1{ 2 "version":"2.0", 3 "metadata":{ 4 "apiVersion":"2018-05-10", 5 "endpointPrefix":"controltower", 6 "jsonVersion":"1.1", 7 "protocol":"rest-json", 8 "serviceFullName":"AWS Control Tower", 9 "serviceId":"ControlTower", 10 "signatureVersion":"v4", 11 "signingName":"controltower", 12 "uid":"controltower-2018-05-10" 13 }, 14 "operations":{ 15 "CreateLandingZone":{ 16 "name":"CreateLandingZone", 17 "http":{ 18 "method":"POST", 19 "requestUri":"/create-landingzone", 20 "responseCode":200 21 }, 22 "input":{"shape":"CreateLandingZoneInput"}, 23 "output":{"shape":"CreateLandingZoneOutput"}, 24 "errors":[ 25 {"shape":"ValidationException"}, 26 {"shape":"ConflictException"}, 27 {"shape":"InternalServerException"}, 28 {"shape":"AccessDeniedException"}, 29 {"shape":"ThrottlingException"} 30 ], 31 "documentation":"<p>Creates a new landing zone. This API call starts an asynchronous operation that creates and configures a landing zone, based on the parameters specified in the manifest JSON file.</p>" 32 }, 33 "DeleteLandingZone":{ 34 "name":"DeleteLandingZone", 35 "http":{ 36 "method":"POST", 37 "requestUri":"/delete-landingzone", 38 "responseCode":200 39 }, 40 "input":{"shape":"DeleteLandingZoneInput"}, 41 "output":{"shape":"DeleteLandingZoneOutput"}, 42 "errors":[ 43 {"shape":"ValidationException"}, 44 {"shape":"ConflictException"}, 45 {"shape":"InternalServerException"}, 46 {"shape":"AccessDeniedException"}, 47 {"shape":"ThrottlingException"}, 48 {"shape":"ResourceNotFoundException"} 49 ], 50 "documentation":"<p>Decommissions a landing zone. This API call starts an asynchronous operation that deletes Amazon Web Services Control Tower resources deployed in accounts managed by Amazon Web Services Control Tower.</p>", 51 "idempotent":true 52 }, 53 "DisableBaseline":{ 54 "name":"DisableBaseline", 55 "http":{ 56 "method":"POST", 57 "requestUri":"/disable-baseline", 58 "responseCode":200 59 }, 60 "input":{"shape":"DisableBaselineInput"}, 61 "output":{"shape":"DisableBaselineOutput"}, 62 "errors":[ 63 {"shape":"ValidationException"}, 64 {"shape":"ConflictException"}, 65 {"shape":"ServiceQuotaExceededException"}, 66 {"shape":"InternalServerException"}, 67 {"shape":"AccessDeniedException"}, 68 {"shape":"ThrottlingException"}, 69 {"shape":"ResourceNotFoundException"} 70 ], 71 "documentation":"<p>Disable an <code>EnabledBaseline</code> resource on the specified Target. This API starts an asynchronous operation to remove all resources deployed as part of the baseline enablement. The resource will vary depending on the enabled baseline.</p>", 72 "idempotent":true 73 }, 74 "DisableControl":{ 75 "name":"DisableControl", 76 "http":{ 77 "method":"POST", 78 "requestUri":"/disable-control", 79 "responseCode":200 80 }, 81 "input":{"shape":"DisableControlInput"}, 82 "output":{"shape":"DisableControlOutput"}, 83 "errors":[ 84 {"shape":"ValidationException"}, 85 {"shape":"ConflictException"}, 86 {"shape":"ServiceQuotaExceededException"}, 87 {"shape":"InternalServerException"}, 88 {"shape":"AccessDeniedException"}, 89 {"shape":"ThrottlingException"}, 90 {"shape":"ResourceNotFoundException"} 91 ], 92 "documentation":"<p>This API call turns off a control. It starts an asynchronous operation that deletes AWS resources on the specified organizational unit and the accounts it contains. The resources will vary according to the control that you specify. For usage examples, see <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html\"> <i>the Amazon Web Services Control Tower User Guide</i> </a>.</p>" 93 }, 94 "EnableBaseline":{ 95 "name":"EnableBaseline", 96 "http":{ 97 "method":"POST", 98 "requestUri":"/enable-baseline", 99 "responseCode":200 100 }, 101 "input":{"shape":"EnableBaselineInput"}, 102 "output":{"shape":"EnableBaselineOutput"}, 103 "errors":[ 104 {"shape":"ValidationException"}, 105 {"shape":"ConflictException"}, 106 {"shape":"ServiceQuotaExceededException"}, 107 {"shape":"InternalServerException"}, 108 {"shape":"AccessDeniedException"}, 109 {"shape":"ThrottlingException"}, 110 {"shape":"ResourceNotFoundException"} 111 ], 112 "documentation":"<p>Enable (apply) a <code>Baseline</code> to a Target. This API starts an asynchronous operation to deploy resources specified by the <code>Baseline</code> to the specified Target.</p>" 113 }, 114 "EnableControl":{ 115 "name":"EnableControl", 116 "http":{ 117 "method":"POST", 118 "requestUri":"/enable-control", 119 "responseCode":200 120 }, 121 "input":{"shape":"EnableControlInput"}, 122 "output":{"shape":"EnableControlOutput"}, 123 "errors":[ 124 {"shape":"ValidationException"}, 125 {"shape":"ConflictException"}, 126 {"shape":"ServiceQuotaExceededException"}, 127 {"shape":"InternalServerException"}, 128 {"shape":"AccessDeniedException"}, 129 {"shape":"ThrottlingException"}, 130 {"shape":"ResourceNotFoundException"} 131 ], 132 "documentation":"<p>This API call activates a control. It starts an asynchronous operation that creates Amazon Web Services resources on the specified organizational unit and the accounts it contains. The resources created will vary according to the control that you specify. For usage examples, see <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html\"> <i>the Amazon Web Services Control Tower User Guide</i> </a>.</p>" 133 }, 134 "GetBaseline":{ 135 "name":"GetBaseline", 136 "http":{ 137 "method":"POST", 138 "requestUri":"/get-baseline", 139 "responseCode":200 140 }, 141 "input":{"shape":"GetBaselineInput"}, 142 "output":{"shape":"GetBaselineOutput"}, 143 "errors":[ 144 {"shape":"ValidationException"}, 145 {"shape":"InternalServerException"}, 146 {"shape":"AccessDeniedException"}, 147 {"shape":"ThrottlingException"}, 148 {"shape":"ResourceNotFoundException"} 149 ], 150 "documentation":"<p>Retrieve details about an existing <code>Baseline</code> resource by specifying its identifier.