AWS Control Tower 2018-05-10
- Client: Aws\ControlTower\ControlTowerClient
- Service ID: controltower
- Version: 2018-05-10
This page describes the parameters and results for the operations of the AWS Control Tower (2018-05-10), and shows how to use the Aws\ControlTower\ControlTowerClient object to call the described operations. This documentation is specific to the 2018-05-10 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName')
, where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */)
.
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */)
.
- CreateLandingZone ( array $params = [] )
- Creates a new landing zone.
- DeleteLandingZone ( array $params = [] )
- Decommissions a landing zone.
- DisableBaseline ( array $params = [] )
- Disable an EnabledBaseline resource on the specified Target.
- DisableControl ( array $params = [] )
- This API call turns off a control.
- EnableBaseline ( array $params = [] )
- Enable (apply) a Baseline to a Target.
- EnableControl ( array $params = [] )
- This API call activates a control.
- GetBaseline ( array $params = [] )
- Retrieve details about an existing Baseline resource by specifying its identifier.
- GetBaselineOperation ( array $params = [] )
- Returns the details of an asynchronous baseline operation, as initiated by any of these APIs: EnableBaseline, DisableBaseline, UpdateEnabledBaseline, ResetEnabledBaseline.
- GetControlOperation ( array $params = [] )
- Returns the status of a particular EnableControl or DisableControl operation.
- GetEnabledBaseline ( array $params = [] )
- Retrieve details of an EnabledBaseline resource by specifying its identifier.
- GetEnabledControl ( array $params = [] )
- Retrieves details about an enabled control.
- GetLandingZone ( array $params = [] )
- Returns details about the landing zone.
- GetLandingZoneOperation ( array $params = [] )
- Returns the status of the specified landing zone operation.
- ListBaselines ( array $params = [] )
- Returns a summary list of all available baselines.
- ListControlOperations ( array $params = [] )
- Provides a list of operations in progress or queued.
- ListEnabledBaselines ( array $params = [] )
- Returns a list of summaries describing EnabledBaseline resources.
- ListEnabledControls ( array $params = [] )
- Lists the controls enabled by Amazon Web Services Control Tower on the specified organizational unit and the accounts it contains.
- ListLandingZoneOperations ( array $params = [] )
- Lists all landing zone operations from the past 90 days.
- ListLandingZones ( array $params = [] )
- Returns the landing zone ARN for the landing zone deployed in your managed account.
- ListTagsForResource ( array $params = [] )
- Returns a list of tags associated with the resource.
- ResetEnabledBaseline ( array $params = [] )
- Re-enables an EnabledBaseline resource.
- ResetEnabledControl ( array $params = [] )
- Resets an enabled control.
- ResetLandingZone ( array $params = [] )
- This API call resets a landing zone.
- TagResource ( array $params = [] )
- Applies tags to a resource.
- UntagResource ( array $params = [] )
- Removes tags from a resource.
- UpdateEnabledBaseline ( array $params = [] )
- Updates an EnabledBaseline resource's applied parameters or version.
- UpdateEnabledControl ( array $params = [] )
- Updates the configuration of an already enabled control.
- UpdateLandingZone ( array $params = [] )
- This API call updates the landing zone.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
- ListBaselines
- ListControlOperations
- ListEnabledBaselines
- ListEnabledControls
- ListLandingZoneOperations
- ListLandingZones
Operations
CreateLandingZone
$result = $client->createLandingZone
([/* ... */]); $promise = $client->createLandingZoneAsync
([/* ... */]);
Creates a new landing zone. This API call starts an asynchronous operation that creates and configures a landing zone, based on the parameters specified in the manifest JSON file.
Parameter Syntax
$result = $client->createLandingZone([ 'manifest' => [ // REQUIRED ], 'tags' => ['<string>', ...], 'version' => '<string>', // REQUIRED ]);
Parameter Details
Members
- manifest
-
- Required: Yes
- Type: document (null|bool|string|numeric) or an (array|associative array) whose members are all valid documents
The manifest JSON file is a text file that describes your Amazon Web Services resources. For examples, review Launch your landing zone.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
Tags to be applied to the landing zone.
- version
-
- Required: Yes
- Type: string
The landing zone version, for example, 3.0.
Result Syntax
[ 'arn' => '<string>', 'operationIdentifier' => '<string>', ]
Result Details
Members
- arn
-
- Required: Yes
- Type: string
The ARN of the landing zone resource.
- operationIdentifier
-
- Required: Yes
- Type: string
A unique identifier assigned to a
CreateLandingZone
operation. You can use this identifier as an input ofGetLandingZoneOperation
to check the operation's status.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- ConflictException:
Updating or deleting the resource can cause an inconsistent state.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
DeleteLandingZone
$result = $client->deleteLandingZone
([/* ... */]); $promise = $client->deleteLandingZoneAsync
([/* ... */]);
Decommissions a landing zone. This API call starts an asynchronous operation that deletes Amazon Web Services Control Tower resources deployed in accounts managed by Amazon Web Services Control Tower.
Parameter Syntax
$result = $client->deleteLandingZone([ 'landingZoneIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- landingZoneIdentifier
-
- Required: Yes
- Type: string
The unique identifier of the landing zone.
Result Syntax
[ 'operationIdentifier' => '<string>', ]
Result Details
Members
- operationIdentifier
-
- Required: Yes
- Type: string
>A unique identifier assigned to a
DeleteLandingZone
operation. You can use this identifier as an input parameter ofGetLandingZoneOperation
to check the operation's status.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- ConflictException:
Updating or deleting the resource can cause an inconsistent state.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
DisableBaseline
$result = $client->disableBaseline
([/* ... */]); $promise = $client->disableBaselineAsync
([/* ... */]);
Disable an EnabledBaseline
resource on the specified Target. This API starts an asynchronous operation to remove all resources deployed as part of the baseline enablement. The resource will vary depending on the enabled baseline. For usage examples, see the Amazon Web Services Control Tower User Guide .
Parameter Syntax
$result = $client->disableBaseline([ 'enabledBaselineIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- enabledBaselineIdentifier
-
- Required: Yes
- Type: string
Identifier of the
EnabledBaseline
resource to be deactivated, in ARN format.
