is already enabled for this target → fetching ARN...");
return fetchEnabledBaselineArn(targetIdentifier, baselineIdentifier)
.join(); // fetch existing ARN synchronously
}
throw new RuntimeException("Error enabling baseline: " + code + " - " + msg, e);
}
throw new RuntimeException("Unexpected error enabling baseline: " + cause.getMessage(), cause);
}
return resp;
})
.thenCompose(result -> {
if (result instanceof EnableBaselineResponse resp) {
String operationId = resp.operationIdentifier();
String enabledBaselineArn = resp.arn();
System.out.println("Baseline enable started. ARN: " + enabledBaselineArn
+ ", operation ID: " + operationId);
// Inline polling
return CompletableFuture.supplyAsync(() -> {
while (true) {
GetBaselineOperationRequest opReq = GetBaselineOperationRequest.builder()
.operationIdentifier(operationId)
.build();
GetBaselineOperationResponse opResp = getAsyncClient().getBaselineOperation(opReq).join();
BaselineOperation op = opResp.baselineOperation();
BaselineOperationStatus status = op.status();
System.out.println("Operation " + operationId + " status: " + status);
if (status == BaselineOperationStatus.SUCCEEDED) {
return enabledBaselineArn;
} else if (status == BaselineOperationStatus.FAILED) {
String opId = op.operationIdentifier();
String reason = op.statusMessage() != null ? op.statusMessage() : "No failure reason provided";
throw new RuntimeException("Baseline operation failed (ID: " + opId + "), status: "
+ status + ", reason: " + reason);
}
try {
Thread.sleep(Duration.ofSeconds(15).toMillis());
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
throw new RuntimeException(e);
}
}
});
} else if (result instanceof String existingArn) {
// Already enabled branch
return CompletableFuture.completedFuture(existingArn);
}
return CompletableFuture.completedFuture(null);
});
}
/**
* Fetches the ARN of an already-enabled baseline for the target asynchronously.
*/
private CompletableFuture fetchEnabledBaselineArn(String targetIdentifier, String baselineIdentifier) {
return getAsyncClient().listEnabledBaselines(ListEnabledBaselinesRequest.builder().build())
.thenApply(listResp -> {
for (EnabledBaselineSummary eb : listResp.enabledBaselines()) {
if (baselineIdentifier.equals(eb.baselineIdentifier())
&& targetIdentifier.equals(eb.targetIdentifier())) {
return eb.arn();
}
}
return null; // not yet available
});
}
/**
* Disables a baseline for a specified target.
*
* @param enabledBaselineIdentifier the identifier of the enabled baseline to disable
* @return the operation identifier
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture disableBaselineAsync(String enabledBaselineIdentifier) {
System.out.println("Starting disable of enabled baseline…");
System.out.println("This operation will check the status every 15 seconds until it completes (SUCCEEDED or FAILED).");
DisableBaselineRequest request = DisableBaselineRequest.builder()
.enabledBaselineIdentifier(enabledBaselineIdentifier)
.build();
return getAsyncClient().disableBaseline(request)
.thenCompose(response -> {
String operationId = response.operationIdentifier();
System.out.println("Disable baseline operation ID: " + operationId);
// CompletableFuture that will be completed when operation finishes
CompletableFuture resultFuture = new CompletableFuture<>();
// Polling loop
Runnable poller = new Runnable() {
@Override
public void run() {
getBaselineOperationAsync(operationId)
.thenAccept(statusObj -> {
String status = statusObj.toString(); // Convert enum/status to string for printing
System.out.println("Current disable operation status: " + status + " → waiting for SUCCEEDED or FAILED...");
if ("SUCCEEDED".equalsIgnoreCase(status) || "FAILED".equalsIgnoreCase(status)) {
System.out.println("Disable operation finished with status: " + status);
resultFuture.complete(operationId);
} else {
// Schedule next poll in 15 seconds
CompletableFuture.delayedExecutor(15, TimeUnit.SECONDS)
.execute(this);
}
})
.exceptionally(ex -> {
System.out.println("Error checking baseline operation status: " + ex.getMessage());
resultFuture.completeExceptionally(ex);
return null;
});
}
};
// Start first poll immediately
poller.run();
return resultFuture;
})
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails() != null ? e.awsErrorDetails().errorCode() : "UNKNOWN";
String errorMessage = e.awsErrorDetails() != null ? e.awsErrorDetails().errorMessage() : e.getMessage();
System.out.println("ControlTowerException caught while disabling baseline: Code=" + errorCode + ", Message=" + errorMessage);
return null;
}
if (cause instanceof SdkException sdkEx) {
System.out.println("SDK exception caught while disabling baseline: " + sdkEx.getMessage());
return null;
}
System.out.println("Unexpected exception while disabling baseline: " + cause.getMessage());
return null;
});
}
/**
* Gets the status of a baseline operation.
*
* @param operationIdentifier the identifier of the operation
* @return the operation status
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture getBaselineOperationAsync(
String operationIdentifier) {
GetBaselineOperationRequest request = GetBaselineOperationRequest.builder()
.operationIdentifier(operationIdentifier)
.build();
return getAsyncClient().getBaselineOperation(request)
.whenComplete((response, exception) -> {
if (exception != null) {
Throwable cause = exception.getCause() != null
? exception.getCause()
: exception;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
if ("ResourceNotFoundException".equals(errorCode)) {
throw new CompletionException(
"Baseline operation not found: %s"
.formatted(e.getMessage()),
e
);
}
throw new CompletionException(
"Error getting baseline operation status: %s"
.formatted(e.getMessage()),
e
);
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error getting baseline operation status: %s"
.formatted(cause.getMessage()),
cause
);
}
throw new CompletionException(
"Failed to get baseline operation status",
cause
);
}
})
.thenApply(response -> {
BaselineOperationStatus status =
response.baselineOperation().status();
return status;
});
}
/**
* Lists all enabled controls for a specific target using pagination.
*
* @param targetIdentifier the identifier of the target (e.g., OU ARN)
* @return a list of enabled controls
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture> listEnabledControlsAsync(String targetIdentifier) {
System.out.println("Starting list enabled controls paginator for target " + targetIdentifier);
ListEnabledControlsRequest request = ListEnabledControlsRequest.builder()
.targetIdentifier(targetIdentifier)
.build();
ListEnabledControlsPublisher paginator = getAsyncClient().listEnabledControlsPaginator(request);
List enabledControls = new ArrayList<>();
// Subscribe to the paginator asynchronously
return paginator.subscribe(response -> {
if (response.enabledControls() != null && !response.enabledControls().isEmpty()) {
response.enabledControls().forEach(control -> {
enabledControls.add(control);
});
} else {
System.out.println("Page contained no enabled controls.");
}
})
.thenRun(() -> System.out.println(
"Successfully retrieved "+enabledControls.size() +" enabled controls for target "+targetIdentifier
))
.thenApply(v -> enabledControls)
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
switch (errorCode) {
case "AccessDeniedException":
throw new CompletionException(
"Access denied when listing enabled controls: %s".formatted(e.getMessage()), e);
case "ResourceNotFoundException":
if (e.getMessage() != null && e.getMessage().contains("not registered with AWS Control Tower")) {
throw new CompletionException(
"Control Tower must be enabled to work with controls", e);
}
throw new CompletionException(
"Target not found when listing enabled controls: %s".formatted(e.getMessage()), e);
default:
throw new CompletionException(
"Error listing enabled controls: %s".formatted(e.getMessage()), e);
}
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error listing enabled controls: %s".formatted(cause.getMessage()), cause);
}
throw new CompletionException("Failed to list enabled controls", cause);
});
}
/**
* Enables a control for a specified target.
*
* @param controlIdentifier the identifier of the control to enable
* @param targetIdentifier the identifier of the target (e.g., OU ARN)
* @return the operation identifier
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture enableControlAsync(
String controlIdentifier,
String targetIdentifier) {
EnableControlRequest request = EnableControlRequest.builder()
.controlIdentifier(controlIdentifier)
.targetIdentifier(targetIdentifier)
.build();
return getAsyncClient().enableControl(request)
.thenCompose(response -> {
String operationId = response.operationIdentifier();
System.out.println("Enable control operation started. Operation ID: " + operationId);
CompletableFuture resultFuture = new CompletableFuture<>();
Runnable poller = new Runnable() {
@Override
public void run() {
getControlOperationAsync(operationId)
.thenAccept(status -> {
System.out.println("Control operation status: " + status);
if (status == ControlOperationStatus.SUCCEEDED
|| status == ControlOperationStatus.FAILED) {
resultFuture.complete(operationId);
} else {
// Poll again after 30 seconds
CompletableFuture.delayedExecutor(30, TimeUnit.SECONDS)
.execute(this);
}
})
.exceptionally(ex -> {
resultFuture.completeExceptionally(ex);
return null;
});
}
};
// Start polling immediately
poller.run();
return resultFuture;
})
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
String message = e.getMessage() != null ? e.getMessage() : "";
if ("ValidationException".equals(errorCode)
&& message.contains("already enabled")) {
System.out.println("Control is already enabled for this target");
return null;
}
if ("ResourceNotFoundException".equals(errorCode)
&& message.contains("not registered with AWS Control Tower")) {
System.out.println(
"Control Tower must be enabled to work with controls.");
return null;
}
throw new CompletionException(
"Couldn't enable control: %s".formatted(message),
e
);
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error enabling control: %s"
.formatted(cause.getMessage()),
cause
);
}
throw new CompletionException(
"Failed to enable control",
cause
);
});
}
/**
* Disables a control for a specified target.
*
* @param controlIdentifier the identifier of the control to disable
* @param targetIdentifier the identifier of the target (e.g., OU ARN)
* @return the operation identifier
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture disableControlAsync(
String controlIdentifier,
String targetIdentifier) {
DisableControlRequest request = DisableControlRequest.builder()
.controlIdentifier(controlIdentifier)
.targetIdentifier(targetIdentifier)
.build();
return getAsyncClient().disableControl(request)
.thenCompose(response -> {
String operationId = response.operationIdentifier();
System.out.println("Disable control operation started. Operation ID: " + operationId);
CompletableFuture resultFuture = new CompletableFuture<>();
Runnable poller = new Runnable() {
@Override
public void run() {
getControlOperationAsync(operationId)
.thenAccept(status -> {
System.out.println("Control operation status: " + status);
if (status == ControlOperationStatus.SUCCEEDED
|| status == ControlOperationStatus.FAILED) {
resultFuture.complete(operationId);
} else {
// poll again after 30 seconds
CompletableFuture.delayedExecutor(30, TimeUnit.SECONDS)
.execute(this);
}
})
.exceptionally(ex -> {
resultFuture.completeExceptionally(ex);
return null;
});
}
};
// start polling immediately
poller.run();
return resultFuture;
})
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
if ("ResourceNotFoundException".equals(errorCode)) {
// SPEC: notify user and continue
System.out.println("Control not found for disabling: " + e.getMessage());
return null;
}
throw new CompletionException(
"Error disabling control: " + e.getMessage(), e);
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error disabling control: " + cause.getMessage(), cause);
}
throw new CompletionException(
"Failed to disable control", cause);
});
}
/**
* Gets the status of a control operation.
*
* @param operationIdentifier the identifier of the operation
* @return the operation status
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture getControlOperationAsync(
String operationIdentifier) {
GetControlOperationRequest request = GetControlOperationRequest.builder()
.operationIdentifier(operationIdentifier)
.build();
return getAsyncClient().getControlOperation(request)
.whenComplete((response, exception) -> {
if (exception != null) {
Throwable cause = exception.getCause() != null ? exception.getCause() : exception;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
if ("ResourceNotFoundException".equals(errorCode)) {
throw new CompletionException(
"Control operation not found: %s".formatted(e.getMessage()),
e
);
}
throw new CompletionException(
"Error getting control operation status: %s".formatted(e.getMessage()),
e
);
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error getting control operation status: %s".formatted(cause.getMessage()),
cause
);
}
throw new CompletionException("Failed to get control operation status", cause);
}
})
.thenApply(response -> response.controlOperation().status());
}
/**
* Lists all controls in the Control Tower control catalog.
*
* @return a list of controls
* @throws SdkException if a service-specific error occurs
*/
public CompletableFuture> listControlsAsync() {
System.out.println("Starting list controls paginator…");
ListControlsRequest request = ListControlsRequest.builder().build();
ListControlsPublisher paginator = getAsyncCatClient().listControlsPaginator(request);
List controls = new ArrayList<>();
return paginator.subscribe(response -> {
if (response.controls() != null && !response.controls().isEmpty()) {
response.controls().forEach(control -> {
controls.add(control);
});
} else {
System.out.println("Page contained no controls.");
}
})
.thenRun(() -> System.out.println("Successfully retrieved " + controls.size() +" controls."))
.thenApply(v -> controls)
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof SdkException sdkEx) {
if (sdkEx.getMessage() != null && sdkEx.getMessage().contains("AccessDeniedException")) {
throw new CompletionException(
"Access denied when listing controls. Please ensure you have the necessary permissions.",
sdkEx
);
} else {
throw new CompletionException(
"SDK error listing controls: %s".formatted(sdkEx.getMessage()),
sdkEx
);
}
}
throw new CompletionException("Failed to list controls", cause);
});
}
/**
* Resets an enabled baseline for a specific target.