</p>" 151 }, 152 "GetBaselineOperation":{ 153 "name":"GetBaselineOperation", 154 "http":{ 155 "method":"POST", 156 "requestUri":"/get-baseline-operation", 157 "responseCode":200 158 }, 159 "input":{"shape":"GetBaselineOperationInput"}, 160 "output":{"shape":"GetBaselineOperationOutput"}, 161 "errors":[ 162 {"shape":"ValidationException"}, 163 {"shape":"InternalServerException"}, 164 {"shape":"AccessDeniedException"}, 165 {"shape":"ThrottlingException"}, 166 {"shape":"ResourceNotFoundException"} 167 ], 168 "documentation":"<p>Returns the details of an asynchronous baseline operation, as initiated by any of these APIs: <code>EnableBaseline</code>, <code>DisableBaseline</code>, <code>UpdateEnabledBaseline</code>, <code>ResetEnabledBaseline</code>. A status message is displayed in case of operation failure.</p>" 169 }, 170 "GetControlOperation":{ 171 "name":"GetControlOperation", 172 "http":{ 173 "method":"POST", 174 "requestUri":"/get-control-operation", 175 "responseCode":200 176 }, 177 "input":{"shape":"GetControlOperationInput"}, 178 "output":{"shape":"GetControlOperationOutput"}, 179 "errors":[ 180 {"shape":"ValidationException"}, 181 {"shape":"InternalServerException"}, 182 {"shape":"AccessDeniedException"}, 183 {"shape":"ThrottlingException"}, 184 {"shape":"ResourceNotFoundException"} 185 ], 186 "documentation":"<p>Returns the status of a particular <code>EnableControl</code> or <code>DisableControl</code> operation. Displays a message in case of error. Details for an operation are available for 90 days. For usage examples, see <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html\"> <i>the Amazon Web Services Control Tower User Guide</i> </a>.</p>" 187 }, 188 "GetEnabledBaseline":{ 189 "name":"GetEnabledBaseline", 190 "http":{ 191 "method":"POST", 192 "requestUri":"/get-enabled-baseline", 193 "responseCode":200 194 }, 195 "input":{"shape":"GetEnabledBaselineInput"}, 196 "output":{"shape":"GetEnabledBaselineOutput"}, 197 "errors":[ 198 {"shape":"ValidationException"}, 199 {"shape":"InternalServerException"}, 200 {"shape":"AccessDeniedException"}, 201 {"shape":"ThrottlingException"}, 202 {"shape":"ResourceNotFoundException"} 203 ], 204 "documentation":"<p>Retrieve details of an <code>EnabledBaseline</code> resource by specifying its identifier.</p>" 205 }, 206 "GetEnabledControl":{ 207 "name":"GetEnabledControl", 208 "http":{ 209 "method":"POST", 210 "requestUri":"/get-enabled-control", 211 "responseCode":200 212 }, 213 "input":{"shape":"GetEnabledControlInput"}, 214 "output":{"shape":"GetEnabledControlOutput"}, 215 "errors":[ 216 {"shape":"ValidationException"}, 217 {"shape":"InternalServerException"}, 218 {"shape":"AccessDeniedException"}, 219 {"shape":"ThrottlingException"}, 220 {"shape":"ResourceNotFoundException"} 221 ], 222 "documentation":"<p>Retrieves details about an enabled control. For usage examples, see <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html\"> <i>the Amazon Web Services Control Tower User Guide</i> </a>.</p>" 223 }, 224 "GetLandingZone":{ 225 "name":"GetLandingZone", 226 "http":{ 227 "method":"POST", 228 "requestUri":"/get-landingzone", 229 "responseCode":200 230 }, 231 "input":{"shape":"GetLandingZoneInput"}, 232 "output":{"shape":"GetLandingZoneOutput"}, 233 "errors":[ 234 {"shape":"ValidationException"}, 235 {"shape":"InternalServerException"}, 236 {"shape":"AccessDeniedException"}, 237 {"shape":"ThrottlingException"}, 238 {"shape":"ResourceNotFoundException"} 239 ], 240 "documentation":"<p>Returns details about the landing zone. Displays a message in case of error.</p>" 241 }, 242 "GetLandingZoneOperation":{ 243 "name":"GetLandingZoneOperation", 244 "http":{ 245 "method":"POST", 246 "requestUri":"/get-landingzone-operation", 247 "responseCode":200 248 }, 249 "input":{"shape":"GetLandingZoneOperationInput"}, 250 "output":{"shape":"GetLandingZoneOperationOutput"}, 251 "errors":[ 252 {"shape":"ValidationException"}, 253 {"shape":"InternalServerException"}, 254 {"shape":"AccessDeniedException"}, 255 {"shape":"ThrottlingException"}, 256 {"shape":"ResourceNotFoundException"} 257 ], 258 "documentation":"<p>Returns the status of the specified landing zone operation. Details for an operation are available for 60 days.</p>" 259 }, 260 "ListBaselines":{ 261 "name":"ListBaselines", 262 "http":{ 263 "method":"POST", 264 "requestUri":"/list-baselines", 265 "responseCode":200 266 }, 267 "input":{"shape":"ListBaselinesInput"}, 268 "output":{"shape":"ListBaselinesOutput"}, 269 "errors":[ 270 {"shape":"ValidationException"}, 271 {"shape":"InternalServerException"}, 272 {"shape":"AccessDeniedException"}, 273 {"shape":"ThrottlingException"} 274 ], 275 "documentation":"<p>Returns a summary list of all available baselines.</p>" 276 }, 277 "ListEnabledBaselines":{ 278 "name":"ListEnabledBaselines", 279 "http":{ 280 "method":"POST", 281 "requestUri":"/list-enabled-baselines", 282 "responseCode":200 283 }, 284 "input":{"shape":"ListEnabledBaselinesInput"}, 285 "output":{"shape":"ListEnabledBaselinesOutput"}, 286 "errors":[ 287 {"shape":"ValidationException"}, 288 {"shape":"InternalServerException"}, 289 {"shape":"AccessDeniedException"}, 290 {"shape":"ThrottlingException"} 291 ], 292 "documentation":"<p>Returns a list of summaries describing <code>EnabledBaseline</code> resources. You can filter the list by the corresponding <code>Baseline</code> or <code>Target</code> of the <code>EnabledBaseline</code> resources.</p>" 293 }, 294 "ListEnabledControls":{ 295 "name":"ListEnabledControls", 296 "http":{ 297 "method":"POST", 298 "requestUri":"/list-enabled-controls", 299 "responseCode":200 300 }, 301 "input":{"shape":"ListEnabledControlsInput"}, 302 "output":{"shape":"ListEnabledControlsOutput"}, 303 "errors":[ 304 {"shape":"ValidationException"}, 305 {"shape":"InternalServerException"}, 306 {"shape":"AccessDeniedException"}, 307 {"shape":"ThrottlingException"}, 308 {"shape":"ResourceNotFoundException"} 309 ], 310 "documentation":"<p>Lists the controls enabled by Amazon Web Services Control Tower on the specified organizational unit and the accounts it contains. For usage examples, see <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html\"> <i>the Amazon Web Services Control Tower User Guide</i> </a>.