Result Syntax
[ 'operationIdentifier' => '<string>', ]
Result Details
Members
- operationIdentifier
-
- Required: Yes
- Type: string
The ID (in UUID format) of the asynchronous
DisableBaseline
operation. ThisoperationIdentifier
is used to track status through calls to theGetBaselineOperation
API.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- ConflictException:
Updating or deleting the resource can cause an inconsistent state.
- ServiceQuotaExceededException:
The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
DisableControl
$result = $client->disableControl
([/* ... */]); $promise = $client->disableControlAsync
([/* ... */]);
This API call turns off a control. It starts an asynchronous operation that deletes Amazon Web Services resources on the specified organizational unit and the accounts it contains. The resources will vary according to the control that you specify. For usage examples, see the Controls Reference Guide .
Parameter Syntax
$result = $client->disableControl([ 'controlIdentifier' => '<string>', // REQUIRED 'targetIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- controlIdentifier
-
- Required: Yes
- Type: string
The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny control. For information on how to find the
controlIdentifier
, see the overview page. - targetIdentifier
-
- Required: Yes
- Type: string
The ARN of the organizational unit. For information on how to find the
targetIdentifier
, see the overview page.
Result Syntax
[ 'operationIdentifier' => '<string>', ]
Result Details
Members
- operationIdentifier
-
- Required: Yes
- Type: string
The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- ConflictException:
Updating or deleting the resource can cause an inconsistent state.
- ServiceQuotaExceededException:
The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
EnableBaseline
$result = $client->enableBaseline
([/* ... */]); $promise = $client->enableBaselineAsync
([/* ... */]);
Enable (apply) a Baseline
to a Target. This API starts an asynchronous operation to deploy resources specified by the Baseline
to the specified Target. For usage examples, see the Amazon Web Services Control Tower User Guide .
Parameter Syntax
$result = $client->enableBaseline([ 'baselineIdentifier' => '<string>', // REQUIRED 'baselineVersion' => '<string>', // REQUIRED 'parameters' => [ [ 'key' => '<string>', // REQUIRED 'value' => [ // REQUIRED ], ], // ... ], 'tags' => ['<string>', ...], 'targetIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- baselineIdentifier
-
- Required: Yes
- Type: string
The ARN of the baseline to be enabled.
- baselineVersion
-
- Required: Yes
- Type: string
The specific version to be enabled of the specified baseline.
- parameters
-
- Type: Array of EnabledBaselineParameter structures
A list of
key-value
objects that specify enablement parameters, wherekey
is a string andvalue
is a document of any type. - tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
Tags associated with input to
EnableBaseline
. - targetIdentifier
-
- Required: Yes
- Type: string
The ARN of the target on which the baseline will be enabled. Only OUs are supported as targets.
Result Syntax
[ 'arn' => '<string>', 'operationIdentifier' => '<string>', ]
Result Details
Members
- arn
-
- Required: Yes
- Type: string
The ARN of the
EnabledBaseline
resource. - operationIdentifier
-
- Required: Yes
- Type: string
The ID (in UUID format) of the asynchronous
EnableBaseline
operation. ThisoperationIdentifier
is used to track status through calls to theGetBaselineOperation
API.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- ConflictException:
Updating or deleting the resource can cause an inconsistent state.
- ServiceQuotaExceededException:
The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
EnableControl
$result = $client->enableControl
([/* ... */]); $promise = $client->enableControlAsync
([/* ... */]);
This API call activates a control. It starts an asynchronous operation that creates Amazon Web Services resources on the specified organizational unit and the accounts it contains. The resources created will vary according to the control that you specify. For usage examples, see the Controls Reference Guide .
Parameter Syntax
$result = $client->enableControl([ 'controlIdentifier' => '<string>', // REQUIRED 'parameters' => [ [ 'key' => '<string>', // REQUIRED 'value' => [ // REQUIRED ], ], // ... ], 'tags' => ['<string>', ...], 'targetIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- controlIdentifier
-
- Required: Yes
- Type: string
The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny control. For information on how to find the
controlIdentifier
, see the overview page. - parameters
-
- Type: Array of EnabledControlParameter structures
A list of input parameter values, which are specified to configure the control when you enable it.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
Tags to be applied to the
EnabledControl
resource. - targetIdentifier
-
- Required: Yes
- Type: string
The ARN of the organizational unit. For information on how to find the
targetIdentifier
, see the overview page.
Result Syntax
[ 'arn' => '<string>', 'operationIdentifier' => '<string>', ]
Result Details
Members
- arn
-
- Type: string
The ARN of the
EnabledControl
resource. - operationIdentifier
-
- Required: Yes
- Type: string
The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- ConflictException:
Updating or deleting the resource can cause an inconsistent state.
- ServiceQuotaExceededException:
The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
GetBaseline
$result = $client->getBaseline
([/* ... */]); $promise = $client->getBaselineAsync
([/* ... */]);
Retrieve details about an existing Baseline
resource by specifying its identifier. For usage examples, see the Amazon Web Services Control Tower User Guide .
Parameter Syntax
$result = $client->getBaseline([ 'baselineIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- baselineIdentifier
-
- Required: Yes
- Type: string
The ARN of the
Baseline
resource to be retrieved.
Result Syntax
[ 'arn' => '<string>', 'description' => '<string>', 'name' => '<string>', ]
Result Details
Members
- arn
-
- Required: Yes
- Type: string
The baseline ARN.
- description
-
- Type: string
A description of the baseline.
- name
-
- Required: Yes
- Type: string
A user-friendly name for the baseline.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
GetBaselineOperation
$result = $client->getBaselineOperation
([/* ... */]); $promise = $client->getBaselineOperationAsync
([/* ... */]);
Returns the details of an asynchronous baseline operation, as initiated by any of these APIs: EnableBaseline
, DisableBaseline
, UpdateEnabledBaseline
, ResetEnabledBaseline
. A status message is displayed in case of operation failure. For usage examples, see the Amazon Web Services Control Tower User Guide .
Parameter Syntax
$result = $client->getBaselineOperation([ 'operationIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- operationIdentifier
-
- Required: Yes
- Type: string
The operation ID returned from mutating asynchronous APIs (Enable, Disable, Update, Reset).