*
* @param enabledBaselineIdentifier the identifier of the enabled baseline to reset
* @return the operation identifier
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture resetEnabledBaselineAsync(String enabledBaselineIdentifier) {
System.out.println("Starting reset of enabled baseline…");
System.out.println("This operation will check the status every 15 seconds until it completes (SUCCEEDED or FAILED).");
ResetEnabledBaselineRequest request = ResetEnabledBaselineRequest.builder()
.enabledBaselineIdentifier(enabledBaselineIdentifier)
.build();
return getAsyncClient().resetEnabledBaseline(request)
.thenCompose(response -> {
String operationId = response.operationIdentifier();
System.out.println("Reset enabled baseline operation ID: " + operationId);
// Polling loop
CompletableFuture resultFuture = new CompletableFuture<>();
Runnable poller = new Runnable() {
@Override
public void run() {
getBaselineOperationAsync(operationId)
.thenAccept(statusObj -> {
String status = statusObj.toString(); // Convert enum/status to string for printing
System.out.println("Current baseline operation status: " + status + " → waiting for SUCCEEDED or FAILED...");
if ("SUCCEEDED".equalsIgnoreCase(status) || "FAILED".equalsIgnoreCase(status)) {
System.out.println("Baseline operation finished with status: " + status);
resultFuture.complete(operationId);
} else {
// Schedule next poll in 15 seconds
CompletableFuture.delayedExecutor(15, TimeUnit.SECONDS)
.execute(this);
}
})
.exceptionally(ex -> {
System.out.println("Error checking baseline operation status: " + ex.getMessage());
resultFuture.completeExceptionally(ex);
return null;
});
}
};
// Start first poll immediately
poller.run();
return resultFuture;
})
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails() != null ? e.awsErrorDetails().errorCode() : "UNKNOWN";
String errorMessage = e.awsErrorDetails() != null ? e.awsErrorDetails().errorMessage() : e.getMessage();
System.out.println("ControlTowerException caught: Code=" + errorCode + ", Message=" + errorMessage);
return null;
}
if (cause instanceof SdkException sdkEx) {
System.out.println("SDK exception caught: " + sdkEx.getMessage());
return null;
}
System.out.println("Unexpected exception resetting baseline: " + cause.getMessage());
return null;
});
}
}
```
+ Weitere API-Informationen finden Sie in den folgenden Themen der *AWS SDK for Java 2.x -API-Referenz*.
+ [CreateLandingZone](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/CreateLandingZone)
+ [DeleteLandingZone](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/DeleteLandingZone)
+ [DisableBaseline](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/DisableBaseline)
+ [DisableControl](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/DisableControl)
+ [EnableBaseline](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/EnableBaseline)
+ [EnableControl](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/EnableControl)
+ [GetControlOperation](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/GetControlOperation)
+ [GetLandingZoneOperation](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/GetLandingZoneOperation)
+ [ListBaselines](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/ListBaselines)
+ [ListEnabledBaselines](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/ListEnabledBaselines)
+ [ListEnabledControls](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/ListEnabledControls)
+ [ListLandingZones](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/ListLandingZones)
+ [ResetEnabledBaseline](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/ResetEnabledBaseline)
------
#### [ Python ]
**SDK für Python (Boto3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/controltower#code-examples) einrichten und ausführen.
Führen Sie ein interaktives Szenario durch, in dem AWS Control Tower Funktionen demonstriert werden.
```
class ControlTowerScenario:
IDENTITY_CENTER_BASELINE = "baseline/LN25R72TTG6IGPTQ"
stack_name = ""
def __init__(
self, controltower_wrapper: ControlTowerWrapper, org_client: boto3.client
):
"""
:param controltower_wrapper: An instance of the ControlTowerWrapper class.
:param org_client: A Boto3 Organization client.
"""
self.controltower_wrapper = controltower_wrapper
self.org_client = org_client
self.stack = None
self.ou_id = None
self.ou_arn = None
self.account_id = None
self.landing_zone_id = None
self.use_landing_zone = False
def run_scenario(self) -> None:
print("-" * 88)
print(
"\tWelcome to the AWS Control Tower with ControlCatalog example scenario."
)
print("-" * 88)
print(
"This demo will walk you through working with AWS Control Tower for landing zones,\n"
"managing baselines, and working with controls."
)
self.account_id = boto3.client("sts").get_caller_identity()["Account"]
print(
"Some demo operations require the use of a landing zone. "
"\nYou can use an existing landing zone or opt out of these operations in the demo."
"\nFor instructions on how to set up a landing zone, "
"\nsee https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-from-console.html"
)
# List available landing zones
landing_zones = self.controltower_wrapper.list_landing_zones()
if landing_zones:
print("\nAvailable Landing Zones:")
for i, lz in enumerate(landing_zones, 1):
print(f"{i} {lz['arn']})")
# Ask if user wants to use the first landing zone in the list
if q.ask(
f"Do you want to use the first landing zone in the list ({landing_zones[0]['arn']})? (y/n) ",
q.is_yesno,
):
self.use_landing_zone = True
self.landing_zone_id = landing_zones[0]["arn"]
print(f"Using landing zone ID: {self.landing_zone_id})")
# Set up organization and get Sandbox OU ID.
sandbox_ou_id = self.setup_organization()
# Store the OU ID for use in the CloudFormation template.
self.ou_id = sandbox_ou_id
elif q.ask(
f"Do you want to use a different existing Landing Zone for this demo? (y/n) ",
q.is_yesno,
):
self.use_landing_zone = True
self.landing_zone_id = q.ask("Enter landing zone id: ", q.non_empty)
# Set up organization and get Sandbox OU ID.
sandbox_ou_id = self.setup_organization()
# Store the OU ID for use in the CloudFormation template.
self.ou_id = sandbox_ou_id
# List and Enable Baseline.
print("\nManaging Baselines:")
control_tower_baseline = None
identity_center_baseline = None
baselines = self.controltower_wrapper.list_baselines()
print("\nListing available Baselines:")
for baseline in baselines:
if baseline["name"] == "AWSControlTowerBaseline":
control_tower_baseline = baseline
print(f"{baseline['name']}")
if self.use_landing_zone:
print("\nListing enabled baselines:")
enabled_baselines = self.controltower_wrapper.list_enabled_baselines()
for baseline in enabled_baselines:
# If the Identity Center baseline is enabled, the identifier must be used for other baselines.
if self.IDENTITY_CENTER_BASELINE in baseline["baselineIdentifier"]:
identity_center_baseline = baseline
print(f"{baseline['baselineIdentifier']}")
if q.ask(
f"Do you want to enable the Control Tower Baseline? (y/n) ",
q.is_yesno,
):
print("\nEnabling Control Tower Baseline.")
ic_baseline_arn = (
identity_center_baseline["arn"]
if identity_center_baseline
else None
)
baseline_arn = self.controltower_wrapper.enable_baseline(
self.ou_arn, ic_baseline_arn, control_tower_baseline["arn"], "5.0"
)
if baseline_arn:
print(f"Enabled baseline ARN: {baseline_arn}")
else:
# Find the enabled baseline so we can reset it.
for enabled_baseline in enabled_baselines:
if (
enabled_baseline["baselineIdentifier"]
== control_tower_baseline["arn"]
):
baseline_arn = enabled_baseline["arn"]
if baseline_arn:
print("No change, the selected baseline was already enabled.")
if baseline_arn and q.ask(
f"Do you want to reset the Control Tower Baseline? (y/n) ",
q.is_yesno,
):
print(f"\nResetting Control Tower Baseline. {baseline_arn}")
operation_id = self.controltower_wrapper.reset_enabled_baseline(
baseline_arn
)
print(f"\nReset baseline operation id {operation_id}.")
if baseline_arn and q.ask(
f"Do you want to disable the Control Tower Baseline? (y/n) ",
q.is_yesno,
):
print(f"Disabling baseline ARN: {baseline_arn}")
operation_id = self.controltower_wrapper.disable_baseline(
baseline_arn
)
print(f"\nDisabled baseline operation id {operation_id}.")
# Re-enable the baseline for the next step.
print("\nEnabling Control Tower Baseline.")
self.controltower_wrapper.enable_baseline(
self.ou_arn,
ic_baseline_arn,
control_tower_baseline["arn"],
"5.0",
)
# List and Enable Controls.
print("\nManaging Controls:")
controls = self.controltower_wrapper.list_controls()
print("\nListing first 5 available Controls:")
for i, control in enumerate(controls[:5], 1):
print(f"{i}. {control['Name']} - {control['Arn']}")
if self.use_landing_zone:
target_ou = self.ou_arn
enabled_controls = self.controltower_wrapper.list_enabled_controls(
target_ou
)
print("\nListing enabled controls:")
for i, control in enumerate(enabled_controls, 1):
print(f"{i}. {control['controlIdentifier']}")
# Enable first non-enabled control as an example.
enabled_control_arns = [control["arn"] for control in enabled_controls]
control_arn = next(
control["Arn"]
for control in controls
if control["Arn"] not in enabled_control_arns
)
if control_arn and q.ask(
f"Do you want to enable the control {control_arn}? (y/n) ",
q.is_yesno,
):
print(f"\nEnabling control: {control_arn}")
operation_id = self.controltower_wrapper.enable_control(
control_arn, target_ou
)
if operation_id:
print(f"Enabled control with operation id {operation_id}")
if control_arn and q.ask(
f"Do you want to disable the control? (y/n) ",
q.is_yesno,
):
print("\nDisabling the control...")
operation_id = self.controltower_wrapper.disable_control(
control_arn, target_ou
)
print(f"Disable operation ID: {operation_id}")
print("\nThis concludes the example scenario.")
print("Thanks for watching!")
print("-" * 88)
def setup_organization(self):
"""
Checks if the current account is part of an organization and creates one if needed.
Also ensures a Sandbox OU exists and returns its ID.
:return: The ID of the Sandbox OU
"""
print("\nChecking organization status...")
try:
# Check if account is part of an organization
org_response = self.org_client.describe_organization()
org_id = org_response["Organization"]["Id"]
print(f"Account is part of organization: {org_id}")
except ClientError as error:
if error.response["Error"]["Code"] == "AWSOrganizationsNotInUseException":
print("No organization found. Creating a new organization...")
try:
create_response = self.org_client.create_organization(
FeatureSet="ALL"
)
org_id = create_response["Organization"]["Id"]
print(f"Created new organization: {org_id}")
# Wait for organization to be available.
waiter = self.org_client.get_waiter("organization_active")
waiter.wait(
Organization=org_id,
WaiterConfig={"Delay": 5, "MaxAttempts": 12},
)
except ClientError as create_error:
logger.error(
"Couldn't create organization. Here's why: %s: %s",
create_error.response["Error"]["Code"],
create_error.response["Error"]["Message"],
)
raise
else:
logger.error(
"Couldn't describe organization. Here's why: %s: %s",
error.response["Error"]["Code"],
error.response["Error"]["Message"],
)
raise
# Look for Sandbox OU.
sandbox_ou_id = None
paginator = self.org_client.get_paginator(
"list_organizational_units_for_parent"
)
try:
# Get root ID first.
roots = self.org_client.list_roots()["Roots"]
if not roots:
raise ValueError("No root found in organization")
root_id = roots[0]["Id"]
# Search for existing Sandbox OU.
print("Checking for Sandbox OU...")
for page in paginator.paginate(ParentId=root_id):
for ou in page["OrganizationalUnits"]:
if ou["Name"] == "Sandbox":
sandbox_ou_id = ou["Id"]
self.ou_arn = ou["Arn"]
print(f"Found existing Sandbox OU: {sandbox_ou_id}")
break
if sandbox_ou_id:
break
# Create Sandbox OU if it doesn't exist.
if not sandbox_ou_id:
print("Creating Sandbox OU...")
create_ou_response = self.org_client.create_organizational_unit(
ParentId=root_id, Name="Sandbox"
)
sandbox_ou_id = create_ou_response["OrganizationalUnit"]["Id"]
print(f"Created new Sandbox OU: {sandbox_ou_id}")
# Wait for OU to be available.
waiter = self.org_client.get_waiter("organizational_unit_active")
waiter.wait(
OrganizationalUnitId=sandbox_ou_id,
WaiterConfig={"Delay": 5, "MaxAttempts": 12},
)
except ClientError as error:
logger.error(
"Couldn't set up Sandbox OU. Here's why: %s: %s",
error.response["Error"]["Code"],
error.response["Error"]["Message"],
)
raise
return sandbox_ou_id
if __name__ == "__main__":
try:
org = boto3.client("organizations")
control_tower_wrapper = ControlTowerWrapper.from_client()
scenario = ControlTowerScenario(control_tower_wrapper, org)
scenario.run_scenario()
except Exception:
logging.exception("Something went wrong with the scenario.")
class ControlTowerWrapper:
"""Encapsulates AWS Control Tower and Control Catalog functionality."""
def __init__(
self, controltower_client: boto3.client, controlcatalog_client: boto3.client
):
"""
:param controltower_client: A Boto3 Amazon ControlTower client.
:param controlcatalog_client: A Boto3 Amazon ControlCatalog client.
"""
self.controltower_client = controltower_client
self.controlcatalog_client = controlcatalog_client
@classmethod
def from_client(cls):
controltower_client = boto3.client("controltower")
controlcatalog_client = boto3.client("controlcatalog")
return cls(controltower_client, controlcatalog_client)
def list_baselines(self):
"""
Lists all baselines.
:return: List of baselines.
:raises ClientError: If the listing operation fails.
"""
try:
paginator = self.controltower_client.get_paginator("list_baselines")
baselines = []
for page in paginator.paginate():
baselines.extend(page["baselines"])
return baselines
except ClientError as err:
if err.response["Error"]["Code"] == "AccessDeniedException":
logger.error(
"Access denied. Please ensure you have the necessary permissions."