</p>" 311 }, 312 "ListLandingZones":{ 313 "name":"ListLandingZones", 314 "http":{ 315 "method":"POST", 316 "requestUri":"/list-landingzones", 317 "responseCode":200 318 }, 319 "input":{"shape":"ListLandingZonesInput"}, 320 "output":{"shape":"ListLandingZonesOutput"}, 321 "errors":[ 322 {"shape":"ValidationException"}, 323 {"shape":"InternalServerException"}, 324 {"shape":"AccessDeniedException"}, 325 {"shape":"ThrottlingException"} 326 ], 327 "documentation":"<p>Returns the landing zone ARN for the landing zone deployed in your managed account. This API also creates an ARN for existing accounts that do not yet have a landing zone ARN. </p> <p>Returns one landing zone ARN.</p>" 328 }, 329 "ListTagsForResource":{ 330 "name":"ListTagsForResource", 331 "http":{ 332 "method":"GET", 333 "requestUri":"/tags/{resourceArn}", 334 "responseCode":200 335 }, 336 "input":{"shape":"ListTagsForResourceInput"}, 337 "output":{"shape":"ListTagsForResourceOutput"}, 338 "errors":[ 339 {"shape":"ValidationException"}, 340 {"shape":"InternalServerException"}, 341 {"shape":"ResourceNotFoundException"} 342 ], 343 "documentation":"<p>Returns a list of tags associated with the resource. For usage examples, see <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html\"> <i>the Amazon Web Services Control Tower User Guide</i> </a>.</p>" 344 }, 345 "ResetEnabledBaseline":{ 346 "name":"ResetEnabledBaseline", 347 "http":{ 348 "method":"POST", 349 "requestUri":"/reset-enabled-baseline", 350 "responseCode":200 351 }, 352 "input":{"shape":"ResetEnabledBaselineInput"}, 353 "output":{"shape":"ResetEnabledBaselineOutput"}, 354 "errors":[ 355 {"shape":"ValidationException"}, 356 {"shape":"ConflictException"}, 357 {"shape":"ServiceQuotaExceededException"}, 358 {"shape":"InternalServerException"}, 359 {"shape":"AccessDeniedException"}, 360 {"shape":"ThrottlingException"}, 361 {"shape":"ResourceNotFoundException"} 362 ], 363 "documentation":"<p>Re-enables an <code>EnabledBaseline</code> resource. For example, this API can re-apply the existing <code>Baseline</code> after a new member account is moved to the target OU.</p>" 364 }, 365 "ResetLandingZone":{ 366 "name":"ResetLandingZone", 367 "http":{ 368 "method":"POST", 369 "requestUri":"/reset-landingzone", 370 "responseCode":200 371 }, 372 "input":{"shape":"ResetLandingZoneInput"}, 373 "output":{"shape":"ResetLandingZoneOutput"}, 374 "errors":[ 375 {"shape":"ValidationException"}, 376 {"shape":"ConflictException"}, 377 {"shape":"InternalServerException"}, 378 {"shape":"AccessDeniedException"}, 379 {"shape":"ThrottlingException"}, 380 {"shape":"ResourceNotFoundException"} 381 ], 382 "documentation":"<p>This API call resets a landing zone. It starts an asynchronous operation that resets the landing zone to the parameters specified in its original configuration.</p>" 383 }, 384 "TagResource":{ 385 "name":"TagResource", 386 "http":{ 387 "method":"POST", 388 "requestUri":"/tags/{resourceArn}", 389 "responseCode":204 390 }, 391 "input":{"shape":"TagResourceInput"}, 392 "output":{"shape":"TagResourceOutput"}, 393 "errors":[ 394 {"shape":"ValidationException"}, 395 {"shape":"InternalServerException"}, 396 {"shape":"ResourceNotFoundException"} 397 ], 398 "documentation":"<p>Applies tags to a resource. For usage examples, see <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html\"> <i>the Amazon Web Services Control Tower User Guide</i> </a>.</p>" 399 }, 400 "UntagResource":{ 401 "name":"UntagResource", 402 "http":{ 403 "method":"DELETE", 404 "requestUri":"/tags/{resourceArn}", 405 "responseCode":204 406 }, 407 "input":{"shape":"UntagResourceInput"}, 408 "output":{"shape":"UntagResourceOutput"}, 409 "errors":[ 410 {"shape":"ValidationException"}, 411 {"shape":"InternalServerException"}, 412 {"shape":"ResourceNotFoundException"} 413 ], 414 "documentation":"<p>Removes tags from a resource. For usage examples, see <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html\"> <i>the Amazon Web Services Control Tower User Guide</i> </a>.</p>" 415 }, 416 "UpdateEnabledBaseline":{ 417 "name":"UpdateEnabledBaseline", 418 "http":{ 419 "method":"POST", 420 "requestUri":"/update-enabled-baseline", 421 "responseCode":200 422 }, 423 "input":{"shape":"UpdateEnabledBaselineInput"}, 424 "output":{"shape":"UpdateEnabledBaselineOutput"}, 425 "errors":[ 426 {"shape":"ValidationException"}, 427 {"shape":"ConflictException"}, 428 {"shape":"ServiceQuotaExceededException"}, 429 {"shape":"InternalServerException"}, 430 {"shape":"AccessDeniedException"}, 431 {"shape":"ThrottlingException"}, 432 {"shape":"ResourceNotFoundException"} 433 ], 434 "documentation":"<p>Updates an <code>EnabledBaseline</code> resource's applied parameters or version.</p>" 435 }, 436 "UpdateEnabledControl":{ 437 "name":"UpdateEnabledControl", 438 "http":{ 439 "method":"POST", 440 "requestUri":"/update-enabled-control", 441 "responseCode":200 442 }, 443 "input":{"shape":"UpdateEnabledControlInput"}, 444 "output":{"shape":"UpdateEnabledControlOutput"}, 445 "errors":[ 446 {"shape":"ValidationException"}, 447 {"shape":"ConflictException"}, 448 {"shape":"ServiceQuotaExceededException"}, 449 {"shape":"InternalServerException"}, 450 {"shape":"AccessDeniedException"}, 451 {"shape":"ThrottlingException"}, 452 {"shape":"ResourceNotFoundException"} 453 ], 454 "documentation":"<p> Updates the configuration of an already enabled control.</p> <p>If the enabled control shows an <code>EnablementStatus</code> of SUCCEEDED, supply parameters that are different from the currently configured parameters. Otherwise, Amazon Web Services Control Tower will not accept the request.</p> <p>If the enabled control shows an <code>EnablementStatus</code> of FAILED, Amazon Web Services Control Tower will update the control to match any valid parameters that you supply.