Result Syntax
[ 'baselineOperation' => [ 'endTime' => <DateTime>, 'operationIdentifier' => '<string>', 'operationType' => 'ENABLE_BASELINE|DISABLE_BASELINE|UPDATE_ENABLED_BASELINE|RESET_ENABLED_BASELINE', 'startTime' => <DateTime>, 'status' => 'SUCCEEDED|FAILED|IN_PROGRESS', 'statusMessage' => '<string>', ], ]
Result Details
Members
- baselineOperation
-
- Required: Yes
- Type: BaselineOperation structure
A
baselineOperation
object that shows information about the specified operation ID.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
GetControlOperation
$result = $client->getControlOperation
([/* ... */]); $promise = $client->getControlOperationAsync
([/* ... */]);
Returns the status of a particular EnableControl
or DisableControl
operation. Displays a message in case of error. Details for an operation are available for 90 days. For usage examples, see the Controls Reference Guide .
Parameter Syntax
$result = $client->getControlOperation([ 'operationIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- operationIdentifier
-
- Required: Yes
- Type: string
The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.
Result Syntax
[ 'controlOperation' => [ 'controlIdentifier' => '<string>', 'enabledControlIdentifier' => '<string>', 'endTime' => <DateTime>, 'operationIdentifier' => '<string>', 'operationType' => 'ENABLE_CONTROL|DISABLE_CONTROL|UPDATE_ENABLED_CONTROL|RESET_ENABLED_CONTROL', 'startTime' => <DateTime>, 'status' => 'SUCCEEDED|FAILED|IN_PROGRESS', 'statusMessage' => '<string>', 'targetIdentifier' => '<string>', ], ]
Result Details
Members
- controlOperation
-
- Required: Yes
- Type: ControlOperation structure
An operation performed by the control.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
GetEnabledBaseline
$result = $client->getEnabledBaseline
([/* ... */]); $promise = $client->getEnabledBaselineAsync
([/* ... */]);
Retrieve details of an EnabledBaseline
resource by specifying its identifier.
Parameter Syntax
$result = $client->getEnabledBaseline([ 'enabledBaselineIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- enabledBaselineIdentifier
-
- Required: Yes
- Type: string
Identifier of the
EnabledBaseline
resource to be retrieved, in ARN format.
Result Syntax
[ 'enabledBaselineDetails' => [ 'arn' => '<string>', 'baselineIdentifier' => '<string>', 'baselineVersion' => '<string>', 'parameters' => [ [ 'key' => '<string>', 'value' => [ ], ], // ... ], 'parentIdentifier' => '<string>', 'statusSummary' => [ 'lastOperationIdentifier' => '<string>', 'status' => 'SUCCEEDED|FAILED|UNDER_CHANGE', ], 'targetIdentifier' => '<string>', ], ]
Result Details
Members
- enabledBaselineDetails
-
- Type: EnabledBaselineDetails structure
Details of the
EnabledBaseline
resource.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
GetEnabledControl
$result = $client->getEnabledControl
([/* ... */]); $promise = $client->getEnabledControlAsync
([/* ... */]);
Retrieves details about an enabled control. For usage examples, see the Controls Reference Guide .
Parameter Syntax
$result = $client->getEnabledControl([ 'enabledControlIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- enabledControlIdentifier
-
- Required: Yes
- Type: string
The
controlIdentifier
of the enabled control.
Result Syntax
[ 'enabledControlDetails' => [ 'arn' => '<string>', 'controlIdentifier' => '<string>', 'driftStatusSummary' => [ 'driftStatus' => 'DRIFTED|IN_SYNC|NOT_CHECKING|UNKNOWN', ], 'parameters' => [ [ 'key' => '<string>', 'value' => [ ], ], // ... ], 'statusSummary' => [ 'lastOperationIdentifier' => '<string>', 'status' => 'SUCCEEDED|FAILED|UNDER_CHANGE', ], 'targetIdentifier' => '<string>', 'targetRegions' => [ [ 'name' => '<string>', ], // ... ], ], ]
Result Details
Members
- enabledControlDetails
-
- Required: Yes
- Type: EnabledControlDetails structure
Information about the enabled control.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
GetLandingZone
$result = $client->getLandingZone
([/* ... */]); $promise = $client->getLandingZoneAsync
([/* ... */]);
Returns details about the landing zone. Displays a message in case of error.
Parameter Syntax
$result = $client->getLandingZone([ 'landingZoneIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- landingZoneIdentifier
-
- Required: Yes
- Type: string
The unique identifier of the landing zone.
Result Syntax
[ 'landingZone' => [ 'arn' => '<string>', 'driftStatus' => [ 'status' => 'DRIFTED|IN_SYNC', ], 'latestAvailableVersion' => '<string>', 'manifest' => [ ], 'status' => 'ACTIVE|PROCESSING|FAILED', 'version' => '<string>', ], ]
Result Details
Members
- landingZone
-
- Required: Yes
- Type: LandingZoneDetail structure
Information about the landing zone.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
GetLandingZoneOperation
$result = $client->getLandingZoneOperation
([/* ... */]); $promise = $client->getLandingZoneOperationAsync
([/* ... */]);
Returns the status of the specified landing zone operation. Details for an operation are available for 90 days.
Parameter Syntax
$result = $client->getLandingZoneOperation([ 'operationIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- operationIdentifier
-
- Required: Yes
- Type: string
A unique identifier assigned to a landing zone operation.
Result Syntax
[ 'operationDetails' => [ 'endTime' => <DateTime>, 'operationIdentifier' => '<string>', 'operationType' => 'DELETE|CREATE|UPDATE|RESET', 'startTime' => <DateTime>, 'status' => 'SUCCEEDED|FAILED|IN_PROGRESS', 'statusMessage' => '<string>', ], ]
Result Details
Members
- operationDetails
-
- Required: Yes
- Type: LandingZoneOperationDetail structure
Details about a landing zone operation.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
ListBaselines
$result = $client->listBaselines
([/* ... */]); $promise = $client->listBaselinesAsync
([/* ... */]);
Returns a summary list of all available baselines. For usage examples, see the Amazon Web Services Control Tower User Guide .
Parameter Syntax
$result = $client->listBaselines([ 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to be shown.
- nextToken
-
- Type: string
A pagination token.