)
else:
logger.error(
"Couldn't list baselines. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
def enable_baseline(
self,
target_identifier: str,
identity_center_baseline: str,
baseline_identifier: str,
baseline_version: str,
):
"""
Enables a baseline for the specified target if it's not already enabled.
:param target_identifier: The ARN of the target.
:param baseline_identifier: The identifier of baseline to enable.
:param identity_center_baseline: The identifier of identity center baseline if it is enabled.
:param baseline_version: The version of baseline to enable.
:return: The enabled baseline ARN or None if already enabled.
:raises ClientError: If enabling the baseline fails for reasons other than it being already enabled.
"""
try:
# Only include parameters if identity_center_baseline is not empty
parameters = []
if identity_center_baseline:
parameters = [
{
"key": "IdentityCenterEnabledBaselineArn",
"value": identity_center_baseline,
}
]
response = self.controltower_client.enable_baseline(
baselineIdentifier=baseline_identifier,
baselineVersion=baseline_version,
targetIdentifier=target_identifier,
parameters=parameters,
)
operation_id = response["operationIdentifier"]
while True:
status = self.get_baseline_operation(operation_id)
print(f"Baseline operation status: {status}")
if status in ["SUCCEEDED", "FAILED"]:
break
time.sleep(30)
return response["arn"]
except ClientError as err:
if err.response["Error"]["Code"] == "ValidationException":
if "already enabled" in err.response["Error"]["Message"]:
print("Baseline is already enabled for this target")
else:
print(
"Unable to enable baseline due to validation exception: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
logger.error(
"Couldn't enable baseline. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
return None
def list_controls(self):
"""
Lists all controls in the Control Tower control catalog.
:return: List of controls.
:raises ClientError: If the listing operation fails.
"""
try:
paginator = self.controlcatalog_client.get_paginator("list_controls")
controls = []
for page in paginator.paginate():
controls.extend(page["Controls"])
return controls
except ClientError as err:
if err.response["Error"]["Code"] == "AccessDeniedException":
logger.error(
"Access denied. Please ensure you have the necessary permissions."
)
else:
logger.error(
"Couldn't list controls. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
def enable_control(self, control_arn: str, target_identifier: str):
"""
Enables a control for a specified target.
:param control_arn: The ARN of the control to enable.
:param target_identifier: The identifier of the target (e.g., OU ARN).
:return: The operation ID.
:raises ClientError: If enabling the control fails.
"""
try:
print(control_arn)
print(target_identifier)
response = self.controltower_client.enable_control(
controlIdentifier=control_arn, targetIdentifier=target_identifier
)
operation_id = response["operationIdentifier"]
while True:
status = self.get_control_operation(operation_id)
print(f"Control operation status: {status}")
if status in ["SUCCEEDED", "FAILED"]:
break
time.sleep(30)
return operation_id
except ClientError as err:
if (
err.response["Error"]["Code"] == "ValidationException"
and "already enabled" in err.response["Error"]["Message"]
):
logger.info("Control is already enabled for this target")
return None
elif (
err.response["Error"]["Code"] == "ResourceNotFoundException"
and "not registered with AWS Control Tower"
in err.response["Error"]["Message"]
):
logger.error("Control Tower must be enabled to work with controls.")
return None
logger.error(
"Couldn't enable control. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
def get_control_operation(self, operation_id: str):
"""
Gets the status of a control operation.
:param operation_id: The ID of the control operation.
:return: The operation status.
:raises ClientError: If getting the operation status fails.
"""
try:
response = self.controltower_client.get_control_operation(
operationIdentifier=operation_id
)
return response["controlOperation"]["status"]
except ClientError as err:
if err.response["Error"]["Code"] == "ResourceNotFoundException":
logger.error("Operation not found.")
else:
logger.error(
"Couldn't get control operation status. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
def get_baseline_operation(self, operation_id: str):
"""
Gets the status of a baseline operation.
:param operation_id: The ID of the baseline operation.
:return: The operation status.
:raises ClientError: If getting the operation status fails.
"""
try:
response = self.controltower_client.get_baseline_operation(
operationIdentifier=operation_id
)
return response["baselineOperation"]["status"]
except ClientError as err:
if err.response["Error"]["Code"] == "ResourceNotFoundException":
logger.error("Operation not found.")
else:
logger.error(
"Couldn't get baseline operation status. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
def disable_control(self, control_arn: str, target_identifier: str):
"""
Disables a control for a specified target.
:param control_arn: The ARN of the control to disable.
:param target_identifier: The identifier of the target (e.g., OU ARN).
:return: The operation ID.
:raises ClientError: If disabling the control fails.
"""
try:
response = self.controltower_client.disable_control(
controlIdentifier=control_arn, targetIdentifier=target_identifier
)
operation_id = response["operationIdentifier"]
while True:
status = self.get_control_operation(operation_id)
print(f"Control operation status: {status}")
if status in ["SUCCEEDED", "FAILED"]:
break
time.sleep(30)
return operation_id
except ClientError as err:
if err.response["Error"]["Code"] == "ResourceNotFoundException":
logger.error("Control not found.")
else:
logger.error(
"Couldn't disable control. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
def list_landing_zones(self):
"""
Lists all landing zones.
:return: List of landing zones.
:raises ClientError: If the listing operation fails.
"""
try:
paginator = self.controltower_client.get_paginator("list_landing_zones")
landing_zones = []
for page in paginator.paginate():
landing_zones.extend(page["landingZones"])
return landing_zones
except ClientError as err:
if err.response["Error"]["Code"] == "AccessDeniedException":
logger.error(
"Access denied. Please ensure you have the necessary permissions."
)
else:
logger.error(
"Couldn't list landing zones. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
def list_enabled_baselines(self):
"""
Lists all enabled baselines.
:return: List of enabled baselines.
:raises ClientError: If the listing operation fails.
"""
try:
paginator = self.controltower_client.get_paginator("list_enabled_baselines")
enabled_baselines = []
for page in paginator.paginate():
enabled_baselines.extend(page["enabledBaselines"])
return enabled_baselines
except ClientError as err:
if err.response["Error"]["Code"] == "ResourceNotFoundException":
logger.error("Target not found.")
else:
logger.error(
"Couldn't list enabled baselines. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
def reset_enabled_baseline(self, enabled_baseline_identifier: str):
"""
Resets an enabled baseline for a specific target.
:param enabled_baseline_identifier: The identifier of the enabled baseline to reset.
:return: The operation ID.
:raises ClientError: If resetting the baseline fails.
"""
try:
response = self.controltower_client.reset_enabled_baseline(
enabledBaselineIdentifier=enabled_baseline_identifier
)
operation_id = response["operationIdentifier"]
while True:
status = self.get_baseline_operation(operation_id)
print(f"Baseline operation status: {status}")
if status in ["SUCCEEDED", "FAILED"]:
break
time.sleep(30)
return operation_id
except ClientError as err:
if err.response["Error"]["Code"] == "ResourceNotFoundException":
logger.error("Target not found.")
else:
logger.error(
"Couldn't reset enabled baseline. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
def disable_baseline(self, enabled_baseline_identifier: str):
"""
Disables a baseline for a specific target and waits for the operation to complete.
:param enabled_baseline_identifier: The identifier of the baseline to disable.
:return: The operation ID.
:raises ClientError: If disabling the baseline fails.
"""
try:
response = self.controltower_client.disable_baseline(
enabledBaselineIdentifier=enabled_baseline_identifier
)
operation_id = response["operationIdentifier"]
while True:
status = self.get_baseline_operation(operation_id)
print(f"Baseline operation status: {status}")
if status in ["SUCCEEDED", "FAILED"]:
break
time.sleep(30)
return response["operationIdentifier"]
except ClientError as err:
if err.response["Error"]["Code"] == "ConflictException":
print(
f"Conflict disabling baseline: {err.response['Error']['Message']}. Skipping disable step."
)
return None
else:
logger.error(
"Couldn't disable baseline. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
def list_enabled_controls(self, target_identifier: str):
"""
Lists all enabled controls for a specific target.
:param target_identifier: The identifier of the target (e.g., OU ARN).
:return: List of enabled controls.
:raises ClientError: If the listing operation fails.
"""
enabled_controls = []
try:
paginator = self.controltower_client.get_paginator("list_enabled_controls")
for page in paginator.paginate(targetIdentifier=target_identifier):
enabled_controls.extend(page["enabledControls"])
return enabled_controls
except ClientError as err:
if err.response["Error"]["Code"] == "AccessDeniedException":
logger.error(
"Access denied. Please ensure you have the necessary permissions."
)
return enabled_controls
elif (
err.response["Error"]["Code"] == "ResourceNotFoundException"
and "not registered with AWS Control Tower"
in err.response["Error"]["Message"]
):
logger.error("Control Tower must be enabled to work with controls.")
return enabled_controls
else:
logger.error(
"Couldn't list enabled controls. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
```
+ Weitere API-Informationen finden Sie in den folgenden Themen der *API-Referenz zum AWS SDK für Python (Boto3)*.
+ [CreateLandingZone](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/CreateLandingZone)
+ [DeleteLandingZone](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/DeleteLandingZone)
+ [DisableBaseline](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/DisableBaseline)
+ [DisableControl](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/DisableControl)
+ [EnableBaseline](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/EnableBaseline)
+ [EnableControl](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/EnableControl)
+ [GetControlOperation](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/GetControlOperation)
+ [GetLandingZoneOperation](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/GetLandingZoneOperation)
+ [ListBaselines](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/ListBaselines)
+ [ListEnabledBaselines](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/ListEnabledBaselines)
+ [ListEnabledControls](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/ListEnabledControls)
+ [ListLandingZones](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/ListLandingZones)
+ [ResetEnabledBaseline](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/ResetEnabledBaseline)
------
# Aktionen zur AWS Control Tower Verwendung AWS SDKs
Die folgenden Codebeispiele zeigen, wie Sie einzelne AWS Control Tower Aktionen mit ausführen AWS SDKs. Jedes Beispiel enthält einen Link zu GitHub, wo Sie Anweisungen zum Einrichten und Ausführen des Codes finden.
Die folgenden Beispiele enthalten nur die am häufigsten verwendeten Aktionen. Eine vollständige Liste finden Sie in der [AWS Control Tower -API-Referenz](https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html).
**Topics**
+ [`DisableBaseline`](controltower_example_controltower_DisableBaseline_section.md)
+ [`DisableControl`](controltower_example_controltower_DisableControl_section.md)
+ [`EnableBaseline`](controltower_example_controltower_EnableBaseline_section.md)
+ [`EnableControl`](controltower_example_controltower_EnableControl_section.md)
+ [`GetBaselineOperation`](controltower_example_controltower_GetBaselineOperation_section.md)
+ [`GetControlOperation`](controltower_example_controltower_GetControlOperation_section.md)
+ [`ListBaselines`](controltower_example_controltower_ListBaselines_section.md)
+ [`ListEnabledBaselines`](controltower_example_controltower_ListEnabledBaselines_section.md)
+ [`ListEnabledControls`](controltower_example_controltower_ListEnabledControls_section.md)
+ [`ListLandingZones`](controltower_example_controltower_ListLandingZones_section.md)
+ [`ResetEnabledBaseline`](controltower_example_controltower_ResetEnabledBaseline_section.md)
# Verwenden Sie es `DisableBaseline` mit einem AWS SDK
Die folgenden Code-Beispiele zeigen, wie `DisableBaseline` verwendet wird.
Beispiele für Aktionen sind Codeauszüge aus größeren Programmen und müssen im Kontext ausgeführt werden. Im folgenden Codebeispiel können Sie diese Aktion im Kontext sehen:
+ [Kennenlernen der Grundlagen](controltower_example_controltower_Scenario_section.md)
------
#### [ .NET ]
**SDK für .NET (v4)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/ControlTower#code-examples) einrichten und ausführen.
```
///
/// Disable a baseline for a specific target and wait for the operation to complete.
///
/// The identifier of the baseline to disable.
/// The operation ID or null if there was a conflict.
public async Task DisableBaselineAsync(string enabledBaselineIdentifier)
{
try
{
var request = new DisableBaselineRequest
{
EnabledBaselineIdentifier = enabledBaselineIdentifier
};
var response = await _controlTowerService.DisableBaselineAsync(request);
var operationId = response.OperationIdentifier;
// Wait for operation to complete
while (true)
{
var status = await GetBaselineOperationAsync(operationId);
Console.WriteLine($"Baseline operation status: {status}");
if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED)
{
break;
}
await Task.Delay(30000); // Wait 30 seconds
}
return operationId;
}
catch (ConflictException ex)
{
Console.WriteLine($"Conflict disabling baseline: {ex.Message}. Skipping disable step.");
return null;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't disable baseline. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
```
+ Einzelheiten zur API finden Sie [DisableBaseline](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/DisableBaseline)in der *AWS SDK für .NET API-Referenz*.
------
#### [ Java ]
**SDK für Java 2.x**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/controltower#code-examples) einrichten und ausführen.
```
/**
* Disables a baseline for a specified target.