</p> <p>If the <code>DriftSummary</code> status for the control shows as DRIFTED, you cannot call this API. Instead, you can update the control by calling <code>DisableControl</code> and again calling <code>EnableControl</code>, or you can run an extending governance operation. For usage examples, see <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html\"> <i>the Amazon Web Services Control Tower User Guide</i> </a> </p>" 455 }, 456 "UpdateLandingZone":{ 457 "name":"UpdateLandingZone", 458 "http":{ 459 "method":"POST", 460 "requestUri":"/update-landingzone", 461 "responseCode":200 462 }, 463 "input":{"shape":"UpdateLandingZoneInput"}, 464 "output":{"shape":"UpdateLandingZoneOutput"}, 465 "errors":[ 466 {"shape":"ValidationException"}, 467 {"shape":"ConflictException"}, 468 {"shape":"InternalServerException"}, 469 {"shape":"AccessDeniedException"}, 470 {"shape":"ThrottlingException"}, 471 {"shape":"ResourceNotFoundException"} 472 ], 473 "documentation":"<p>This API call updates the landing zone. It starts an asynchronous operation that updates the landing zone based on the new landing zone version, or on the changed parameters specified in the updated manifest file. </p>" 474 } 475 }, 476 "shapes":{ 477 "AccessDeniedException":{ 478 "type":"structure", 479 "required":["message"], 480 "members":{ 481 "message":{"shape":"String"} 482 }, 483 "documentation":"<p>You do not have sufficient access to perform this action.</p>", 484 "error":{ 485 "httpStatusCode":403, 486 "senderFault":true 487 }, 488 "exception":true 489 }, 490 "Arn":{ 491 "type":"string", 492 "max":2048, 493 "min":20, 494 "pattern":"^arn:aws[0-9a-zA-Z_\\-:\\/]+$" 495 }, 496 "BaselineArn":{ 497 "type":"string", 498 "pattern":"^arn:[a-z-]+:controltower:[a-z0-9-]*:[0-9]{0,12}:baseline/[A-Z0-9]{16}$" 499 }, 500 "BaselineOperation":{ 501 "type":"structure", 502 "members":{ 503 "endTime":{ 504 "shape":"Timestamp", 505 "documentation":"<p>The end time of the operation (if applicable), in ISO 8601 format.</p>" 506 }, 507 "operationIdentifier":{ 508 "shape":"OperationIdentifier", 509 "documentation":"<p>The identifier of the specified operation.</p>" 510 }, 511 "operationType":{ 512 "shape":"BaselineOperationType", 513 "documentation":"<p>An enumerated type (<code>enum</code>) with possible values of <code>ENABLE_BASELINE</code>, <code>DISABLE_BASELINE</code>, <code>UPDATE_ENABLED_BASELINE</code>, or <code>RESET_ENABLED_BASELINE</code>.</p>" 514 }, 515 "startTime":{ 516 "shape":"Timestamp", 517 "documentation":"<p>The start time of the operation, in ISO 8601 format.</p>" 518 }, 519 "status":{ 520 "shape":"BaselineOperationStatus", 521 "documentation":"<p>An enumerated type (<code>enum</code>) with possible values of <code>SUCCEEDED</code>, <code>FAILED</code>, or <code>IN_PROGRESS</code>.</p>" 522 }, 523 "statusMessage":{ 524 "shape":"String", 525 "documentation":"<p>A status message that gives more information about the operation's status, if applicable.</p>" 526 } 527 }, 528 "documentation":"<p>An object of shape <code>BaselineOperation</code>, returning details about the specified <code>Baseline</code> operation ID.</p>" 529 }, 530 "BaselineOperationStatus":{ 531 "type":"string", 532 "enum":[ 533 "SUCCEEDED", 534 "FAILED", 535 "IN_PROGRESS" 536 ] 537 }, 538 "BaselineOperationType":{ 539 "type":"string", 540 "enum":[ 541 "ENABLE_BASELINE", 542 "DISABLE_BASELINE", 543 "UPDATE_ENABLED_BASELINE", 544 "RESET_ENABLED_BASELINE" 545 ] 546 }, 547 "BaselineSummary":{ 548 "type":"structure", 549 "required":[ 550 "arn", 551 "name" 552 ], 553 "members":{ 554 "arn":{ 555 "shape":"String", 556 "documentation":"<p>The full ARN of a Baseline.</p>" 557 }, 558 "description":{ 559 "shape":"String", 560 "documentation":"<p>A summary description of a Baseline.</p>" 561 }, 562 "name":{ 563 "shape":"String", 564 "documentation":"<p>The human-readable name of a Baseline.</p>" 565 } 566 }, 567 "documentation":"<p>Returns a summary of information about a <code>Baseline</code> object.</p>" 568 }, 569 "BaselineVersion":{ 570 "type":"string", 571 "max":10, 572 "min":1, 573 "pattern":"^\\d+(?:\\.\\d+){0,2}$" 574 }, 575 "Baselines":{ 576 "type":"list", 577 "member":{"shape":"BaselineSummary"} 578 }, 579 "ConflictException":{ 580 "type":"structure", 581 "required":["message"], 582 "members":{ 583 "message":{"shape":"String"} 584 }, 585 "documentation":"<p>Updating or deleting the resource can cause an inconsistent state.</p>", 586 "error":{ 587 "httpStatusCode":409, 588 "senderFault":true 589 }, 590 "exception":true 591 }, 592 "ControlIdentifier":{ 593 "type":"string", 594 "max":2048, 595 "min":20, 596 "pattern":"^arn:aws[0-9a-zA-Z_\\-:\\/]+$" 597 }, 598 "ControlOperation":{ 599 "type":"structure", 600 "members":{ 601 "endTime":{ 602 "shape":"SyntheticTimestamp_date_time", 603 "documentation":"<p>The time that the operation finished.</p>" 604 }, 605 "operationType":{ 606 "shape":"ControlOperationType", 607 "documentation":"<p>One of <code>ENABLE_CONTROL</code> or <code>DISABLE_CONTROL</code>.</p>" 608 }, 609 "startTime":{ 610 "shape":"SyntheticTimestamp_date_time", 611 "documentation":"<p>The time that the operation began.</p>" 612 }, 613 "status":{ 614 "shape":"ControlOperationStatus", 615 "documentation":"<p>One of <code>IN_PROGRESS</code>, <code>SUCEEDED</code>, or <code>FAILED</code>.</p>" 616 }, 617 "statusMessage":{ 618 "shape":"String", 619 "documentation":"<p>If the operation result is <code>FAILED</code>, this string contains a message explaining why the operation failed.</p>" 620 } 621 }, 622 "documentation":"<p>An operation performed by the control.</p>" 623 }, 624 "ControlOperationStatus":{ 625 "type":"string", 626 "enum":[ 627 "SUCCEEDED", 628 "FAILED", 629 "IN_PROGRESS" 630 ] 631 }, 632 "ControlOperationType":{ 633 "type":"string", 634 "enum":[ 635 "ENABLE_CONTROL", 636 "DISABLE_CONTROL", 637 "UPDATE_ENABLED_CONTROL" 638 ] 639 }, 640 "CreateLandingZoneInput":{ 641 "type":"structure", 642 "required":[ 643 "manifest", 644 "version" 645 ], 646 "members":{ 647 "manifest":{ 648 "shape":"Manifest", 649 "documentation":"<p>The manifest.yaml file is a text file that describes your Amazon Web Services resources. For examples, review <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/the-manifest-file\">The manifest file</a>. </p>" 650 }, 651 "tags":{ 652 "shape":"TagMap", 653 "documentation":"<p>Tags to be applied to the landing zone. </p>" 654 }, 655 "version":{ 656 "shape":"LandingZoneVersion", 657 "documentation":"<p>The landing zone version, for example, 3.0.</p>" 658 } 659 } 660 }, 661 "CreateLandingZoneOutput":{ 662 "type":"structure", 663 "required":[ 664 "arn", 665 "operationIdentifier" 666 ], 667 "members":{ 668 "arn":{ 669 "shape":"Arn", 670 "documentation":"<p>The ARN of the landing zone resource.