Result Syntax
[ 'baselines' => [ [ 'arn' => '<string>', 'description' => '<string>', 'name' => '<string>', ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- baselines
-
- Required: Yes
- Type: Array of BaselineSummary structures
A list of
Baseline
object details. - nextToken
-
- Type: string
A pagination token.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
ListControlOperations
$result = $client->listControlOperations
([/* ... */]); $promise = $client->listControlOperationsAsync
([/* ... */]);
Provides a list of operations in progress or queued. For usage examples, see ListControlOperation examples.
Parameter Syntax
$result = $client->listControlOperations([ 'filter' => [ 'controlIdentifiers' => ['<string>', ...], 'controlOperationTypes' => ['<string>', ...], 'enabledControlIdentifiers' => ['<string>', ...], 'statuses' => ['<string>', ...], 'targetIdentifiers' => ['<string>', ...], ], 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- filter
-
- Type: ControlOperationFilter structure
An input filter for the
ListControlOperations
API that lets you select the types of control operations to view. - maxResults
-
- Type: int
The maximum number of results to be shown.
- nextToken
-
- Type: string
A pagination token.
Result Syntax
[ 'controlOperations' => [ [ 'controlIdentifier' => '<string>', 'enabledControlIdentifier' => '<string>', 'endTime' => <DateTime>, 'operationIdentifier' => '<string>', 'operationType' => 'ENABLE_CONTROL|DISABLE_CONTROL|UPDATE_ENABLED_CONTROL|RESET_ENABLED_CONTROL', 'startTime' => <DateTime>, 'status' => 'SUCCEEDED|FAILED|IN_PROGRESS', 'statusMessage' => '<string>', 'targetIdentifier' => '<string>', ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- controlOperations
-
- Required: Yes
- Type: Array of ControlOperationSummary structures
Returns a list of output from control operations.
- nextToken
-
- Type: string
A pagination token.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
ListEnabledBaselines
$result = $client->listEnabledBaselines
([/* ... */]); $promise = $client->listEnabledBaselinesAsync
([/* ... */]);
Returns a list of summaries describing EnabledBaseline
resources. You can filter the list by the corresponding Baseline
or Target
of the EnabledBaseline
resources. For usage examples, see the Amazon Web Services Control Tower User Guide .
Parameter Syntax
$result = $client->listEnabledBaselines([ 'filter' => [ 'baselineIdentifiers' => ['<string>', ...], 'parentIdentifiers' => ['<string>', ...], 'targetIdentifiers' => ['<string>', ...], ], 'includeChildren' => true || false, 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- filter
-
- Type: EnabledBaselineFilter structure
A filter applied on the
ListEnabledBaseline
operation. Allowed filters arebaselineIdentifiers
andtargetIdentifiers
. The filter can be applied for either, or both. - includeChildren
-
- Type: boolean
A value that can be set to include the child enabled baselines in responses. The default value is false.
- maxResults
-
- Type: int
The maximum number of results to be shown.
- nextToken
-
- Type: string
A pagination token.
Result Syntax
[ 'enabledBaselines' => [ [ 'arn' => '<string>', 'baselineIdentifier' => '<string>', 'baselineVersion' => '<string>', 'parentIdentifier' => '<string>', 'statusSummary' => [ 'lastOperationIdentifier' => '<string>', 'status' => 'SUCCEEDED|FAILED|UNDER_CHANGE', ], 'targetIdentifier' => '<string>', ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- enabledBaselines
-
- Required: Yes
- Type: Array of EnabledBaselineSummary structures
Retuens a list of summaries of
EnabledBaseline
resources. - nextToken
-
- Type: string
A pagination token.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
ListEnabledControls
$result = $client->listEnabledControls
([/* ... */]); $promise = $client->listEnabledControlsAsync
([/* ... */]);
Lists the controls enabled by Amazon Web Services Control Tower on the specified organizational unit and the accounts it contains. For usage examples, see the Controls Reference Guide .
Parameter Syntax
$result = $client->listEnabledControls([ 'filter' => [ 'controlIdentifiers' => ['<string>', ...], 'driftStatuses' => ['<string>', ...], 'statuses' => ['<string>', ...], ], 'maxResults' => <integer>, 'nextToken' => '<string>', 'targetIdentifier' => '<string>', ]);
Parameter Details
Members
- filter
-
- Type: EnabledControlFilter structure
An input filter for the
ListEnabledControls
API that lets you select the types of control operations to view. - maxResults
-
- Type: int
How many results to return per API call.
- nextToken
-
- Type: string
The token to continue the list from a previous API call with the same parameters.
- targetIdentifier
-
- Type: string
The ARN of the organizational unit. For information on how to find the
targetIdentifier
, see the overview page.
Result Syntax
[ 'enabledControls' => [ [ 'arn' => '<string>', 'controlIdentifier' => '<string>', 'driftStatusSummary' => [ 'driftStatus' => 'DRIFTED|IN_SYNC|NOT_CHECKING|UNKNOWN', ], 'statusSummary' => [ 'lastOperationIdentifier' => '<string>', 'status' => 'SUCCEEDED|FAILED|UNDER_CHANGE', ], 'targetIdentifier' => '<string>', ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- enabledControls
-
- Required: Yes
- Type: Array of EnabledControlSummary structures
Lists the controls enabled by Amazon Web Services Control Tower on the specified organizational unit and the accounts it contains.
- nextToken
-
- Type: string
Retrieves the next page of results. If the string is empty, the response is the end of the results.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
ListLandingZoneOperations
$result = $client->listLandingZoneOperations
([/* ... */]); $promise = $client->listLandingZoneOperationsAsync
([/* ... */]);
Lists all landing zone operations from the past 90 days. Results are sorted by time, with the most recent operation first.
Parameter Syntax
$result = $client->listLandingZoneOperations([ 'filter' => [ 'statuses' => ['<string>', ...], 'types' => ['<string>', ...], ], 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- filter
-
- Type: LandingZoneOperationFilter structure
An input filter for the
ListLandingZoneOperations
API that lets you select the types of landing zone operations to view. - maxResults
-
- Type: int
How many results to return per API call.
- nextToken
-
- Type: string
The token to continue the list from a previous API call with the same parameters.