*
* @param enabledBaselineIdentifier the identifier of the enabled baseline to disable
* @return the operation identifier
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture disableBaselineAsync(String enabledBaselineIdentifier) {
System.out.println("Starting disable of enabled baseline…");
System.out.println("This operation will check the status every 15 seconds until it completes (SUCCEEDED or FAILED).");
DisableBaselineRequest request = DisableBaselineRequest.builder()
.enabledBaselineIdentifier(enabledBaselineIdentifier)
.build();
return getAsyncClient().disableBaseline(request)
.thenCompose(response -> {
String operationId = response.operationIdentifier();
System.out.println("Disable baseline operation ID: " + operationId);
// CompletableFuture that will be completed when operation finishes
CompletableFuture resultFuture = new CompletableFuture<>();
// Polling loop
Runnable poller = new Runnable() {
@Override
public void run() {
getBaselineOperationAsync(operationId)
.thenAccept(statusObj -> {
String status = statusObj.toString(); // Convert enum/status to string for printing
System.out.println("Current disable operation status: " + status + " → waiting for SUCCEEDED or FAILED...");
if ("SUCCEEDED".equalsIgnoreCase(status) || "FAILED".equalsIgnoreCase(status)) {
System.out.println("Disable operation finished with status: " + status);
resultFuture.complete(operationId);
} else {
// Schedule next poll in 15 seconds
CompletableFuture.delayedExecutor(15, TimeUnit.SECONDS)
.execute(this);
}
})
.exceptionally(ex -> {
System.out.println("Error checking baseline operation status: " + ex.getMessage());
resultFuture.completeExceptionally(ex);
return null;
});
}
};
// Start first poll immediately
poller.run();
return resultFuture;
})
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails() != null ? e.awsErrorDetails().errorCode() : "UNKNOWN";
String errorMessage = e.awsErrorDetails() != null ? e.awsErrorDetails().errorMessage() : e.getMessage();
System.out.println("ControlTowerException caught while disabling baseline: Code=" + errorCode + ", Message=" + errorMessage);
return null;
}
if (cause instanceof SdkException sdkEx) {
System.out.println("SDK exception caught while disabling baseline: " + sdkEx.getMessage());
return null;
}
System.out.println("Unexpected exception while disabling baseline: " + cause.getMessage());
return null;
});
}
```
+ Einzelheiten zur API finden Sie [DisableBaseline](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/DisableBaseline)in der *AWS SDK for Java 2.x API-Referenz*.
------
#### [ Python ]
**SDK für Python (Boto3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/controltower#code-examples) einrichten und ausführen.
```
class ControlTowerWrapper:
"""Encapsulates AWS Control Tower and Control Catalog functionality."""
def __init__(
self, controltower_client: boto3.client, controlcatalog_client: boto3.client
):
"""
:param controltower_client: A Boto3 Amazon ControlTower client.
:param controlcatalog_client: A Boto3 Amazon ControlCatalog client.
"""
self.controltower_client = controltower_client
self.controlcatalog_client = controlcatalog_client
@classmethod
def from_client(cls):
controltower_client = boto3.client("controltower")
controlcatalog_client = boto3.client("controlcatalog")
return cls(controltower_client, controlcatalog_client)
def disable_baseline(self, enabled_baseline_identifier: str):
"""
Disables a baseline for a specific target and waits for the operation to complete.
:param enabled_baseline_identifier: The identifier of the baseline to disable.
:return: The operation ID.
:raises ClientError: If disabling the baseline fails.
"""
try:
response = self.controltower_client.disable_baseline(
enabledBaselineIdentifier=enabled_baseline_identifier
)
operation_id = response["operationIdentifier"]
while True:
status = self.get_baseline_operation(operation_id)
print(f"Baseline operation status: {status}")
if status in ["SUCCEEDED", "FAILED"]:
break
time.sleep(30)
return response["operationIdentifier"]
except ClientError as err:
if err.response["Error"]["Code"] == "ConflictException":
print(
f"Conflict disabling baseline: {err.response['Error']['Message']}. Skipping disable step."
)
return None
else:
logger.error(
"Couldn't disable baseline. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
```
+ Einzelheiten zur API finden Sie [DisableBaseline](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/DisableBaseline)in *AWS SDK for Python (Boto3) API* Reference.
------
#### [ SAP ABAP ]
**SDK für SAP ABAP**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/ctt#code-examples) einrichten und ausführen.
```
TRY.
" Disable the baseline
DATA(lo_output) = io_ctt->disablebaseline(
iv_enabledbaselineidentifier = iv_enabled_baseline_identifier
).
DATA(lv_operation_id) = lo_output->get_operationidentifier( ).
" Wait for operation to complete
DATA lv_status TYPE /aws1/cttbaselineopstatus.
DO 100 TIMES.
lv_status = get_baseline_operation(
io_ctt = io_ctt
iv_operation_id = lv_operation_id
).
DATA(lv_msg) = |Baseline operation status: { lv_status }|.
MESSAGE lv_msg TYPE 'I'.
IF lv_status = 'SUCCEEDED' OR lv_status = 'FAILED'.
EXIT.
ENDIF.
" Wait 30 seconds
WAIT UP TO 30 SECONDS.
ENDDO.
ov_operation_id = lv_operation_id.
MESSAGE 'Baseline disabled successfully.' TYPE 'I'.
CATCH /aws1/cx_cttconflictexception INTO DATA(lo_conflict).
" Log conflict but don't fail - return empty operation ID
DATA(lv_msg2) = |Conflict disabling baseline: { lo_conflict->get_text( ) }. Skipping disable step.|.
MESSAGE lv_msg2 TYPE 'I'.
CLEAR ov_operation_id.
ENDTRY.
```
+ Einzelheiten zur API finden Sie [DisableBaseline](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)in der *API-Referenz zum AWS SDK für SAP ABAP*.
------
# `DisableControl`Mit einem AWS SDK verwenden
Die folgenden Code-Beispiele zeigen, wie `DisableControl` verwendet wird.
Beispiele für Aktionen sind Codeauszüge aus größeren Programmen und müssen im Kontext ausgeführt werden. Im folgenden Codebeispiel können Sie diese Aktion im Kontext sehen:
+ [Kennenlernen der Grundlagen](controltower_example_controltower_Scenario_section.md)
------
#### [ .NET ]
**SDK für .NET (v4)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/ControlTower#code-examples) einrichten und ausführen.
```
///
/// Disable a control for a specified target.
///
/// The ARN of the control to disable.
/// The identifier of the target (e.g., OU ARN).
/// The operation ID.
public async Task DisableControlAsync(string controlArn, string targetIdentifier)
{
try
{
var request = new DisableControlRequest
{
ControlIdentifier = controlArn,
TargetIdentifier = targetIdentifier
};
var response = await _controlTowerService.DisableControlAsync(request);
var operationId = response.OperationIdentifier;
// Wait for operation to complete
while (true)
{
var status = await GetControlOperationAsync(operationId);
Console.WriteLine($"Control operation status: {status}");
if (status == ControlOperationStatus.SUCCEEDED || status == ControlOperationStatus.FAILED)
{
break;
}
await Task.Delay(30000); // Wait 30 seconds
}
return operationId;
}
catch (Amazon.ControlTower.Model.ResourceNotFoundException)
{
Console.WriteLine("Control not found.");
throw;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't disable control. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
```
+ Einzelheiten zur API finden Sie [DisableControl](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/DisableControl)in der *AWS SDK für .NET API-Referenz*.
------
#### [ Java ]
**SDK für Java 2.x**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/controltower#code-examples) einrichten und ausführen.
```
/**
* Disables a control for a specified target.
*
* @param controlIdentifier the identifier of the control to disable
* @param targetIdentifier the identifier of the target (e.g., OU ARN)
* @return the operation identifier
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture disableControlAsync(
String controlIdentifier,
String targetIdentifier) {
DisableControlRequest request = DisableControlRequest.builder()
.controlIdentifier(controlIdentifier)
.targetIdentifier(targetIdentifier)
.build();
return getAsyncClient().disableControl(request)
.thenCompose(response -> {
String operationId = response.operationIdentifier();
System.out.println("Disable control operation started. Operation ID: " + operationId);
CompletableFuture resultFuture = new CompletableFuture<>();
Runnable poller = new Runnable() {
@Override
public void run() {
getControlOperationAsync(operationId)
.thenAccept(status -> {
System.out.println("Control operation status: " + status);
if (status == ControlOperationStatus.SUCCEEDED
|| status == ControlOperationStatus.FAILED) {
resultFuture.complete(operationId);
} else {
// poll again after 30 seconds
CompletableFuture.delayedExecutor(30, TimeUnit.SECONDS)
.execute(this);
}
})
.exceptionally(ex -> {
resultFuture.completeExceptionally(ex);
return null;
});
}
};
// start polling immediately
poller.run();
return resultFuture;
})
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
if ("ResourceNotFoundException".equals(errorCode)) {
// SPEC: notify user and continue
System.out.println("Control not found for disabling: " + e.getMessage());
return null;
}
throw new CompletionException(
"Error disabling control: " + e.getMessage(), e);
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error disabling control: " + cause.getMessage(), cause);
}
throw new CompletionException(
"Failed to disable control", cause);
});
}
```
+ Einzelheiten zur API finden Sie [DisableControl](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/DisableControl)in der *AWS SDK for Java 2.x API-Referenz*.
------
#### [ Python ]
**SDK für Python (Boto3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/controltower#code-examples) einrichten und ausführen.
```
class ControlTowerWrapper:
"""Encapsulates AWS Control Tower and Control Catalog functionality."""
def __init__(
self, controltower_client: boto3.client, controlcatalog_client: boto3.client
):
"""
:param controltower_client: A Boto3 Amazon ControlTower client.
:param controlcatalog_client: A Boto3 Amazon ControlCatalog client.
"""
self.controltower_client = controltower_client
self.controlcatalog_client = controlcatalog_client
@classmethod
def from_client(cls):
controltower_client = boto3.client("controltower")
controlcatalog_client = boto3.client("controlcatalog")
return cls(controltower_client, controlcatalog_client)
def disable_control(self, control_arn: str, target_identifier: str):
"""
Disables a control for a specified target.
:param control_arn: The ARN of the control to disable.
:param target_identifier: The identifier of the target (e.g., OU ARN).
:return: The operation ID.
:raises ClientError: If disabling the control fails.
"""
try:
response = self.controltower_client.disable_control(
controlIdentifier=control_arn, targetIdentifier=target_identifier
)
operation_id = response["operationIdentifier"]
while True:
status = self.get_control_operation(operation_id)
print(f"Control operation status: {status}")
if status in ["SUCCEEDED", "FAILED"]:
break
time.sleep(30)
return operation_id
except ClientError as err:
if err.response["Error"]["Code"] == "ResourceNotFoundException":
logger.error("Control not found.")
else:
logger.error(
"Couldn't disable control. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
```
+ Einzelheiten zur API finden Sie [DisableControl](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/DisableControl)in *AWS SDK for Python (Boto3) API* Reference.
------
#### [ SAP ABAP ]
**SDK für SAP ABAP**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/ctt#code-examples) einrichten und ausführen.
```
" Disable the control
DATA(lo_output) = io_ctt->disablecontrol(
iv_controlidentifier = iv_control_arn
iv_targetidentifier = iv_target_identifier
).
DATA(lv_operation_id) = lo_output->get_operationidentifier( ).
" Wait for operation to complete
DATA lv_status TYPE /aws1/cttcontrolopstatus.
DO 100 TIMES.
lv_status = get_control_operation(
io_ctt = io_ctt
iv_operation_id = lv_operation_id
).
DATA(lv_msg) = |Control operation status: { lv_status }|.
MESSAGE lv_msg TYPE 'I'.
IF lv_status = 'SUCCEEDED' OR lv_status = 'FAILED'.
EXIT.
ENDIF.
" Wait 30 seconds
WAIT UP TO 30 SECONDS.
ENDDO.
ov_operation_id = lv_operation_id.
MESSAGE 'Control disabled successfully.' TYPE 'I'.
```
+ Einzelheiten zur API finden Sie [DisableControl](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)in der *API-Referenz zum AWS SDK für SAP ABAP*.
------
# `EnableBaseline`Mit einem AWS SDK verwenden
Die folgenden Code-Beispiele zeigen, wie `EnableBaseline` verwendet wird.
Beispiele für Aktionen sind Codeauszüge aus größeren Programmen und müssen im Kontext ausgeführt werden. Im folgenden Codebeispiel können Sie diese Aktion im Kontext sehen:
+ [Kennenlernen der Grundlagen](controltower_example_controltower_Scenario_section.md)
------
#### [ .NET ]
**SDK für .NET (v4)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/ControlTower#code-examples) einrichten und ausführen.
```
///
/// Enable a baseline for the specified target.
///
/// The ARN of the target.
/// The identifier of baseline to enable.
/// The version of baseline to enable.
/// The identifier of identity center baseline if it is enabled.
/// The enabled baseline ARN or null.
public async Task EnableBaselineAsync(string targetIdentifier, string baselineIdentifier, string baselineVersion, string identityCenterBaseline)
{
try
{
var parameters = new List();
if (!string.IsNullOrEmpty(identityCenterBaseline))
{
parameters.Add(
new EnabledBaselineParameter
{
Key = "IdentityCenterEnabledBaselineArn",
Value = identityCenterBaseline
});
}
var request = new EnableBaselineRequest
{
BaselineIdentifier = baselineIdentifier,
BaselineVersion = baselineVersion,
TargetIdentifier = targetIdentifier,
Parameters = parameters
};
var response = await _controlTowerService.EnableBaselineAsync(request);
var operationId = response.OperationIdentifier;
// Wait for operation to complete
while (true)
{
var status = await GetBaselineOperationAsync(operationId);
Console.WriteLine($"Baseline operation status: {status}");
if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED)
{
break;
}
await Task.Delay(30000); // Wait 30 seconds
}
return response.Arn;
}
catch (ValidationException ex)
{
if (ex.Message.Contains("already enabled"))
Console.WriteLine("Baseline is already enabled for this target");
else { Console.WriteLine(ex.Message); }
// Write the message and return null if baseline cannot be enabled.
return null;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't enable baseline. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
```
+ Einzelheiten zur API finden Sie [EnableBaseline](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/EnableBaseline)in der *AWS SDK für .NET API-Referenz*.