</p>" 671 }, 672 "operationIdentifier":{ 673 "shape":"OperationIdentifier", 674 "documentation":"<p>A unique identifier assigned to a <code>CreateLandingZone</code> operation. You can use this identifier as an input of <code>GetLandingZoneOperation</code> to check the operation's status.</p>" 675 } 676 } 677 }, 678 "DeleteLandingZoneInput":{ 679 "type":"structure", 680 "required":["landingZoneIdentifier"], 681 "members":{ 682 "landingZoneIdentifier":{ 683 "shape":"String", 684 "documentation":"<p>The unique identifier of the landing zone.</p>" 685 } 686 } 687 }, 688 "DeleteLandingZoneOutput":{ 689 "type":"structure", 690 "required":["operationIdentifier"], 691 "members":{ 692 "operationIdentifier":{ 693 "shape":"OperationIdentifier", 694 "documentation":"<p>>A unique identifier assigned to a <code>DeleteLandingZone</code> operation. You can use this identifier as an input parameter of <code>GetLandingZoneOperation</code> to check the operation's status.</p>" 695 } 696 } 697 }, 698 "DisableBaselineInput":{ 699 "type":"structure", 700 "required":["enabledBaselineIdentifier"], 701 "members":{ 702 "enabledBaselineIdentifier":{ 703 "shape":"Arn", 704 "documentation":"<p>Identifier of the <code>EnabledBaseline</code> resource to be deactivated, in ARN format.</p>" 705 } 706 } 707 }, 708 "DisableBaselineOutput":{ 709 "type":"structure", 710 "required":["operationIdentifier"], 711 "members":{ 712 "operationIdentifier":{ 713 "shape":"OperationIdentifier", 714 "documentation":"<p>The ID (in UUID format) of the asynchronous <code>DisableBaseline</code> operation. This <code>operationIdentifier</code> is used to track status through calls to the <code>GetBaselineOperation</code> API.</p>" 715 } 716 } 717 }, 718 "DisableControlInput":{ 719 "type":"structure", 720 "required":[ 721 "controlIdentifier", 722 "targetIdentifier" 723 ], 724 "members":{ 725 "controlIdentifier":{ 726 "shape":"ControlIdentifier", 727 "documentation":"<p>The ARN of the control. Only <b>Strongly recommended</b> and <b>Elective</b> controls are permitted, with the exception of the <b>Region deny</b> control. For information on how to find the <code>controlIdentifier</code>, see <a href=\"https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html\">the overview page</a>.</p>" 728 }, 729 "targetIdentifier":{ 730 "shape":"TargetIdentifier", 731 "documentation":"<p>The ARN of the organizational unit. For information on how to find the <code>targetIdentifier</code>, see <a href=\"https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html\">the overview page</a>.</p>" 732 } 733 } 734 }, 735 "DisableControlOutput":{ 736 "type":"structure", 737 "required":["operationIdentifier"], 738 "members":{ 739 "operationIdentifier":{ 740 "shape":"OperationIdentifier", 741 "documentation":"<p>The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.</p>" 742 } 743 } 744 }, 745 "Document":{ 746 "type":"structure", 747 "members":{ 748 }, 749 "document":true 750 }, 751 "DriftStatus":{ 752 "type":"string", 753 "enum":[ 754 "DRIFTED", 755 "IN_SYNC", 756 "NOT_CHECKING", 757 "UNKNOWN" 758 ] 759 }, 760 "DriftStatusSummary":{ 761 "type":"structure", 762 "members":{ 763 "driftStatus":{ 764 "shape":"DriftStatus", 765 "documentation":"<p> The drift status of the enabled control.</p> <p>Valid values:</p> <ul> <li> <p> <code>DRIFTED</code>: The <code>enabledControl</code> deployed in this configuration doesn’t match the configuration that Amazon Web Services Control Tower expected. </p> </li> <li> <p> <code>IN_SYNC</code>: The <code>enabledControl</code> deployed in this configuration matches the configuration that Amazon Web Services Control Tower expected.</p> </li> <li> <p> <code>NOT_CHECKING</code>: Amazon Web Services Control Tower does not check drift for this enabled control. Drift is not supported for the control type.</p> </li> <li> <p> <code>UNKNOWN</code>: Amazon Web Services Control Tower is not able to check the drift status for the enabled control. </p> </li> </ul>" 766 } 767 }, 768 "documentation":"<p>The drift summary of the enabled control.</p> <p>Amazon Web Services Control Tower expects the enabled control configuration to include all supported and governed Regions. If the enabled control differs from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.</p>" 769 }, 770 "EnableBaselineInput":{ 771 "type":"structure", 772 "required":[ 773 "baselineIdentifier", 774 "baselineVersion", 775 "targetIdentifier" 776 ], 777 "members":{ 778 "baselineIdentifier":{ 779 "shape":"Arn", 780 "documentation":"<p>The ARN of the baseline to be enabled.</p>" 781 }, 782 "baselineVersion":{ 783 "shape":"BaselineVersion", 784 "documentation":"<p>The specific version to be enabled of the specified baseline.</p>" 785 }, 786 "parameters":{ 787 "shape":"EnabledBaselineParameters", 788 "documentation":"<p>A list of <code>key-value</code> objects that specify enablement parameters, where <code>key</code> is a string and <code>value</code> is a document of any type.</p>" 789 }, 790 "tags":{ 791 "shape":"TagMap", 792 "documentation":"<p>Tags associated with input to <code>EnableBaseline</code>.</p>" 793 }, 794 "targetIdentifier":{ 795 "shape":"Arn", 796 "documentation":"<p>The ARN of the target on which the baseline will be enabled. Only OUs are supported as targets.</p>" 797 } 798 } 799 }, 800 "EnableBaselineOutput":{ 801 "type":"structure", 802 "required":[ 803 "arn", 804 "operationIdentifier" 805 ], 806 "members":{ 807 "arn":{ 808 "shape":"Arn", 809 "documentation":"<p>The ARN of the <code>EnabledBaseline</code> resource.</p>" 810 }, 811 "operationIdentifier":{ 812 "shape":"OperationIdentifier", 813 "documentation":"<p>The ID (in UUID format) of the asynchronous <code>EnableBaseline</code> operation. This <code>operationIdentifier</code> is used to track status through calls to the <code>GetBaselineOperation</code> API.</p>" 814 } 815 } 816 }, 817 "EnableControlInput":{ 818 "type":"structure", 819 "required":[ 820 "controlIdentifier", 821 "targetIdentifier" 822 ], 823 "members":{ 824 "controlIdentifier":{ 825 "shape":"ControlIdentifier", 826 "documentation":"<p>The ARN of the control. Only <b>Strongly recommended</b> and <b>Elective</b> controls are permitted, with the exception of the <b>Region deny</b> control. For information on how to find the <code>controlIdentifier</code>, see <a href=\"https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html\">the overview page</a>.