Result Syntax
[ 'landingZoneOperations' => [ [ 'operationIdentifier' => '<string>', 'operationType' => 'DELETE|CREATE|UPDATE|RESET', 'status' => 'SUCCEEDED|FAILED|IN_PROGRESS', ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- landingZoneOperations
-
- Required: Yes
- Type: Array of LandingZoneOperationSummary structures
Lists landing zone operations.
- nextToken
-
- Type: string
Retrieves the next page of results. If the string is empty, the response is the end of the results.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
ListLandingZones
$result = $client->listLandingZones
([/* ... */]); $promise = $client->listLandingZonesAsync
([/* ... */]);
Returns the landing zone ARN for the landing zone deployed in your managed account. This API also creates an ARN for existing accounts that do not yet have a landing zone ARN.
Returns one landing zone ARN.
Parameter Syntax
$result = $client->listLandingZones([ 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of returned landing zone ARNs, which is one.
- nextToken
-
- Type: string
The token to continue the list from a previous API call with the same parameters.
Result Syntax
[ 'landingZones' => [ [ 'arn' => '<string>', ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- landingZones
-
- Required: Yes
- Type: Array of LandingZoneSummary structures
The ARN of the landing zone.
- nextToken
-
- Type: string
Retrieves the next page of results. If the string is empty, the response is the end of the results.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
ListTagsForResource
$result = $client->listTagsForResource
([/* ... */]); $promise = $client->listTagsForResourceAsync
([/* ... */]);
Returns a list of tags associated with the resource. For usage examples, see the Controls Reference Guide .
Parameter Syntax
$result = $client->listTagsForResource([ 'resourceArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The ARN of the resource.
Result Syntax
[ 'tags' => ['<string>', ...], ]
Result Details
Members
- tags
-
- Required: Yes
- Type: Associative array of custom strings keys (TagKey) to strings
A list of tags, as
key:value
strings.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- ResourceNotFoundException:
The request references a resource that does not exist.
ResetEnabledBaseline
$result = $client->resetEnabledBaseline
([/* ... */]); $promise = $client->resetEnabledBaselineAsync
([/* ... */]);
Re-enables an EnabledBaseline
resource. For example, this API can re-apply the existing Baseline
after a new member account is moved to the target OU. For usage examples, see the Amazon Web Services Control Tower User Guide .
Parameter Syntax
$result = $client->resetEnabledBaseline([ 'enabledBaselineIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- enabledBaselineIdentifier
-
- Required: Yes
- Type: string
Specifies the ID of the
EnabledBaseline
resource to be re-enabled, in ARN format.
Result Syntax
[ 'operationIdentifier' => '<string>', ]
Result Details
Members
- operationIdentifier
-
- Required: Yes
- Type: string
The ID (in UUID format) of the asynchronous
ResetEnabledBaseline
operation. ThisoperationIdentifier
is used to track status through calls to theGetBaselineOperation
API.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- ConflictException:
Updating or deleting the resource can cause an inconsistent state.
- ServiceQuotaExceededException:
The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
ResetEnabledControl
$result = $client->resetEnabledControl
([/* ... */]); $promise = $client->resetEnabledControlAsync
([/* ... */]);
Resets an enabled control.
Parameter Syntax
$result = $client->resetEnabledControl([ 'enabledControlIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- enabledControlIdentifier
-
- Required: Yes
- Type: string
The ARN of the enabled control to be reset.
Result Syntax
[ 'operationIdentifier' => '<string>', ]
Result Details
Members
- operationIdentifier
-
- Required: Yes
- Type: string
The operation identifier for this
ResetEnabledControl
operation.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- ConflictException:
Updating or deleting the resource can cause an inconsistent state.
- ServiceQuotaExceededException:
The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
ResetLandingZone
$result = $client->resetLandingZone
([/* ... */]); $promise = $client->resetLandingZoneAsync
([/* ... */]);
This API call resets a landing zone. It starts an asynchronous operation that resets the landing zone to the parameters specified in the original configuration, which you specified in the manifest file. Nothing in the manifest file's original landing zone configuration is changed during the reset process, by default. This API is not the same as a rollback of a landing zone version, which is not a supported operation.
Parameter Syntax
$result = $client->resetLandingZone([ 'landingZoneIdentifier' => '<string>', // REQUIRED ]);
Parameter Details
Members
- landingZoneIdentifier
-
- Required: Yes
- Type: string
The unique identifier of the landing zone.
Result Syntax
[ 'operationIdentifier' => '<string>', ]
Result Details
Members
- operationIdentifier
-
- Required: Yes
- Type: string
A unique identifier assigned to a
ResetLandingZone
operation. You can use this identifier as an input parameter ofGetLandingZoneOperation
to check the operation's status.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- ConflictException:
Updating or deleting the resource can cause an inconsistent state.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
TagResource
$result = $client->tagResource
([/* ... */]); $promise = $client->tagResourceAsync
([/* ... */]);
Applies tags to a resource. For usage examples, see the Controls Reference Guide .
Parameter Syntax
$result = $client->tagResource([ 'resourceArn' => '<string>', // REQUIRED 'tags' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The ARN of the resource to be tagged.
- tags
-
- Required: Yes
- Type: Associative array of custom strings keys (TagKey) to strings
Tags to be applied to the resource.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- ResourceNotFoundException:
The request references a resource that does not exist.
UntagResource
$result = $client->untagResource
([/* ... */]); $promise = $client->untagResourceAsync
([/* ... */]);
Removes tags from a resource. For usage examples, see the Controls Reference Guide .
Parameter Syntax
$result = $client->untagResource([ 'resourceArn' => '<string>', // REQUIRED 'tagKeys' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The ARN of the resource.
- tagKeys
-
- Required: Yes
- Type: Array of strings
Tag keys to be removed from the resource.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- InternalServerException:
An unexpected error occurred during processing of a request.
- ResourceNotFoundException:
The request references a resource that does not exist.
UpdateEnabledBaseline
$result = $client->updateEnabledBaseline
([/* ... */]); $promise = $client->updateEnabledBaselineAsync
([/* ... */]);
Updates an EnabledBaseline
resource's applied parameters or version. For usage examples, see the Amazon Web Services Control Tower User Guide .