------
#### [ Java ]
**SDK für Java 2.x**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/controltower#code-examples) einrichten und ausführen.
```
/**
* Asynchronously enables a baseline for the specified target if not already enabled.
*
* @param targetIdentifier The ARN of the target (OU or account).
* @param baselineIdentifier The baseline definition ARN to enable.
* @param baselineVersion The baseline version to enable.
* @return A CompletableFuture containing the enabled baseline ARN, or null if already enabled.
*/
public CompletableFuture enableBaselineAsync(
String targetIdentifier,
String baselineIdentifier,
String baselineVersion
) {
EnableBaselineRequest request = EnableBaselineRequest.builder()
.baselineIdentifier(baselineIdentifier)
.baselineVersion(baselineVersion)
.targetIdentifier(targetIdentifier)
.build();
return getAsyncClient().enableBaseline(request)
.handle((resp, exception) -> {
if (exception != null) {
Throwable cause = exception.getCause() != null ? exception.getCause() : exception;
if (cause instanceof ControlTowerException e) {
String code = e.awsErrorDetails() != null ? e.awsErrorDetails().errorCode() : "UNKNOWN";
String msg = e.awsErrorDetails() != null ? e.awsErrorDetails().errorMessage() : e.getMessage();
if ("ValidationException".equals(code) && msg.contains("already enabled")) {
System.out.println("Baseline is already enabled for this target → fetching ARN...");
return fetchEnabledBaselineArn(targetIdentifier, baselineIdentifier)
.join(); // fetch existing ARN synchronously
}
throw new RuntimeException("Error enabling baseline: " + code + " - " + msg, e);
}
throw new RuntimeException("Unexpected error enabling baseline: " + cause.getMessage(), cause);
}
return resp;
})
.thenCompose(result -> {
if (result instanceof EnableBaselineResponse resp) {
String operationId = resp.operationIdentifier();
String enabledBaselineArn = resp.arn();
System.out.println("Baseline enable started. ARN: " + enabledBaselineArn
+ ", operation ID: " + operationId);
// Inline polling
return CompletableFuture.supplyAsync(() -> {
while (true) {
GetBaselineOperationRequest opReq = GetBaselineOperationRequest.builder()
.operationIdentifier(operationId)
.build();
GetBaselineOperationResponse opResp = getAsyncClient().getBaselineOperation(opReq).join();
BaselineOperation op = opResp.baselineOperation();
BaselineOperationStatus status = op.status();
System.out.println("Operation " + operationId + " status: " + status);
if (status == BaselineOperationStatus.SUCCEEDED) {
return enabledBaselineArn;
} else if (status == BaselineOperationStatus.FAILED) {
String opId = op.operationIdentifier();
String reason = op.statusMessage() != null ? op.statusMessage() : "No failure reason provided";
throw new RuntimeException("Baseline operation failed (ID: " + opId + "), status: "
+ status + ", reason: " + reason);
}
try {
Thread.sleep(Duration.ofSeconds(15).toMillis());
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
throw new RuntimeException(e);
}
}
});
} else if (result instanceof String existingArn) {
// Already enabled branch
return CompletableFuture.completedFuture(existingArn);
}
return CompletableFuture.completedFuture(null);
});
}
/**
* Fetches the ARN of an already-enabled baseline for the target asynchronously.
*/
private CompletableFuture fetchEnabledBaselineArn(String targetIdentifier, String baselineIdentifier) {
return getAsyncClient().listEnabledBaselines(ListEnabledBaselinesRequest.builder().build())
.thenApply(listResp -> {
for (EnabledBaselineSummary eb : listResp.enabledBaselines()) {
if (baselineIdentifier.equals(eb.baselineIdentifier())
&& targetIdentifier.equals(eb.targetIdentifier())) {
return eb.arn();
}
}
return null; // not yet available
});
}
```
+ Einzelheiten zur API finden Sie [EnableBaseline](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/EnableBaseline)in der *AWS SDK for Java 2.x API-Referenz*.
------
#### [ Python ]
**SDK für Python (Boto3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/controltower#code-examples) einrichten und ausführen.
```
class ControlTowerWrapper:
"""Encapsulates AWS Control Tower and Control Catalog functionality."""
def __init__(
self, controltower_client: boto3.client, controlcatalog_client: boto3.client
):
"""
:param controltower_client: A Boto3 Amazon ControlTower client.
:param controlcatalog_client: A Boto3 Amazon ControlCatalog client.
"""
self.controltower_client = controltower_client
self.controlcatalog_client = controlcatalog_client
@classmethod
def from_client(cls):
controltower_client = boto3.client("controltower")
controlcatalog_client = boto3.client("controlcatalog")
return cls(controltower_client, controlcatalog_client)
def enable_baseline(
self,
target_identifier: str,
identity_center_baseline: str,
baseline_identifier: str,
baseline_version: str,
):
"""
Enables a baseline for the specified target if it's not already enabled.
:param target_identifier: The ARN of the target.
:param baseline_identifier: The identifier of baseline to enable.
:param identity_center_baseline: The identifier of identity center baseline if it is enabled.
:param baseline_version: The version of baseline to enable.
:return: The enabled baseline ARN or None if already enabled.
:raises ClientError: If enabling the baseline fails for reasons other than it being already enabled.
"""
try:
# Only include parameters if identity_center_baseline is not empty
parameters = []
if identity_center_baseline:
parameters = [
{
"key": "IdentityCenterEnabledBaselineArn",
"value": identity_center_baseline,
}
]
response = self.controltower_client.enable_baseline(
baselineIdentifier=baseline_identifier,
baselineVersion=baseline_version,
targetIdentifier=target_identifier,
parameters=parameters,
)
operation_id = response["operationIdentifier"]
while True:
status = self.get_baseline_operation(operation_id)
print(f"Baseline operation status: {status}")
if status in ["SUCCEEDED", "FAILED"]:
break
time.sleep(30)
return response["arn"]
except ClientError as err:
if err.response["Error"]["Code"] == "ValidationException":
if "already enabled" in err.response["Error"]["Message"]:
print("Baseline is already enabled for this target")
else:
print(
"Unable to enable baseline due to validation exception: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
logger.error(
"Couldn't enable baseline. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
return None
```
+ Einzelheiten zur API finden Sie [EnableBaseline](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/EnableBaseline)in *AWS SDK for Python (Boto3) API* Reference.
------
#### [ SAP ABAP ]
**SDK für SAP ABAP**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/ctt#code-examples) einrichten und ausführen.
```
" Prepare parameters for enabling baseline
DATA lt_parameters TYPE /aws1/cl_cttenbdbaselineparam=>tt_enabledbaselineparameters.
" Add Identity Center baseline parameter if provided
IF iv_identity_center_baseline IS NOT INITIAL.
" Create a JSON document with the baseline ARN value
DATA(lv_json) = |\{ "IdentityCenterEnabledBaselineArn": "{ iv_identity_center_baseline }" \}|.
DATA(lo_param) = NEW /aws1/cl_cttenbdbaselineparam(
iv_key = 'IdentityCenterEnabledBaselineArn'
io_value = /aws1/cl_rt_document=>from_json_str( lv_json )
).
APPEND lo_param TO lt_parameters.
ENDIF.
" Enable the baseline
DATA(lo_output) = io_ctt->enablebaseline(
iv_baselineidentifier = iv_baseline_identifier
iv_baselineversion = iv_baseline_version
iv_targetidentifier = iv_target_identifier
it_parameters = lt_parameters
).
DATA(lv_operation_id) = lo_output->get_operationidentifier( ).
" Wait for operation to complete
DATA lv_status TYPE /aws1/cttbaselineopstatus.
DO 100 TIMES.
lv_status = get_baseline_operation(
io_ctt = io_ctt
iv_operation_id = lv_operation_id
).
DATA(lv_msg) = |Baseline operation status: { lv_status }|.
MESSAGE lv_msg TYPE 'I'.
IF lv_status = 'SUCCEEDED' OR lv_status = 'FAILED'.
EXIT.
ENDIF.
" Wait 30 seconds
WAIT UP TO 30 SECONDS.
ENDDO.
ov_enabled_baseline_arn = lo_output->get_arn( ).
MESSAGE 'Baseline enabled successfully.' TYPE 'I'.
```
+ Einzelheiten zur API finden Sie [EnableBaseline](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)in der *API-Referenz zum AWS SDK für SAP ABAP*.
------
# `EnableControl`Mit einem AWS SDK verwenden
Die folgenden Code-Beispiele zeigen, wie `EnableControl` verwendet wird.
Beispiele für Aktionen sind Codeauszüge aus größeren Programmen und müssen im Kontext ausgeführt werden. Im folgenden Codebeispiel können Sie diese Aktion im Kontext sehen:
+ [Kennenlernen der Grundlagen](controltower_example_controltower_Scenario_section.md)
------
#### [ .NET ]
**SDK für .NET (v4)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/ControlTower#code-examples) einrichten und ausführen.
```
///
/// Enable a control for a specified target.
///
/// The ARN of the control to enable.
/// The identifier of the target (e.g., OU ARN).
/// The operation ID or null if already enabled.
public async Task EnableControlAsync(string controlArn, string targetIdentifier)
{
try
{
Console.WriteLine(controlArn);
Console.WriteLine(targetIdentifier);
var request = new EnableControlRequest
{
ControlIdentifier = controlArn,
TargetIdentifier = targetIdentifier
};
var response = await _controlTowerService.EnableControlAsync(request);
var operationId = response.OperationIdentifier;
// Wait for operation to complete
while (true)
{
var status = await GetControlOperationAsync(operationId);
Console.WriteLine($"Control operation status: {status}");
if (status == ControlOperationStatus.SUCCEEDED || status == ControlOperationStatus.FAILED)
{
break;
}
await Task.Delay(30000); // Wait 30 seconds
}
return operationId;
}
catch (Amazon.ControlTower.Model.ValidationException ex) when (ex.Message.Contains("already enabled"))
{
Console.WriteLine("Control is already enabled for this target");
return null;
}
catch (Amazon.ControlTower.Model.ResourceNotFoundException ex) when (ex.Message.Contains("not registered with AWS Control Tower"))
{
Console.WriteLine("AWS Control Tower must be enabled to work with enabling controls.");
return null;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't enable control. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
```
+ Einzelheiten zur API finden Sie [EnableControl](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/EnableControl)in der *AWS SDK für .NET API-Referenz*.
------
#### [ Java ]
**SDK für Java 2.x**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/controltower#code-examples) einrichten und ausführen.
```
/**
* Enables a control for a specified target.
*
* @param controlIdentifier the identifier of the control to enable
* @param targetIdentifier the identifier of the target (e.g., OU ARN)
* @return the operation identifier
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture enableControlAsync(
String controlIdentifier,
String targetIdentifier) {
EnableControlRequest request = EnableControlRequest.builder()
.controlIdentifier(controlIdentifier)
.targetIdentifier(targetIdentifier)
.build();
return getAsyncClient().enableControl(request)
.thenCompose(response -> {
String operationId = response.operationIdentifier();
System.out.println("Enable control operation started. Operation ID: " + operationId);
CompletableFuture resultFuture = new CompletableFuture<>();
Runnable poller = new Runnable() {
@Override
public void run() {
getControlOperationAsync(operationId)
.thenAccept(status -> {
System.out.println("Control operation status: " + status);
if (status == ControlOperationStatus.SUCCEEDED
|| status == ControlOperationStatus.FAILED) {
resultFuture.complete(operationId);
} else {
// Poll again after 30 seconds
CompletableFuture.delayedExecutor(30, TimeUnit.SECONDS)
.execute(this);
}
})
.exceptionally(ex -> {
resultFuture.completeExceptionally(ex);
return null;
});
}
};
// Start polling immediately
poller.run();
return resultFuture;
})
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
String message = e.getMessage() != null ? e.getMessage() : "";
if ("ValidationException".equals(errorCode)
&& message.contains("already enabled")) {
System.out.println("Control is already enabled for this target");
return null;
}
if ("ResourceNotFoundException".equals(errorCode)
&& message.contains("not registered with AWS Control Tower")) {
System.out.println(
"Control Tower must be enabled to work with controls.");
return null;
}
throw new CompletionException(
"Couldn't enable control: %s".formatted(message),
e
);
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error enabling control: %s"
.formatted(cause.getMessage()),
cause
);
}
throw new CompletionException(
"Failed to enable control",
cause
);
});
}
```
+ Einzelheiten zur API finden Sie [EnableControl](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/EnableControl)in der *AWS SDK for Java 2.x API-Referenz*.
------
#### [ Python ]
**SDK für Python (Boto3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/controltower#code-examples) einrichten und ausführen.
```
class ControlTowerWrapper:
"""Encapsulates AWS Control Tower and Control Catalog functionality."""
def __init__(
self, controltower_client: boto3.client, controlcatalog_client: boto3.client
):
"""
:param controltower_client: A Boto3 Amazon ControlTower client.
:param controlcatalog_client: A Boto3 Amazon ControlCatalog client.
"""
self.controltower_client = controltower_client
self.controlcatalog_client = controlcatalog_client
@classmethod
def from_client(cls):
controltower_client = boto3.client("controltower")
controlcatalog_client = boto3.client("controlcatalog")
return cls(controltower_client, controlcatalog_client)
def enable_control(self, control_arn: str, target_identifier: str):
"""
Enables a control for a specified target.