</p>" 827 }, 828 "parameters":{ 829 "shape":"EnabledControlParameters", 830 "documentation":"<p>A list of input parameter values, which are specified to configure the control when you enable it.</p>" 831 }, 832 "tags":{ 833 "shape":"TagMap", 834 "documentation":"<p>Tags to be applied to the <code>EnabledControl</code> resource.</p>" 835 }, 836 "targetIdentifier":{ 837 "shape":"TargetIdentifier", 838 "documentation":"<p>The ARN of the organizational unit. For information on how to find the <code>targetIdentifier</code>, see <a href=\"https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html\">the overview page</a>.</p>" 839 } 840 } 841 }, 842 "EnableControlOutput":{ 843 "type":"structure", 844 "required":["operationIdentifier"], 845 "members":{ 846 "arn":{ 847 "shape":"Arn", 848 "documentation":"<p>The ARN of the <code>EnabledControl</code> resource.</p>" 849 }, 850 "operationIdentifier":{ 851 "shape":"OperationIdentifier", 852 "documentation":"<p>The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.</p>" 853 } 854 } 855 }, 856 "EnabledBaselineBaselineIdentifiers":{ 857 "type":"list", 858 "member":{"shape":"Arn"}, 859 "max":5, 860 "min":1 861 }, 862 "EnabledBaselineDetails":{ 863 "type":"structure", 864 "required":[ 865 "arn", 866 "baselineIdentifier", 867 "statusSummary", 868 "targetIdentifier" 869 ], 870 "members":{ 871 "arn":{ 872 "shape":"Arn", 873 "documentation":"<p>The ARN of the <code>EnabledBaseline</code> resource.</p>" 874 }, 875 "baselineIdentifier":{ 876 "shape":"String", 877 "documentation":"<p>The specific <code>Baseline</code> enabled as part of the <code>EnabledBaseline</code> resource.</p>" 878 }, 879 "baselineVersion":{ 880 "shape":"String", 881 "documentation":"<p>The enabled version of the <code>Baseline</code>.</p>" 882 }, 883 "parameters":{ 884 "shape":"EnabledBaselineParameterSummaries", 885 "documentation":"<p>Shows the parameters that are applied when enabling this <code>Baseline</code>.</p>" 886 }, 887 "statusSummary":{"shape":"EnablementStatusSummary"}, 888 "targetIdentifier":{ 889 "shape":"String", 890 "documentation":"<p>The target on which to enable the <code>Baseline</code>.</p>" 891 } 892 }, 893 "documentation":"<p>Details of the <code>EnabledBaseline</code> resource.</p>" 894 }, 895 "EnabledBaselineFilter":{ 896 "type":"structure", 897 "members":{ 898 "baselineIdentifiers":{ 899 "shape":"EnabledBaselineBaselineIdentifiers", 900 "documentation":"<p>Identifiers for the <code>Baseline</code> objects returned as part of the filter operation.</p>" 901 }, 902 "targetIdentifiers":{ 903 "shape":"EnabledBaselineTargetIdentifiers", 904 "documentation":"<p>Identifiers for the targets of the <code>Baseline</code> filter operation.</p>" 905 } 906 }, 907 "documentation":"<p>A filter applied on the <code>ListEnabledBaseline</code> operation. Allowed filters are <code>baselineIdentifiers</code> and <code>targetIdentifiers</code>. The filter can be applied for either, or both.</p>" 908 }, 909 "EnabledBaselineParameter":{ 910 "type":"structure", 911 "required":[ 912 "key", 913 "value" 914 ], 915 "members":{ 916 "key":{ 917 "shape":"String", 918 "documentation":"<p>A string denoting the parameter key.</p>" 919 }, 920 "value":{ 921 "shape":"EnabledBaselineParameterDocument", 922 "documentation":"<p>A low-level <code>Document</code> object of any type (for example, a Java Object).</p>" 923 } 924 }, 925 "documentation":"<p>A key-value parameter to an <code>EnabledBaseline</code> resource.</p>" 926 }, 927 "EnabledBaselineParameterDocument":{ 928 "type":"structure", 929 "members":{ 930 }, 931 "document":true 932 }, 933 "EnabledBaselineParameterSummaries":{ 934 "type":"list", 935 "member":{"shape":"EnabledBaselineParameterSummary"} 936 }, 937 "EnabledBaselineParameterSummary":{ 938 "type":"structure", 939 "required":[ 940 "key", 941 "value" 942 ], 943 "members":{ 944 "key":{ 945 "shape":"String", 946 "documentation":"<p>A string denoting the parameter key.</p>" 947 }, 948 "value":{ 949 "shape":"EnabledBaselineParameterDocument", 950 "documentation":"<p>A low-level document object of any type (for example, a Java Object).</p>" 951 } 952 }, 953 "documentation":"<p>Summary of an applied parameter to an <code>EnabledBaseline</code> resource. </p>" 954 }, 955 "EnabledBaselineParameters":{ 956 "type":"list", 957 "member":{"shape":"EnabledBaselineParameter"} 958 }, 959 "EnabledBaselineSummary":{ 960 "type":"structure", 961 "required":[ 962 "arn", 963 "baselineIdentifier", 964 "statusSummary", 965 "targetIdentifier" 966 ], 967 "members":{ 968 "arn":{ 969 "shape":"Arn", 970 "documentation":"<p>The ARN of the <code>EnabledBaseline</code> resource</p>" 971 }, 972 "baselineIdentifier":{ 973 "shape":"String", 974 "documentation":"<p>The specific baseline that is enabled as part of the <code>EnabledBaseline</code> resource.</p>" 975 }, 976 "baselineVersion":{ 977 "shape":"String", 978 "documentation":"<p>The enabled version of the baseline.</p>" 979 }, 980 "statusSummary":{"shape":"EnablementStatusSummary"}, 981 "targetIdentifier":{ 982 "shape":"String", 983 "documentation":"<p>The target upon which the baseline is enabled.</p>" 984 } 985 }, 986 "documentation":"<p>Returns a summary of information about an <code>EnabledBaseline</code> object.</p>" 987 }, 988 "EnabledBaselineTargetIdentifiers":{ 989 "type":"list", 990 "member":{"shape":"Arn"}, 991 "max":5, 992 "min":1 993 }, 994 "EnabledBaselines":{ 995 "type":"list", 996 "member":{"shape":"EnabledBaselineSummary"} 997 }, 998 "EnabledControlDetails":{ 999 "type":"structure", 1000 "members":{ 1001 "arn":{ 1002 "shape":"Arn", 1003 "documentation":"<p>The ARN of the enabled control.</p>" 1004 }, 1005 "controlIdentifier":{ 1006 "shape":"ControlIdentifier", 1007 "documentation":"<p>The control identifier of the enabled control. For information on how to find the <code>controlIdentifier</code>, see <a href=\"https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html\">the overview page</a>.</p>" 1008 }, 1009 "driftStatusSummary":{ 1010 "shape":"DriftStatusSummary", 1011 "documentation":"<p>The drift status of the enabled control.