Parameter Syntax
$result = $client->updateEnabledBaseline([ 'baselineVersion' => '<string>', // REQUIRED 'enabledBaselineIdentifier' => '<string>', // REQUIRED 'parameters' => [ [ 'key' => '<string>', // REQUIRED 'value' => [ // REQUIRED ], ], // ... ], ]);
Parameter Details
Members
- baselineVersion
-
- Required: Yes
- Type: string
Specifies the new
Baseline
version, to which theEnabledBaseline
should be updated. - enabledBaselineIdentifier
-
- Required: Yes
- Type: string
Specifies the
EnabledBaseline
resource to be updated. - parameters
-
- Type: Array of EnabledBaselineParameter structures
Parameters to apply when making an update.
Result Syntax
[ 'operationIdentifier' => '<string>', ]
Result Details
Members
- operationIdentifier
-
- Required: Yes
- Type: string
The ID (in UUID format) of the asynchronous
UpdateEnabledBaseline
operation. ThisoperationIdentifier
is used to track status through calls to theGetBaselineOperation
API.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- ConflictException:
Updating or deleting the resource can cause an inconsistent state.
- ServiceQuotaExceededException:
The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
UpdateEnabledControl
$result = $client->updateEnabledControl
([/* ... */]); $promise = $client->updateEnabledControlAsync
([/* ... */]);
Updates the configuration of an already enabled control.
If the enabled control shows an EnablementStatus
of SUCCEEDED, supply parameters that are different from the currently configured parameters. Otherwise, Amazon Web Services Control Tower will not accept the request.
If the enabled control shows an EnablementStatus
of FAILED, Amazon Web Services Control Tower updates the control to match any valid parameters that you supply.
If the DriftSummary
status for the control shows as DRIFTED
, you cannot call this API. Instead, you can update the control by calling the ResetEnabledControl
API. Alternatively, you can call DisableControl
and then call EnableControl
again. Also, you can run an extending governance operation to repair drift. For usage examples, see the Controls Reference Guide .
Parameter Syntax
$result = $client->updateEnabledControl([ 'enabledControlIdentifier' => '<string>', // REQUIRED 'parameters' => [ // REQUIRED [ 'key' => '<string>', // REQUIRED 'value' => [ // REQUIRED ], ], // ... ], ]);
Parameter Details
Members
- enabledControlIdentifier
-
- Required: Yes
- Type: string
The ARN of the enabled control that will be updated.
- parameters
-
- Required: Yes
- Type: Array of EnabledControlParameter structures
A key/value pair, where
Key
is of typeString
andValue
is of typeDocument
.
Result Syntax
[ 'operationIdentifier' => '<string>', ]
Result Details
Members
- operationIdentifier
-
- Required: Yes
- Type: string
The operation identifier for this
UpdateEnabledControl
operation.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- ConflictException:
Updating or deleting the resource can cause an inconsistent state.
- ServiceQuotaExceededException:
The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
UpdateLandingZone
$result = $client->updateLandingZone
([/* ... */]); $promise = $client->updateLandingZoneAsync
([/* ... */]);
This API call updates the landing zone. It starts an asynchronous operation that updates the landing zone based on the new landing zone version, or on the changed parameters specified in the updated manifest file.
Parameter Syntax
$result = $client->updateLandingZone([ 'landingZoneIdentifier' => '<string>', // REQUIRED 'manifest' => [ // REQUIRED ], 'version' => '<string>', // REQUIRED ]);
Parameter Details
Members
- landingZoneIdentifier
-
- Required: Yes
- Type: string
The unique identifier of the landing zone.
- manifest
-
- Required: Yes
- Type: document (null|bool|string|numeric) or an (array|associative array) whose members are all valid documents
The manifest file (JSON) is a text file that describes your Amazon Web Services resources. For an example, review Launch your landing zone. The example manifest file contains each of the available parameters. The schema for the landing zone's JSON manifest file is not published, by design.
- version
-
- Required: Yes
- Type: string
The landing zone version, for example, 3.2.
Result Syntax
[ 'operationIdentifier' => '<string>', ]
Result Details
Members
- operationIdentifier
-
- Required: Yes
- Type: string
A unique identifier assigned to a
UpdateLandingZone
operation. You can use this identifier as an input ofGetLandingZoneOperation
to check the operation's status.
Errors
- ValidationException:
The input does not satisfy the constraints specified by an Amazon Web Services service.
- ConflictException:
Updating or deleting the resource can cause an inconsistent state.
- InternalServerException:
An unexpected error occurred during processing of a request.
- AccessDeniedException:
You do not have sufficient access to perform this action.
- ThrottlingException:
The request was denied due to request throttling.
- ResourceNotFoundException:
The request references a resource that does not exist.
Shapes
AccessDeniedException
Description
You do not have sufficient access to perform this action.
Members
- message
-
- Required: Yes
- Type: string
BaselineOperation
Description
An object of shape BaselineOperation
, returning details about the specified Baseline
operation ID.
Members
- endTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The end time of the operation (if applicable), in ISO 8601 format.
- operationIdentifier
-
- Type: string
The identifier of the specified operation.
- operationType
-
- Type: string
An enumerated type (
enum
) with possible values ofENABLE_BASELINE
,DISABLE_BASELINE
,UPDATE_ENABLED_BASELINE
, orRESET_ENABLED_BASELINE
. - startTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The start time of the operation, in ISO 8601 format.
- status
-
- Type: string
An enumerated type (
enum
) with possible values ofSUCCEEDED
,FAILED
, orIN_PROGRESS
. - statusMessage
-
- Type: string
A status message that gives more information about the operation's status, if applicable.
BaselineSummary
Description
Returns a summary of information about a Baseline
object.
Members
- arn
-
- Required: Yes
- Type: string
The full ARN of a Baseline.
- description
-
- Type: string
A summary description of a Baseline.
- name
-
- Required: Yes
- Type: string
The human-readable name of a Baseline.
ConflictException
Description
Updating or deleting the resource can cause an inconsistent state.
Members
- message
-
- Required: Yes
- Type: string
ControlOperation
Description
An operation performed by the control.
Members
- controlIdentifier
-
- Type: string
The
controlIdentifier
of the control for the operation. - enabledControlIdentifier
-
- Type: string
The
controlIdentifier
of the enabled control. - endTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time that the operation finished.
- operationIdentifier
-
- Type: string
The identifier of the specified operation.