:param control_arn: The ARN of the control to enable.
:param target_identifier: The identifier of the target (e.g., OU ARN).
:return: The operation ID.
:raises ClientError: If enabling the control fails.
"""
try:
print(control_arn)
print(target_identifier)
response = self.controltower_client.enable_control(
controlIdentifier=control_arn, targetIdentifier=target_identifier
)
operation_id = response["operationIdentifier"]
while True:
status = self.get_control_operation(operation_id)
print(f"Control operation status: {status}")
if status in ["SUCCEEDED", "FAILED"]:
break
time.sleep(30)
return operation_id
except ClientError as err:
if (
err.response["Error"]["Code"] == "ValidationException"
and "already enabled" in err.response["Error"]["Message"]
):
logger.info("Control is already enabled for this target")
return None
elif (
err.response["Error"]["Code"] == "ResourceNotFoundException"
and "not registered with AWS Control Tower"
in err.response["Error"]["Message"]
):
logger.error("Control Tower must be enabled to work with controls.")
return None
logger.error(
"Couldn't enable control. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
```
+ Einzelheiten zur API finden Sie [EnableControl](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/EnableControl)in *AWS SDK for Python (Boto3) API* Reference.
------
#### [ SAP ABAP ]
**SDK für SAP ABAP**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/ctt#code-examples) einrichten und ausführen.
```
" Enable the control
DATA(lo_output) = io_ctt->enablecontrol(
iv_controlidentifier = iv_control_arn
iv_targetidentifier = iv_target_identifier
).
DATA(lv_operation_id) = lo_output->get_operationidentifier( ).
" Wait for operation to complete
DATA lv_status TYPE /aws1/cttcontrolopstatus.
DO 100 TIMES.
lv_status = get_control_operation(
io_ctt = io_ctt
iv_operation_id = lv_operation_id
).
DATA(lv_msg) = |Control operation status: { lv_status }|.
MESSAGE lv_msg TYPE 'I'.
IF lv_status = 'SUCCEEDED' OR lv_status = 'FAILED'.
EXIT.
ENDIF.
" Wait 30 seconds
WAIT UP TO 30 SECONDS.
ENDDO.
ov_operation_id = lv_operation_id.
MESSAGE 'Control enabled successfully.' TYPE 'I'.
```
+ Einzelheiten zur API finden Sie [EnableControl](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)in der *API-Referenz zum AWS SDK für SAP ABAP*.
------
# `GetBaselineOperation`Mit einem AWS SDK verwenden
Die folgenden Code-Beispiele zeigen, wie `GetBaselineOperation` verwendet wird.
------
#### [ .NET ]
**SDK für .NET (v4)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/ControlTower#code-examples) einrichten und ausführen.
```
///
/// Get the status of a baseline operation.
///
/// The ID of the baseline operation.
/// The operation status.
public async Task GetBaselineOperationAsync(string operationId)
{
try
{
var request = new GetBaselineOperationRequest
{
OperationIdentifier = operationId
};
var response = await _controlTowerService.GetBaselineOperationAsync(request);
return response.BaselineOperation.Status;
}
catch (Amazon.ControlTower.Model.ResourceNotFoundException)
{
Console.WriteLine("Operation not found.");
throw;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't get baseline operation status. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
```
+ Einzelheiten zur API finden Sie [GetBaselineOperation](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/GetBaselineOperation)in der *AWS SDK für .NET API-Referenz*.
------
#### [ Java ]
**SDK für Java 2.x**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/controltower#code-examples) einrichten und ausführen.
```
/**
* Gets the status of a baseline operation.
*
* @param operationIdentifier the identifier of the operation
* @return the operation status
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture getBaselineOperationAsync(
String operationIdentifier) {
GetBaselineOperationRequest request = GetBaselineOperationRequest.builder()
.operationIdentifier(operationIdentifier)
.build();
return getAsyncClient().getBaselineOperation(request)
.whenComplete((response, exception) -> {
if (exception != null) {
Throwable cause = exception.getCause() != null
? exception.getCause()
: exception;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
if ("ResourceNotFoundException".equals(errorCode)) {
throw new CompletionException(
"Baseline operation not found: %s"
.formatted(e.getMessage()),
e
);
}
throw new CompletionException(
"Error getting baseline operation status: %s"
.formatted(e.getMessage()),
e
);
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error getting baseline operation status: %s"
.formatted(cause.getMessage()),
cause
);
}
throw new CompletionException(
"Failed to get baseline operation status",
cause
);
}
})
.thenApply(response -> {
BaselineOperationStatus status =
response.baselineOperation().status();
return status;
});
}
```
+ Einzelheiten zur API finden Sie [GetBaselineOperation](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/GetBaselineOperation)in der *AWS SDK for Java 2.x API-Referenz*.
------
#### [ Python ]
**SDK für Python (Boto3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/controltower#code-examples) einrichten und ausführen.
```
class ControlTowerWrapper:
"""Encapsulates AWS Control Tower and Control Catalog functionality."""
def __init__(
self, controltower_client: boto3.client, controlcatalog_client: boto3.client
):
"""
:param controltower_client: A Boto3 Amazon ControlTower client.
:param controlcatalog_client: A Boto3 Amazon ControlCatalog client.
"""
self.controltower_client = controltower_client
self.controlcatalog_client = controlcatalog_client
@classmethod
def from_client(cls):
controltower_client = boto3.client("controltower")
controlcatalog_client = boto3.client("controlcatalog")
return cls(controltower_client, controlcatalog_client)
def get_baseline_operation(self, operation_id: str):
"""
Gets the status of a baseline operation.
:param operation_id: The ID of the baseline operation.
:return: The operation status.
:raises ClientError: If getting the operation status fails.
"""
try:
response = self.controltower_client.get_baseline_operation(
operationIdentifier=operation_id
)
return response["baselineOperation"]["status"]
except ClientError as err:
if err.response["Error"]["Code"] == "ResourceNotFoundException":
logger.error("Operation not found.")
else:
logger.error(
"Couldn't get baseline operation status. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
```
+ Einzelheiten zur API finden Sie [GetBaselineOperation](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/GetBaselineOperation)in *AWS SDK for Python (Boto3) API* Reference.
------
#### [ SAP ABAP ]
**SDK für SAP ABAP**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/ctt#code-examples) einrichten und ausführen.
```
DATA(lo_output) = io_ctt->getbaselineoperation(
iv_operationidentifier = iv_operation_id
).
ov_status = lo_output->get_baselineoperation( )->get_status( ).
```
+ Einzelheiten zur API finden Sie [GetBaselineOperation](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)in der *API-Referenz zum AWS SDK für SAP ABAP*.
------
# `GetControlOperation`Mit einem AWS SDK verwenden
Die folgenden Code-Beispiele zeigen, wie `GetControlOperation` verwendet wird.
Beispiele für Aktionen sind Codeauszüge aus größeren Programmen und müssen im Kontext ausgeführt werden. Im folgenden Codebeispiel können Sie diese Aktion im Kontext sehen:
+ [Kennenlernen der Grundlagen](controltower_example_controltower_Scenario_section.md)
------
#### [ .NET ]
**SDK für .NET (v4)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/ControlTower#code-examples) einrichten und ausführen.
```
///
/// Get the status of a control operation.
///
/// The ID of the control operation.
/// The operation status.
public async Task GetControlOperationAsync(string operationId)
{
try
{
var request = new GetControlOperationRequest
{
OperationIdentifier = operationId
};
var response = await _controlTowerService.GetControlOperationAsync(request);
return response.ControlOperation.Status;
}
catch (Amazon.ControlTower.Model.ResourceNotFoundException)
{
Console.WriteLine("Operation not found.");
throw;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't get control operation status. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
```
+ Einzelheiten zur API finden Sie [GetControlOperation](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/GetControlOperation)in der *AWS SDK für .NET API-Referenz*.
------
#### [ Java ]
**SDK für Java 2.x**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/controltower#code-examples) einrichten und ausführen.
```
/**
* Gets the status of a control operation.
*
* @param operationIdentifier the identifier of the operation
* @return the operation status
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture getControlOperationAsync(
String operationIdentifier) {
GetControlOperationRequest request = GetControlOperationRequest.builder()
.operationIdentifier(operationIdentifier)
.build();
return getAsyncClient().getControlOperation(request)
.whenComplete((response, exception) -> {
if (exception != null) {
Throwable cause = exception.getCause() != null ? exception.getCause() : exception;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
if ("ResourceNotFoundException".equals(errorCode)) {
throw new CompletionException(
"Control operation not found: %s".formatted(e.getMessage()),
e
);
}
throw new CompletionException(
"Error getting control operation status: %s".formatted(e.getMessage()),
e
);
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error getting control operation status: %s".formatted(cause.getMessage()),
cause
);
}
throw new CompletionException("Failed to get control operation status", cause);
}
})
.thenApply(response -> response.controlOperation().status());
}
```
+ Einzelheiten zur API finden Sie [GetControlOperation](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/GetControlOperation)in der *AWS SDK for Java 2.x API-Referenz*.
------
#### [ Python ]
**SDK für Python (Boto3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/controltower#code-examples) einrichten und ausführen.
```
class ControlTowerWrapper:
"""Encapsulates AWS Control Tower and Control Catalog functionality."""
def __init__(
self, controltower_client: boto3.client, controlcatalog_client: boto3.client
):
"""
:param controltower_client: A Boto3 Amazon ControlTower client.
:param controlcatalog_client: A Boto3 Amazon ControlCatalog client.
"""
self.controltower_client = controltower_client
self.controlcatalog_client = controlcatalog_client
@classmethod
def from_client(cls):
controltower_client = boto3.client("controltower")
controlcatalog_client = boto3.client("controlcatalog")
return cls(controltower_client, controlcatalog_client)
def get_control_operation(self, operation_id: str):
"""
Gets the status of a control operation.
:param operation_id: The ID of the control operation.
:return: The operation status.
:raises ClientError: If getting the operation status fails.
"""
try:
response = self.controltower_client.get_control_operation(
operationIdentifier=operation_id
)
return response["controlOperation"]["status"]
except ClientError as err:
if err.response["Error"]["Code"] == "ResourceNotFoundException":
logger.error("Operation not found.")
else:
logger.error(
"Couldn't get control operation status. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
```
+ Einzelheiten zur API finden Sie [GetControlOperation](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/GetControlOperation)in *AWS SDK for Python (Boto3) API* Reference.
------
#### [ SAP ABAP ]
**SDK für SAP ABAP**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/ctt#code-examples) einrichten und ausführen.
```
DATA(lo_output) = io_ctt->getcontroloperation(
iv_operationidentifier = iv_operation_id
).
ov_status = lo_output->get_controloperation( )->get_status( ).
```
+ Einzelheiten zur API finden Sie [GetControlOperation](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)in der *API-Referenz zum AWS SDK für SAP ABAP*.
------
# `ListBaselines`Mit einem AWS SDK verwenden
Die folgenden Code-Beispiele zeigen, wie `ListBaselines` verwendet wird.
Beispiele für Aktionen sind Codeauszüge aus größeren Programmen und müssen im Kontext ausgeführt werden. Im folgenden Codebeispiel können Sie diese Aktion im Kontext sehen:
+ [Kennenlernen der Grundlagen](controltower_example_controltower_Scenario_section.md)
------
#### [ .NET ]
**SDK für .NET (v4)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/ControlTower#code-examples) einrichten und ausführen.
```
///
/// List all baselines.
///
/// A list of baseline summaries.
public async Task> ListBaselinesAsync()
{
try
{
var baselines = new List();
var baselinesPaginator = _controlTowerService.Paginators.ListBaselines(new ListBaselinesRequest());
await foreach (var response in baselinesPaginator.Responses)
{
baselines.AddRange(response.Baselines);
}
return baselines;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't list baselines. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
```
+ Einzelheiten zur API finden Sie [ListBaselines](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/ListBaselines)in der *AWS SDK für .NET API-Referenz*.
------
#### [ Java ]
**SDK für Java 2.x**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/controltower#code-examples) einrichten und ausführen.
```
/**
* Lists all available baselines using pagination to retrieve complete results.
*
* @return a list of all baselines
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture> listBaselinesAsync() {
System.out.println("Starting list baselines paginator…");
ListBaselinesRequest request = ListBaselinesRequest.builder().build();
ListBaselinesPublisher paginator =
getAsyncClient().listBaselinesPaginator(request);
List baselines = new ArrayList<>();
return paginator.subscribe(response -> {
if (response.baselines() != null && !response.baselines().isEmpty()) {
response.baselines().forEach(baseline -> {
baselines.add(baseline);
});
} else {
System.out.println("Page contained no baselines.");
}
})
.thenRun(() ->
System.out.println("Successfully listed baselines. Total: " + baselines.size())
)
.thenApply(v -> baselines)
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
if ("AccessDeniedException".equals(errorCode)) {
throw new CompletionException(
"Access denied when listing baselines: %s".formatted(e.getMessage()),
e
);
}
throw new CompletionException(
"Error listing baselines: %s".formatted(e.getMessage()),
e
);
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error listing baselines: %s".formatted(cause.getMessage()),
cause
);
}
throw new CompletionException("Failed to list baselines", cause);
});
}
```
+ Einzelheiten zur API finden Sie [ListBaselines](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/ListBaselines)in der *AWS SDK for Java 2.x API-Referenz*.
------
#### [ Python ]
**SDK für Python (Boto3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/controltower#code-examples) einrichten und ausführen.