</p>" 1012 }, 1013 "parameters":{ 1014 "shape":"EnabledControlParameterSummaries", 1015 "documentation":"<p>Array of <code>EnabledControlParameter</code> objects.</p>" 1016 }, 1017 "statusSummary":{ 1018 "shape":"EnablementStatusSummary", 1019 "documentation":"<p>The deployment summary of the enabled control.</p>" 1020 }, 1021 "targetIdentifier":{ 1022 "shape":"TargetIdentifier", 1023 "documentation":"<p>The ARN of the organizational unit. For information on how to find the <code>targetIdentifier</code>, see <a href=\"https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html\">the overview page</a>.</p>" 1024 }, 1025 "targetRegions":{ 1026 "shape":"TargetRegions", 1027 "documentation":"<p>Target Amazon Web Services Regions for the enabled control.</p>" 1028 } 1029 }, 1030 "documentation":"<p>Information about the enabled control.</p>" 1031 }, 1032 "EnabledControlParameter":{ 1033 "type":"structure", 1034 "required":[ 1035 "key", 1036 "value" 1037 ], 1038 "members":{ 1039 "key":{ 1040 "shape":"String", 1041 "documentation":"<p>The key of a key/value pair.</p>" 1042 }, 1043 "value":{ 1044 "shape":"Document", 1045 "documentation":"<p>The value of a key/value pair.</p>" 1046 } 1047 }, 1048 "documentation":"<p>A key/value pair, where <code>Key</code> is of type <code>String</code> and <code>Value</code> is of type <code>Document</code>.</p>" 1049 }, 1050 "EnabledControlParameterSummaries":{ 1051 "type":"list", 1052 "member":{"shape":"EnabledControlParameterSummary"} 1053 }, 1054 "EnabledControlParameterSummary":{ 1055 "type":"structure", 1056 "required":[ 1057 "key", 1058 "value" 1059 ], 1060 "members":{ 1061 "key":{ 1062 "shape":"String", 1063 "documentation":"<p>The key of a key/value pair.</p>" 1064 }, 1065 "value":{ 1066 "shape":"Document", 1067 "documentation":"<p>The value of a key/value pair.</p>" 1068 } 1069 }, 1070 "documentation":"<p>Returns a summary of information about the parameters of an enabled control.</p>" 1071 }, 1072 "EnabledControlParameters":{ 1073 "type":"list", 1074 "member":{"shape":"EnabledControlParameter"} 1075 }, 1076 "EnabledControlSummary":{ 1077 "type":"structure", 1078 "members":{ 1079 "arn":{ 1080 "shape":"Arn", 1081 "documentation":"<p>The ARN of the enabled control.</p>" 1082 }, 1083 "controlIdentifier":{ 1084 "shape":"ControlIdentifier", 1085 "documentation":"<p>The <code>controlIdentifier</code> of the enabled control.</p>" 1086 }, 1087 "driftStatusSummary":{ 1088 "shape":"DriftStatusSummary", 1089 "documentation":"<p>The drift status of the enabled control.</p>" 1090 }, 1091 "statusSummary":{ 1092 "shape":"EnablementStatusSummary", 1093 "documentation":"<p>A short description of the status of the enabled control.</p>" 1094 }, 1095 "targetIdentifier":{ 1096 "shape":"TargetIdentifier", 1097 "documentation":"<p>The ARN of the organizational unit.</p>" 1098 } 1099 }, 1100 "documentation":"<p>Returns a summary of information about an enabled control.</p>" 1101 }, 1102 "EnabledControls":{ 1103 "type":"list", 1104 "member":{"shape":"EnabledControlSummary"} 1105 }, 1106 "EnablementStatus":{ 1107 "type":"string", 1108 "enum":[ 1109 "SUCCEEDED", 1110 "FAILED", 1111 "UNDER_CHANGE" 1112 ] 1113 }, 1114 "EnablementStatusSummary":{ 1115 "type":"structure", 1116 "members":{ 1117 "lastOperationIdentifier":{ 1118 "shape":"OperationIdentifier", 1119 "documentation":"<p>The last operation identifier for the enabled control.</p>" 1120 }, 1121 "status":{ 1122 "shape":"EnablementStatus", 1123 "documentation":"<p> The deployment status of the enabled control.</p> <p>Valid values:</p> <ul> <li> <p> <code>SUCCEEDED</code>: The <code>enabledControl</code> configuration was deployed successfully.</p> </li> <li> <p> <code>UNDER_CHANGE</code>: The <code>enabledControl</code> configuration is changing. </p> </li> <li> <p> <code>FAILED</code>: The <code>enabledControl</code> configuration failed to deploy.</p> </li> </ul>" 1124 } 1125 }, 1126 "documentation":"<p>The deployment summary of the enabled control.</p>" 1127 }, 1128 "GetBaselineInput":{ 1129 "type":"structure", 1130 "required":["baselineIdentifier"], 1131 "members":{ 1132 "baselineIdentifier":{ 1133 "shape":"BaselineArn", 1134 "documentation":"<p>The ARN of the <code>Baseline</code> resource to be retrieved.</p>" 1135 } 1136 } 1137 }, 1138 "GetBaselineOperationInput":{ 1139 "type":"structure", 1140 "required":["operationIdentifier"], 1141 "members":{ 1142 "operationIdentifier":{ 1143 "shape":"OperationIdentifier", 1144 "documentation":"<p>The operation ID returned from mutating asynchronous APIs (Enable, Disable, Update, Reset).</p>" 1145 } 1146 } 1147 }, 1148 "GetBaselineOperationOutput":{ 1149 "type":"structure", 1150 "required":["baselineOperation"], 1151 "members":{ 1152 "baselineOperation":{ 1153 "shape":"BaselineOperation", 1154 "documentation":"<p>A <code>baselineOperation</code> object that shows information about the specified operation ID.</p>" 1155 } 1156 } 1157 }, 1158 "GetBaselineOutput":{ 1159 "type":"structure", 1160 "required":[ 1161 "arn", 1162 "name" 1163 ], 1164 "members":{ 1165 "arn":{ 1166 "shape":"BaselineArn", 1167 "documentation":"<p>The baseline ARN.</p>" 1168 }, 1169 "description":{ 1170 "shape":"String", 1171 "documentation":"<p>A description of the baseline.</p>" 1172 }, 1173 "name":{ 1174 "shape":"String", 1175 "documentation":"<p>A user-friendly name for the baseline.</p>" 1176 } 1177 } 1178 }, 1179 "GetControlOperationInput":{ 1180 "type":"structure", 1181 "required":["operationIdentifier"], 1182 "members":{ 1183 "operationIdentifier":{ 1184 "shape":"OperationIdentifier", 1185 "documentation":"<p>The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.</p>" 1186 } 1187 } 1188 }, 1189 "GetControlOperationOutput":{ 1190 "type":"structure", 1191 "required":["controlOperation"], 1192 "members":{ 1193 "controlOperation":{ 1194 "shape":"ControlOperation", 1195 "documentation":"<p>An operation performed by the control.</p>" 1196 } 1197 } 1198 }, 1199 "GetEnabledBaselineInput":{ 1200 "type":"structure", 1201 "required":["enabledBaselineIdentifier"], 1202 "members":{ 1203 "enabledBaselineIdentifier":{ 1204 "shape":"Arn", 1205 "documentation":"<p>Identifier of the <code>EnabledBaseline</code> resource to be retrieved, in ARN format.