- operationType
-
- Type: string
One of
ENABLE_CONTROL
orDISABLE_CONTROL
. - startTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time that the operation began.
- status
-
- Type: string
One of
IN_PROGRESS
,SUCEEDED
, orFAILED
. - statusMessage
-
- Type: string
If the operation result is
FAILED
, this string contains a message explaining why the operation failed. - targetIdentifier
-
- Type: string
The target upon which the control operation is working.
ControlOperationFilter
Description
A filter object that lets you call ListControlOperations
with a specific filter.
Members
- controlIdentifiers
-
- Type: Array of strings
The set of
controlIdentifier
returned by the filter. - controlOperationTypes
-
- Type: Array of strings
The set of
ControlOperation
objects returned by the filter. - enabledControlIdentifiers
-
- Type: Array of strings
The set
controlIdentifier
of enabled controls selected by the filter. - statuses
-
- Type: Array of strings
Lists the status of control operations.
- targetIdentifiers
-
- Type: Array of strings
The set of
targetIdentifier
objects returned by the filter.
ControlOperationSummary
Description
A summary of information about the specified control operation.
Members
- controlIdentifier
-
- Type: string
The
controlIdentifier
of a control. - enabledControlIdentifier
-
- Type: string
The
controlIdentifier
of an enabled control. - endTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which the control operation was completed.
- operationIdentifier
-
- Type: string
The unique identifier of a control operation.
- operationType
-
- Type: string
The type of operation.
- startTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time at which a control operation began.
- status
-
- Type: string
The status of the specified control operation.
- statusMessage
-
- Type: string
A speficic message displayed as part of the control status.
- targetIdentifier
-
- Type: string
The unique identifier of the target of a control operation.
Document
Members
DriftStatusSummary
Description
The drift summary of the enabled control.
Amazon Web Services Control Tower expects the enabled control configuration to include all supported and governed Regions. If the enabled control differs from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.
Members
- driftStatus
-
- Type: string
The drift status of the enabled control.
Valid values:
-
DRIFTED
: TheenabledControl
deployed in this configuration doesn’t match the configuration that Amazon Web Services Control Tower expected. -
IN_SYNC
: TheenabledControl
deployed in this configuration matches the configuration that Amazon Web Services Control Tower expected. -
NOT_CHECKING
: Amazon Web Services Control Tower does not check drift for this enabled control. Drift is not supported for the control type. -
UNKNOWN
: Amazon Web Services Control Tower is not able to check the drift status for the enabled control.
EnabledBaselineDetails
Description
Details of the EnabledBaseline
resource.
Members
- arn
-
- Required: Yes
- Type: string
The ARN of the
EnabledBaseline
resource. - baselineIdentifier
-
- Required: Yes
- Type: string
The specific
Baseline
enabled as part of theEnabledBaseline
resource. - baselineVersion
-
- Type: string
The enabled version of the
Baseline
. - parameters
-
- Type: Array of EnabledBaselineParameterSummary structures
Shows the parameters that are applied when enabling this
Baseline
. - parentIdentifier
-
- Type: string
An ARN that represents the parent
EnabledBaseline
at the Organizational Unit (OU) level, from which the childEnabledBaseline
inherits its configuration. The value is returned byGetEnabledBaseline
. - statusSummary
-
- Required: Yes
- Type: EnablementStatusSummary structure
The deployment summary of an
EnabledControl
orEnabledBaseline
resource. - targetIdentifier
-
- Required: Yes
- Type: string
The target on which to enable the
Baseline
.
EnabledBaselineFilter
Description
A filter applied on the ListEnabledBaseline
operation. Allowed filters are baselineIdentifiers
and targetIdentifiers
. The filter can be applied for either, or both.
Members
- baselineIdentifiers
-
- Type: Array of strings
Identifiers for the
Baseline
objects returned as part of the filter operation. - parentIdentifiers
-
- Type: Array of strings
An optional filter that sets up a list of
parentIdentifiers
to filter the results of theListEnabledBaseline
output. - targetIdentifiers
-
- Type: Array of strings
Identifiers for the targets of the
Baseline
filter operation.
EnabledBaselineParameter
Description
A key-value parameter to an EnabledBaseline
resource.
Members
- key
-
- Required: Yes
- Type: string
A string denoting the parameter key.
- value
-
- Required: Yes
- Type: document (null|bool|string|numeric) or an (array|associative array) whose members are all valid documents
A low-level
Document
object of any type (for example, a Java Object).
EnabledBaselineParameterDocument
Members
EnabledBaselineParameterSummary
Description
Summary of an applied parameter to an EnabledBaseline
resource.
Members
- key
-
- Required: Yes
- Type: string
A string denoting the parameter key.
- value
-
- Required: Yes
- Type: document (null|bool|string|numeric) or an (array|associative array) whose members are all valid documents
A low-level document object of any type (for example, a Java Object).
EnabledBaselineSummary
Description
Returns a summary of information about an EnabledBaseline
object.
Members
- arn
-
- Required: Yes
- Type: string
The ARN of the
EnabledBaseline
resource - baselineIdentifier
-
- Required: Yes
- Type: string
The specific baseline that is enabled as part of the
EnabledBaseline
resource. - baselineVersion
-
- Type: string
The enabled version of the baseline.
- parentIdentifier
-
- Type: string
An ARN that represents an object returned by
ListEnabledBaseline
, to describe an enabled baseline. - statusSummary
-
- Required: Yes
- Type: EnablementStatusSummary structure
The deployment summary of an
EnabledControl
orEnabledBaseline
resource. - targetIdentifier
-
- Required: Yes
- Type: string
The target upon which the baseline is enabled.
EnabledControlDetails
Description
Information about the enabled control.
Members
- arn
-
- Type: string
The ARN of the enabled control.
- controlIdentifier
-
- Type: string
The control identifier of the enabled control. For information on how to find the
controlIdentifier
, see the overview page. - driftStatusSummary
-
- Type: DriftStatusSummary structure
The drift status of the enabled control.
- parameters
-
- Type: Array of EnabledControlParameterSummary structures
Array of
EnabledControlParameter
objects. - statusSummary
-
- Type: EnablementStatusSummary structure
The deployment summary of the enabled control.