```
class ControlTowerWrapper:
"""Encapsulates AWS Control Tower and Control Catalog functionality."""
def __init__(
self, controltower_client: boto3.client, controlcatalog_client: boto3.client
):
"""
:param controltower_client: A Boto3 Amazon ControlTower client.
:param controlcatalog_client: A Boto3 Amazon ControlCatalog client.
"""
self.controltower_client = controltower_client
self.controlcatalog_client = controlcatalog_client
@classmethod
def from_client(cls):
controltower_client = boto3.client("controltower")
controlcatalog_client = boto3.client("controlcatalog")
return cls(controltower_client, controlcatalog_client)
def list_baselines(self):
"""
Lists all baselines.
:return: List of baselines.
:raises ClientError: If the listing operation fails.
"""
try:
paginator = self.controltower_client.get_paginator("list_baselines")
baselines = []
for page in paginator.paginate():
baselines.extend(page["baselines"])
return baselines
except ClientError as err:
if err.response["Error"]["Code"] == "AccessDeniedException":
logger.error(
"Access denied. Please ensure you have the necessary permissions."
)
else:
logger.error(
"Couldn't list baselines. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
```
+ Einzelheiten zur API finden Sie [ListBaselines](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/ListBaselines)in *AWS SDK for Python (Boto3) API* Reference.
------
#### [ SAP ABAP ]
**SDK für SAP ABAP**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/ctt#code-examples) einrichten und ausführen.
```
DATA lt_baselines TYPE /aws1/cl_cttbaselinesummary=>tt_baselines.
DATA lv_nexttoken TYPE /aws1/cttstring.
" List all baselines using pagination
DO.
DATA(lo_output) = io_ctt->listbaselines(
iv_nexttoken = lv_nexttoken
).
APPEND LINES OF lo_output->get_baselines( ) TO lt_baselines.
lv_nexttoken = lo_output->get_nexttoken( ).
IF lv_nexttoken IS INITIAL.
EXIT.
ENDIF.
ENDDO.
ot_baselines = lt_baselines.
MESSAGE 'Listed baselines successfully.' TYPE 'I'.
```
+ Einzelheiten zur API finden Sie [ListBaselines](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)in der *API-Referenz zum AWS SDK für SAP ABAP*.
------
# `ListEnabledBaselines`Mit einem AWS SDK verwenden
Die folgenden Code-Beispiele zeigen, wie `ListEnabledBaselines` verwendet wird.
Beispiele für Aktionen sind Codeauszüge aus größeren Programmen und müssen im Kontext ausgeführt werden. Im folgenden Codebeispiel können Sie diese Aktion im Kontext sehen:
+ [Kennenlernen der Grundlagen](controltower_example_controltower_Scenario_section.md)
------
#### [ .NET ]
**SDK für .NET (v4)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/ControlTower#code-examples) einrichten und ausführen.
```
///
/// List all enabled baselines.
///
/// A list of enabled baseline summaries.
public async Task> ListEnabledBaselinesAsync()
{
try
{
var enabledBaselines = new List();
var enabledBaselinesPaginator = _controlTowerService.Paginators.ListEnabledBaselines(new ListEnabledBaselinesRequest());
await foreach (var response in enabledBaselinesPaginator.Responses)
{
enabledBaselines.AddRange(response.EnabledBaselines);
}
return enabledBaselines;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't list enabled baselines. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
```
+ Einzelheiten zur API finden Sie [ListEnabledBaselines](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/ListEnabledBaselines)in der *AWS SDK für .NET API-Referenz*.
------
#### [ Java ]
**SDK für Java 2.x**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/controltower#code-examples) einrichten und ausführen.
```
/**
* Lists all enabled baselines using pagination to retrieve complete results.
*
* @return a list of all enabled baselines
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture> listEnabledBaselinesAsync() {
System.out.println("Starting list enabled baselines paginator…");
ListEnabledBaselinesRequest request =
ListEnabledBaselinesRequest.builder().build();
ListEnabledBaselinesPublisher paginator =
getAsyncClient().listEnabledBaselinesPaginator(request);
List enabledBaselines = new ArrayList<>();
return paginator.subscribe(response -> {
if (response.enabledBaselines() != null
&& !response.enabledBaselines().isEmpty()) {
response.enabledBaselines().forEach(baseline -> {
enabledBaselines.add(baseline);
});
} else {
System.out.println("Page contained no enabled baselines.");
}
})
.thenRun(() ->
System.out.println(
"Successfully listed enabled baselines. Total: " +
enabledBaselines.size()
)
)
.thenApply(v -> enabledBaselines)
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
if ("AccessDeniedException".equals(errorCode)) {
throw new CompletionException(
"Access denied when listing enabled baselines: %s".formatted(e.getMessage()), e);
}
throw new CompletionException(
"Error listing enabled baselines: %s"
.formatted(e.getMessage()),
e
);
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error listing enabled baselines: %s"
.formatted(cause.getMessage()),
cause
);
}
throw new CompletionException(
"Failed to list enabled baselines",
cause
);
});
}
```
+ Einzelheiten zur API finden Sie [ListEnabledBaselines](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/ListEnabledBaselines)in der *AWS SDK for Java 2.x API-Referenz*.
------
#### [ Python ]
**SDK für Python (Boto3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/controltower#code-examples) einrichten und ausführen.
```
class ControlTowerWrapper:
"""Encapsulates AWS Control Tower and Control Catalog functionality."""
def __init__(
self, controltower_client: boto3.client, controlcatalog_client: boto3.client
):
"""
:param controltower_client: A Boto3 Amazon ControlTower client.
:param controlcatalog_client: A Boto3 Amazon ControlCatalog client.
"""
self.controltower_client = controltower_client
self.controlcatalog_client = controlcatalog_client
@classmethod
def from_client(cls):
controltower_client = boto3.client("controltower")
controlcatalog_client = boto3.client("controlcatalog")
return cls(controltower_client, controlcatalog_client)
def list_enabled_baselines(self):
"""
Lists all enabled baselines.
:return: List of enabled baselines.
:raises ClientError: If the listing operation fails.
"""
try:
paginator = self.controltower_client.get_paginator("list_enabled_baselines")
enabled_baselines = []
for page in paginator.paginate():
enabled_baselines.extend(page["enabledBaselines"])
return enabled_baselines
except ClientError as err:
if err.response["Error"]["Code"] == "ResourceNotFoundException":
logger.error("Target not found.")
else:
logger.error(
"Couldn't list enabled baselines. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
```
+ Einzelheiten zur API finden Sie [ListEnabledBaselines](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/ListEnabledBaselines)in *AWS SDK for Python (Boto3) API* Reference.
------
#### [ SAP ABAP ]
**SDK für SAP ABAP**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/ctt#code-examples) einrichten und ausführen.
```
DATA lt_enabled_baselines TYPE /aws1/cl_cttenbdbaselinesumm=>tt_enabledbaselines.
DATA lv_nexttoken TYPE /aws1/cttlstenbdbaselinesnex00.
" List all enabled baselines using pagination
DO.
DATA(lo_output) = io_ctt->listenabledbaselines(
iv_nexttoken = lv_nexttoken
).
APPEND LINES OF lo_output->get_enabledbaselines( ) TO lt_enabled_baselines.
lv_nexttoken = lo_output->get_nexttoken( ).
IF lv_nexttoken IS INITIAL.
EXIT.
ENDIF.
ENDDO.
ot_enabled_baselines = lt_enabled_baselines.
MESSAGE 'Listed enabled baselines successfully.' TYPE 'I'.
```
+ Einzelheiten zur API finden Sie [ListEnabledBaselines](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)in der *API-Referenz zum AWS SDK für SAP ABAP*.
------
# `ListEnabledControls`Mit einem AWS SDK verwenden
Die folgenden Code-Beispiele zeigen, wie `ListEnabledControls` verwendet wird.
Beispiele für Aktionen sind Codeauszüge aus größeren Programmen und müssen im Kontext ausgeführt werden. Im folgenden Codebeispiel können Sie diese Aktion im Kontext sehen:
+ [Kennenlernen der Grundlagen](controltower_example_controltower_Scenario_section.md)
------
#### [ .NET ]
**SDK für .NET (v4)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/ControlTower#code-examples) einrichten und ausführen.
```
///
/// List enabled controls for a target organizational unit.
///
/// The target organizational unit identifier.
/// A list of enabled control summaries.
public async Task> ListEnabledControlsAsync(string targetIdentifier)
{
try
{
var request = new ListEnabledControlsRequest
{
TargetIdentifier = targetIdentifier
};
var enabledControls = new List();
var enabledControlsPaginator = _controlTowerService.Paginators.ListEnabledControls(request);
await foreach (var response in enabledControlsPaginator.Responses)
{
enabledControls.AddRange(response.EnabledControls);
}
return enabledControls;
}
catch (Amazon.ControlTower.Model.ResourceNotFoundException ex) when (ex.Message.Contains("not registered with AWS Control Tower"))
{
Console.WriteLine("AWS Control Tower must be enabled to work with enabling controls.");
return new List();
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't list enabled controls. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
```
+ Einzelheiten zur API finden Sie [ListEnabledControls](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/ListEnabledControls)in der *AWS SDK für .NET API-Referenz*.
------
#### [ Java ]
**SDK für Java 2.x**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/controltower#code-examples) einrichten und ausführen.
```
/**
* Lists all enabled controls for a specific target using pagination.
*
* @param targetIdentifier the identifier of the target (e.g., OU ARN)
* @return a list of enabled controls
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture> listEnabledControlsAsync(String targetIdentifier) {
System.out.println("Starting list enabled controls paginator for target " + targetIdentifier);
ListEnabledControlsRequest request = ListEnabledControlsRequest.builder()
.targetIdentifier(targetIdentifier)
.build();
ListEnabledControlsPublisher paginator = getAsyncClient().listEnabledControlsPaginator(request);
List enabledControls = new ArrayList<>();
// Subscribe to the paginator asynchronously
return paginator.subscribe(response -> {
if (response.enabledControls() != null && !response.enabledControls().isEmpty()) {
response.enabledControls().forEach(control -> {
enabledControls.add(control);
});
} else {
System.out.println("Page contained no enabled controls.");
}
})
.thenRun(() -> System.out.println(
"Successfully retrieved "+enabledControls.size() +" enabled controls for target "+targetIdentifier
))
.thenApply(v -> enabledControls)
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
switch (errorCode) {
case "AccessDeniedException":
throw new CompletionException(
"Access denied when listing enabled controls: %s".formatted(e.getMessage()), e);
case "ResourceNotFoundException":
if (e.getMessage() != null && e.getMessage().contains("not registered with AWS Control Tower")) {
throw new CompletionException(
"Control Tower must be enabled to work with controls", e);
}
throw new CompletionException(
"Target not found when listing enabled controls: %s".formatted(e.getMessage()), e);
default:
throw new CompletionException(
"Error listing enabled controls: %s".formatted(e.getMessage()), e);
}
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error listing enabled controls: %s".formatted(cause.getMessage()), cause);
}
throw new CompletionException("Failed to list enabled controls", cause);
});
}
```
+ Einzelheiten zur API finden Sie [ListEnabledControls](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/ListEnabledControls)in der *AWS SDK for Java 2.x API-Referenz*.
------
#### [ Python ]
**SDK für Python (Boto3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/controltower#code-examples) einrichten und ausführen.
```
class ControlTowerWrapper:
"""Encapsulates AWS Control Tower and Control Catalog functionality."""
def __init__(
self, controltower_client: boto3.client, controlcatalog_client: boto3.client
):
"""
:param controltower_client: A Boto3 Amazon ControlTower client.
:param controlcatalog_client: A Boto3 Amazon ControlCatalog client.
"""
self.controltower_client = controltower_client
self.controlcatalog_client = controlcatalog_client
@classmethod
def from_client(cls):
controltower_client = boto3.client("controltower")
controlcatalog_client = boto3.client("controlcatalog")
return cls(controltower_client, controlcatalog_client)
def list_enabled_controls(self, target_identifier: str):
"""
Lists all enabled controls for a specific target.
:param target_identifier: The identifier of the target (e.g., OU ARN).
:return: List of enabled controls.
:raises ClientError: If the listing operation fails.
"""
enabled_controls = []
try:
paginator = self.controltower_client.get_paginator("list_enabled_controls")
for page in paginator.paginate(targetIdentifier=target_identifier):
enabled_controls.extend(page["enabledControls"])
return enabled_controls
except ClientError as err:
if err.response["Error"]["Code"] == "AccessDeniedException":
logger.error(
"Access denied. Please ensure you have the necessary permissions."
)
return enabled_controls
elif (
err.response["Error"]["Code"] == "ResourceNotFoundException"
and "not registered with AWS Control Tower"
in err.response["Error"]["Message"]
):
logger.error("Control Tower must be enabled to work with controls.")
return enabled_controls
else:
logger.error(
"Couldn't list enabled controls. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
```
+ Einzelheiten zur API finden Sie [ListEnabledControls](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/ListEnabledControls)in *AWS SDK for Python (Boto3) API* Reference.
------
#### [ SAP ABAP ]
**SDK für SAP ABAP**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/ctt#code-examples) einrichten und ausführen.
```
DATA lt_enabled_controls TYPE /aws1/cl_cttenabledcontrolsumm=>tt_enabledcontrols.
DATA lv_nexttoken TYPE /aws1/cttstring.
" List all enabled controls using pagination
DO.
DATA(lo_output) = io_ctt->listenabledcontrols(
iv_targetidentifier = iv_target_identifier
iv_nexttoken = lv_nexttoken
).
APPEND LINES OF lo_output->get_enabledcontrols( ) TO lt_enabled_controls.
lv_nexttoken = lo_output->get_nexttoken( ).
IF lv_nexttoken IS INITIAL.
EXIT.
ENDIF.
ENDDO.
ot_enabled_controls = lt_enabled_controls.
MESSAGE 'Listed enabled controls successfully.' TYPE 'I'.
```
+ Einzelheiten zur API finden Sie [ListEnabledControls](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)in der *API-Referenz zum AWS SDK für SAP ABAP*.
------
# `ListLandingZones`Mit einem AWS SDK verwenden
Die folgenden Code-Beispiele zeigen, wie `ListLandingZones` verwendet wird.
Beispiele für Aktionen sind Codeauszüge aus größeren Programmen und müssen im Kontext ausgeführt werden. Im folgenden Codebeispiel können Sie diese Aktion im Kontext sehen:
+ [Kennenlernen der Grundlagen](controltower_example_controltower_Scenario_section.md)
------
#### [ .NET ]
**SDK für .NET (v4)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/ControlTower#code-examples) einrichten und ausführen.
```
///
/// List the AWS Control Tower landing zones for an account.
///
/// A list of LandingZoneSummary objects.
public async Task> ListLandingZonesAsync()
{
try
{
var landingZones = new List();
var landingZonesPaginator = _controlTowerService.Paginators.ListLandingZones(new ListLandingZonesRequest());
await foreach (var response in landingZonesPaginator.Responses)
{
landingZones.AddRange(response.LandingZones);
}
return landingZones;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't list landing zones. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
```
+ Einzelheiten zur API finden Sie [ListLandingZones](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/ListLandingZones)in der *AWS SDK für .NET API-Referenz*.
------
#### [ Java ]
**SDK für Java 2.x**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/controltower#code-examples) einrichten und ausführen.
```
/**
* Lists all landing zones using pagination to retrieve complete results.
*
* @return a list of all landing zones
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture> listLandingZonesAsync() {
System.out.println("Starting list landing zones paginator…");
ListLandingZonesRequest request = ListLandingZonesRequest.builder().build();
ListLandingZonesPublisher paginator = getAsyncClient().listLandingZonesPaginator(request);
List landingZones = new ArrayList<>();
return paginator.subscribe(response -> {
if (response.landingZones() != null && !response.landingZones().isEmpty()) {
response.landingZones().forEach(lz -> {
System.out.println("Landing zone ARN: " + lz.arn());
landingZones.add(lz);
});
} else {
System.out.println("Page contained no landing zones.");
}
})
.thenRun(() -> System.out.println("Successfully retrieved "+ landingZones.size() + " landing zones." ))
.thenApply(v -> landingZones)
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails().errorCode();
switch (errorCode) {
case "AccessDeniedException":
throw new CompletionException(
"Access denied when listing landing zones: " + e.getMessage(), e);
default:
throw new CompletionException(
"Error listing landing zones: " + e.getMessage(), e);
}
}
if (cause instanceof SdkException) {
throw new CompletionException(
"SDK error listing landing zones: " + cause.getMessage(), cause);
}
throw new CompletionException("Failed to list landing zones", cause);
});
}
```
+ Einzelheiten zur API finden Sie [ListLandingZones](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/ListLandingZones)in der *AWS SDK for Java 2.x API-Referenz*.
------
#### [ Python ]
**SDK für Python (Boto3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/controltower#code-examples) einrichten und ausführen.
```
class ControlTowerWrapper:
"""Encapsulates AWS Control Tower and Control Catalog functionality."""
def __init__(
self, controltower_client: boto3.client, controlcatalog_client: boto3.client
):
"""
:param controltower_client: A Boto3 Amazon ControlTower client.
:param controlcatalog_client: A Boto3 Amazon ControlCatalog client.
"""
self.controltower_client = controltower_client
self.controlcatalog_client = controlcatalog_client
@classmethod
def from_client(cls):
controltower_client = boto3.client("controltower")
controlcatalog_client = boto3.client("controlcatalog")
return cls(controltower_client, controlcatalog_client)
def list_landing_zones(self):
"""
Lists all landing zones.
:return: List of landing zones.
:raises ClientError: If the listing operation fails.
"""
try:
paginator = self.controltower_client.get_paginator("list_landing_zones")
landing_zones = []
for page in paginator.paginate():
landing_zones.extend(page["landingZones"])
return landing_zones
except ClientError as err:
if err.response["Error"]["Code"] == "AccessDeniedException":
logger.error(
"Access denied. Please ensure you have the necessary permissions."
)
else:
logger.error(
"Couldn't list landing zones. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
```
+ Einzelheiten zur API finden Sie [ListLandingZones](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/ListLandingZones)in *AWS SDK for Python (Boto3) API* Reference.
------
#### [ SAP ABAP ]
**SDK für SAP ABAP**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/ctt#code-examples) einrichten und ausführen.
```
DATA lt_landing_zones TYPE /aws1/cl_cttlandingzonesummary=>tt_landingzonesummaries.
DATA lv_nexttoken TYPE /aws1/cttstring.
" List all landing zones using pagination
DO.
DATA(lo_output) = io_ctt->listlandingzones(
iv_nexttoken = lv_nexttoken
).
APPEND LINES OF lo_output->get_landingzones( ) TO lt_landing_zones.
lv_nexttoken = lo_output->get_nexttoken( ).
IF lv_nexttoken IS INITIAL.
EXIT.
ENDIF.
ENDDO.
ot_landing_zones = lt_landing_zones.
MESSAGE 'Listed landing zones successfully.' TYPE 'I'.
```
+ Einzelheiten zur API finden Sie [ListLandingZones](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)in der *API-Referenz zum AWS SDK für SAP ABAP*.
------
# `ResetEnabledBaseline`Mit einem AWS SDK verwenden
Die folgenden Code-Beispiele zeigen, wie `ResetEnabledBaseline` verwendet wird.
Beispiele für Aktionen sind Codeauszüge aus größeren Programmen und müssen im Kontext ausgeführt werden. Im folgenden Codebeispiel können Sie diese Aktion im Kontext sehen:
+ [Kennenlernen der Grundlagen](controltower_example_controltower_Scenario_section.md)
------
#### [ .NET ]
**SDK für .NET (v4)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/ControlTower#code-examples) einrichten und ausführen.
```
///
/// Reset an enabled baseline for a specific target.
///
/// The identifier of the enabled baseline to reset.
/// The operation ID.
public async Task ResetEnabledBaselineAsync(string enabledBaselineIdentifier)
{
try
{
var request = new ResetEnabledBaselineRequest
{
EnabledBaselineIdentifier = enabledBaselineIdentifier
};
var response = await _controlTowerService.ResetEnabledBaselineAsync(request);
var operationId = response.OperationIdentifier;
// Wait for operation to complete
while (true)
{
var status = await GetBaselineOperationAsync(operationId);
Console.WriteLine($"Baseline operation status: {status}");
if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED)
{
break;
}
await Task.Delay(30000); // Wait 30 seconds
}
return operationId;
}
catch (Amazon.ControlTower.Model.ResourceNotFoundException)
{
Console.WriteLine("Target not found, unable to reset enabled baseline.");
throw;
}
catch (AmazonControlTowerException ex)
{
Console.WriteLine($"Couldn't reset enabled baseline. Here's why: {ex.ErrorCode}: {ex.Message}");
throw;
}
}
```
+ Einzelheiten zur API finden Sie [ResetEnabledBaseline](https://docs.aws.amazon.com/goto/DotNetSDKV4/controltower-2018-05-10/ResetEnabledBaseline)in der *AWS SDK für .NET API-Referenz*.
------
#### [ Java ]
**SDK für Java 2.x**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/controltower#code-examples) einrichten und ausführen.
```
/**
* Resets an enabled baseline for a specific target.
*
* @param enabledBaselineIdentifier the identifier of the enabled baseline to reset
* @return the operation identifier
* @throws ControlTowerException if a service-specific error occurs
* @throws SdkException if an SDK error occurs
*/
public CompletableFuture resetEnabledBaselineAsync(String enabledBaselineIdentifier) {
System.out.println("Starting reset of enabled baseline…");
System.out.println("This operation will check the status every 15 seconds until it completes (SUCCEEDED or FAILED).");
ResetEnabledBaselineRequest request = ResetEnabledBaselineRequest.builder()
.enabledBaselineIdentifier(enabledBaselineIdentifier)
.build();
return getAsyncClient().resetEnabledBaseline(request)
.thenCompose(response -> {
String operationId = response.operationIdentifier();
System.out.println("Reset enabled baseline operation ID: " + operationId);
// Polling loop
CompletableFuture resultFuture = new CompletableFuture<>();
Runnable poller = new Runnable() {
@Override
public void run() {
getBaselineOperationAsync(operationId)
.thenAccept(statusObj -> {
String status = statusObj.toString(); // Convert enum/status to string for printing
System.out.println("Current baseline operation status: " + status + " → waiting for SUCCEEDED or FAILED...");
if ("SUCCEEDED".equalsIgnoreCase(status) || "FAILED".equalsIgnoreCase(status)) {
System.out.println("Baseline operation finished with status: " + status);
resultFuture.complete(operationId);
} else {
// Schedule next poll in 15 seconds
CompletableFuture.delayedExecutor(15, TimeUnit.SECONDS)
.execute(this);
}
})
.exceptionally(ex -> {
System.out.println("Error checking baseline operation status: " + ex.getMessage());
resultFuture.completeExceptionally(ex);
return null;
});
}
};
// Start first poll immediately
poller.run();
return resultFuture;
})
.exceptionally(ex -> {
Throwable cause = ex.getCause() != null ? ex.getCause() : ex;
if (cause instanceof ControlTowerException e) {
String errorCode = e.awsErrorDetails() != null ? e.awsErrorDetails().errorCode() : "UNKNOWN";
String errorMessage = e.awsErrorDetails() != null ? e.awsErrorDetails().errorMessage() : e.getMessage();
System.out.println("ControlTowerException caught: Code=" + errorCode + ", Message=" + errorMessage);
return null;
}
if (cause instanceof SdkException sdkEx) {
System.out.println("SDK exception caught: " + sdkEx.getMessage());
return null;
}
System.out.println("Unexpected exception resetting baseline: " + cause.getMessage());
return null;
});
}
```
+ Einzelheiten zur API finden Sie [ResetEnabledBaseline](https://docs.aws.amazon.com/goto/SdkForJavaV2/controltower-2018-05-10/ResetEnabledBaseline)in der *AWS SDK for Java 2.x API-Referenz*.
------
#### [ Python ]
**SDK für Python (Boto3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/controltower#code-examples) einrichten und ausführen.
```
class ControlTowerWrapper:
"""Encapsulates AWS Control Tower and Control Catalog functionality."""
def __init__(
self, controltower_client: boto3.client, controlcatalog_client: boto3.client
):
"""
:param controltower_client: A Boto3 Amazon ControlTower client.
:param controlcatalog_client: A Boto3 Amazon ControlCatalog client.
"""
self.controltower_client = controltower_client
self.controlcatalog_client = controlcatalog_client
@classmethod
def from_client(cls):
controltower_client = boto3.client("controltower")
controlcatalog_client = boto3.client("controlcatalog")
return cls(controltower_client, controlcatalog_client)
def reset_enabled_baseline(self, enabled_baseline_identifier: str):
"""
Resets an enabled baseline for a specific target.
:param enabled_baseline_identifier: The identifier of the enabled baseline to reset.
:return: The operation ID.
:raises ClientError: If resetting the baseline fails.
"""
try:
response = self.controltower_client.reset_enabled_baseline(
enabledBaselineIdentifier=enabled_baseline_identifier
)
operation_id = response["operationIdentifier"]
while True:
status = self.get_baseline_operation(operation_id)
print(f"Baseline operation status: {status}")
if status in ["SUCCEEDED", "FAILED"]:
break
time.sleep(30)
return operation_id
except ClientError as err:
if err.response["Error"]["Code"] == "ResourceNotFoundException":
logger.error("Target not found.")
else:
logger.error(
"Couldn't reset enabled baseline. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
```
+ Einzelheiten zur API finden Sie [ResetEnabledBaseline](https://docs.aws.amazon.com/goto/boto3/controltower-2018-05-10/ResetEnabledBaseline)in *AWS SDK for Python (Boto3) API* Reference.
------
#### [ SAP ABAP ]
**SDK für SAP ABAP**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/ctt#code-examples) einrichten und ausführen.
```
" Reset the enabled baseline
DATA(lo_output) = io_ctt->resetenabledbaseline(
iv_enabledbaselineidentifier = iv_enabled_baseline_identifier
).
DATA(lv_operation_id) = lo_output->get_operationidentifier( ).
" Wait for operation to complete
DATA lv_status TYPE /aws1/cttbaselineopstatus.
DO 100 TIMES.
lv_status = get_baseline_operation(
io_ctt = io_ctt
iv_operation_id = lv_operation_id
).
DATA(lv_msg) = |Baseline operation status: { lv_status }|.
MESSAGE lv_msg TYPE 'I'.
IF lv_status = 'SUCCEEDED' OR lv_status = 'FAILED'.
EXIT.
ENDIF.
" Wait 30 seconds
WAIT UP TO 30 SECONDS.
ENDDO.
ov_operation_id = lv_operation_id.
MESSAGE 'Baseline reset successfully.' TYPE 'I'.
```
+ Einzelheiten zur API finden Sie [ResetEnabledBaseline](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)in der *API-Referenz zum AWS SDK für SAP ABAP*.
------