- targetIdentifier
-
- Type: string
The ARN of the organizational unit. For information on how to find the
targetIdentifier
, see the overview page. - targetRegions
-
- Type: Array of Region structures
Target Amazon Web Services Regions for the enabled control.
EnabledControlFilter
Description
A structure that returns a set of control identifiers, the control status for each control in the set, and the drift status for each control in the set.
Members
- controlIdentifiers
-
- Type: Array of strings
The set of
controlIdentifier
returned by the filter. - driftStatuses
-
- Type: Array of strings
A list of
DriftStatus
items. - statuses
-
- Type: Array of strings
A list of
EnablementStatus
items.
EnabledControlParameter
Description
A key/value pair, where Key
is of type String
and Value
is of type Document
.
Members
- key
-
- Required: Yes
- Type: string
The key of a key/value pair.
- value
-
- Required: Yes
- Type: document (null|bool|string|numeric) or an (array|associative array) whose members are all valid documents
The value of a key/value pair.
EnabledControlParameterSummary
Description
Returns a summary of information about the parameters of an enabled control.
Members
- key
-
- Required: Yes
- Type: string
The key of a key/value pair.
- value
-
- Required: Yes
- Type: document (null|bool|string|numeric) or an (array|associative array) whose members are all valid documents
The value of a key/value pair.
EnabledControlSummary
Description
Returns a summary of information about an enabled control.
Members
- arn
-
- Type: string
The ARN of the enabled control.
- controlIdentifier
-
- Type: string
The
controlIdentifier
of the enabled control. - driftStatusSummary
-
- Type: DriftStatusSummary structure
The drift status of the enabled control.
- statusSummary
-
- Type: EnablementStatusSummary structure
A short description of the status of the enabled control.
- targetIdentifier
-
- Type: string
The ARN of the organizational unit.
EnablementStatusSummary
Description
The deployment summary of an EnabledControl
or EnabledBaseline
resource.
Members
- lastOperationIdentifier
-
- Type: string
The last operation identifier for the enabled resource.
- status
-
- Type: string
The deployment status of the enabled resource.
Valid values:
-
SUCCEEDED
: TheEnabledControl
orEnabledBaseline
configuration was deployed successfully. -
UNDER_CHANGE
: TheEnabledControl
orEnabledBaseline
configuration is changing. -
FAILED
: TheEnabledControl
orEnabledBaseline
configuration failed to deploy.
InternalServerException
Description
An unexpected error occurred during processing of a request.
Members
- message
-
- Required: Yes
- Type: string
LandingZoneDetail
Description
Information about the landing zone.
Members
- arn
-
- Type: string
The ARN of the landing zone.
- driftStatus
-
- Type: LandingZoneDriftStatusSummary structure
The drift status of the landing zone.
- latestAvailableVersion
-
- Type: string
The latest available version of the landing zone.
- manifest
-
- Required: Yes
- Type: document (null|bool|string|numeric) or an (array|associative array) whose members are all valid documents
The landing zone manifest JSON text file that specifies the landing zone configurations.
- status
-
- Type: string
The landing zone deployment status. One of
ACTIVE
,PROCESSING
,FAILED
. - version
-
- Required: Yes
- Type: string
The landing zone's current deployed version.
LandingZoneDriftStatusSummary
Description
The drift status summary of the landing zone.
If the landing zone differs from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the landing zone.
Members
- status
-
- Type: string
The drift status of the landing zone.
Valid values:
-
DRIFTED
: The landing zone deployed in this configuration does not match the configuration that Amazon Web Services Control Tower expected. -
IN_SYNC
: The landing zone deployed in this configuration matches the configuration that Amazon Web Services Control Tower expected.
LandingZoneOperationDetail
Description
Information about a landing zone operation.
Members
- endTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The landing zone operation end time.
- operationIdentifier
-
- Type: string
The
operationIdentifier
of the landing zone operation. - operationType
-
- Type: string
The landing zone operation type.
Valid values:
-
DELETE
: TheDeleteLandingZone
operation. -
CREATE
: TheCreateLandingZone
operation. -
UPDATE
: TheUpdateLandingZone
operation. -
RESET
: TheResetLandingZone
operation.
- startTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The landing zone operation start time.
- status
-
- Type: string
Valid values:
-
SUCCEEDED
: The landing zone operation succeeded. -
IN_PROGRESS
: The landing zone operation is in progress. -
FAILED
: The landing zone operation failed.
- statusMessage
-
- Type: string
If the operation result is FAILED, this string contains a message explaining why the operation failed.
LandingZoneOperationFilter
Description
A filter object that lets you call ListLandingZoneOperations
with a specific filter.
Members
- statuses
-
- Type: Array of strings
The statuses of the set of landing zone operations selected by the filter.
- types
-
- Type: Array of strings
The set of landing zone operation types selected by the filter.
LandingZoneOperationSummary
Description
Returns a summary of information about a landing zone operation.
Members
- operationIdentifier
-
- Type: string
The
operationIdentifier
of the landing zone operation. - operationType
-
- Type: string
The type of the landing zone operation.
- status
-
- Type: string
The status of the landing zone operation.
LandingZoneSummary
Description
Returns a summary of information about a landing zone.
Members
- arn
-
- Type: string
The ARN of the landing zone.
Manifest
Members
Region
Description
An Amazon Web Services Region in which Amazon Web Services Control Tower expects to find the control deployed.
The expected Regions are based on the Regions that are governed by the landing zone. In certain cases, a control is not actually enabled in the Region as expected, such as during drift, or mixed governance.
Members
- name
-
- Type: string
The Amazon Web Services Region name.
ResourceNotFoundException
Description
The request references a resource that does not exist.
Members
- message
-
- Required: Yes
- Type: string
ServiceQuotaExceededException
Description
The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.
Members
- message
-
- Required: Yes
- Type: string
ThrottlingException
Description
The request was denied due to request throttling.
Members
- message
-
- Required: Yes
- Type: string
- quotaCode
-
- Type: string
The ID of the service quota that was exceeded.
- retryAfterSeconds
-
- Type: int
The number of seconds the caller should wait before retrying.
- serviceCode
-
- Type: string
The ID of the service that is associated with the error.
ValidationException
Description
The input does not satisfy the constraints specified by an Amazon Web Services service.
Members
- message
-
- Required: Yes
- Type: string