</p>" 1206 } 1207 } 1208 }, 1209 "GetEnabledBaselineOutput":{ 1210 "type":"structure", 1211 "members":{ 1212 "enabledBaselineDetails":{ 1213 "shape":"EnabledBaselineDetails", 1214 "documentation":"<p>Details of the <code>EnabledBaseline</code> resource.</p>" 1215 } 1216 } 1217 }, 1218 "GetEnabledControlInput":{ 1219 "type":"structure", 1220 "required":["enabledControlIdentifier"], 1221 "members":{ 1222 "enabledControlIdentifier":{ 1223 "shape":"Arn", 1224 "documentation":"<p>The <code>controlIdentifier</code> of the enabled control.</p>" 1225 } 1226 } 1227 }, 1228 "GetEnabledControlOutput":{ 1229 "type":"structure", 1230 "required":["enabledControlDetails"], 1231 "members":{ 1232 "enabledControlDetails":{ 1233 "shape":"EnabledControlDetails", 1234 "documentation":"<p>Information about the enabled control.</p>" 1235 } 1236 } 1237 }, 1238 "GetLandingZoneInput":{ 1239 "type":"structure", 1240 "required":["landingZoneIdentifier"], 1241 "members":{ 1242 "landingZoneIdentifier":{ 1243 "shape":"String", 1244 "documentation":"<p>The unique identifier of the landing zone.</p>" 1245 } 1246 } 1247 }, 1248 "GetLandingZoneOperationInput":{ 1249 "type":"structure", 1250 "required":["operationIdentifier"], 1251 "members":{ 1252 "operationIdentifier":{ 1253 "shape":"OperationIdentifier", 1254 "documentation":"<p>A unique identifier assigned to a landing zone operation.</p>" 1255 } 1256 } 1257 }, 1258 "GetLandingZoneOperationOutput":{ 1259 "type":"structure", 1260 "required":["operationDetails"], 1261 "members":{ 1262 "operationDetails":{ 1263 "shape":"LandingZoneOperationDetail", 1264 "documentation":"<p>Details about a landing zone operation.</p>" 1265 } 1266 } 1267 }, 1268 "GetLandingZoneOutput":{ 1269 "type":"structure", 1270 "required":["landingZone"], 1271 "members":{ 1272 "landingZone":{ 1273 "shape":"LandingZoneDetail", 1274 "documentation":"<p>Information about the landing zone.</p>" 1275 } 1276 } 1277 }, 1278 "Integer":{ 1279 "type":"integer", 1280 "box":true 1281 }, 1282 "InternalServerException":{ 1283 "type":"structure", 1284 "required":["message"], 1285 "members":{ 1286 "message":{"shape":"String"} 1287 }, 1288 "documentation":"<p>An unexpected error occurred during processing of a request.</p>", 1289 "error":{"httpStatusCode":500}, 1290 "exception":true, 1291 "fault":true, 1292 "retryable":{"throttling":false} 1293 }, 1294 "LandingZoneDetail":{ 1295 "type":"structure", 1296 "required":[ 1297 "manifest", 1298 "version" 1299 ], 1300 "members":{ 1301 "arn":{ 1302 "shape":"Arn", 1303 "documentation":"<p>The ARN of the landing zone.</p>" 1304 }, 1305 "driftStatus":{ 1306 "shape":"LandingZoneDriftStatusSummary", 1307 "documentation":"<p>The drift status of the landing zone.</p>" 1308 }, 1309 "latestAvailableVersion":{ 1310 "shape":"LandingZoneVersion", 1311 "documentation":"<p>The latest available version of the landing zone.</p>" 1312 }, 1313 "manifest":{ 1314 "shape":"Manifest", 1315 "documentation":"<p>The landing zone <code>manifest.yaml</code> text file that specifies the landing zone configurations. </p>" 1316 }, 1317 "status":{ 1318 "shape":"LandingZoneStatus", 1319 "documentation":"<p>The landing zone deployment status. One of <code>ACTIVE</code>, <code>PROCESSING</code>, <code>FAILED</code>.</p>" 1320 }, 1321 "version":{ 1322 "shape":"LandingZoneVersion", 1323 "documentation":"<p>The landing zone's current deployed version.</p>" 1324 } 1325 }, 1326 "documentation":"<p>Information about the landing zone.</p>" 1327 }, 1328 "LandingZoneDriftStatus":{ 1329 "type":"string", 1330 "enum":[ 1331 "DRIFTED", 1332 "IN_SYNC" 1333 ] 1334 }, 1335 "LandingZoneDriftStatusSummary":{ 1336 "type":"structure", 1337 "members":{ 1338 "status":{ 1339 "shape":"LandingZoneDriftStatus", 1340 "documentation":"<p>The drift status of the landing zone. </p> <p>Valid values:</p> <ul> <li> <p> <code>DRIFTED</code>: The landing zone deployed in this configuration does not match the configuration that Amazon Web Services Control Tower expected. </p> </li> <li> <p> <code>IN_SYNC</code>: The landing zone deployed in this configuration matches the configuration that Amazon Web Services Control Tower expected. </p> </li> </ul>" 1341 } 1342 }, 1343 "documentation":"<p>The drift status summary of the landing zone. </p> <p>If the landing zone differs from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the landing zone.</p>" 1344 }, 1345 "LandingZoneOperationDetail":{ 1346 "type":"structure", 1347 "members":{ 1348 "endTime":{ 1349 "shape":"Timestamp", 1350 "documentation":"<p>The landing zone operation end time.</p>" 1351 }, 1352 "operationType":{ 1353 "shape":"LandingZoneOperationType", 1354 "documentation":"<p>The landing zone operation type. </p> <p>Valid values:</p> <ul> <li> <p> <code>DELETE</code>: The <code>DeleteLandingZone</code> operation. </p> </li> <li> <p> <code>CREATE</code>: The <code>CreateLandingZone</code> operation. </p> </li> <li> <p> <code>UPDATE</code>: The <code>UpdateLandingZone</code> operation. </p> </li> <li> <p> <code>RESET</code>: The <code>ResetLandingZone</code> operation. </p> </li> </ul>" 1355 }, 1356 "startTime":{ 1357 "shape":"Timestamp", 1358 "documentation":"<p>The landing zone operation start time.</p>" 1359 }, 1360 "status":{ 1361 "shape":"LandingZoneOperationStatus", 1362 "documentation":"<p>Valid values:</p> <ul> <li> <p> <code>SUCCEEDED</code>: The landing zone operation succeeded. </p> </li> <li> <p> <code>IN_PROGRESS</code>: The landing zone operation is in progress. </p> </li> <li> <p> <code>FAILED</code>: The landing zone operation failed. </p> </li> </ul>" 1363 }, 1364 "statusMessage":{ 1365 "shape":"String", 1366 "documentation":"<p>If the operation result is FAILED, this string contains a message explaining why the operation failed.</p>" 1367 } 1368 }, 1369 "documentation":"<p>Information about a landing zone operation.</p>" 1370 }, 1371 "LandingZoneOperationStatus":{ 1372 "type":"string", 1373 "enum":[ 1374 "SUCCEEDED", 1375 "FAILED", 1376 "IN_PROGRESS" 1377 ] 1378 }, 1379 "LandingZoneOperationType":{ 1380 "type":"string", 1381 "enum":[ 1382 "DELETE", 1383 "CREATE", 1384 "UPDATE", 1385 "RESET" 1386 ] 1387 }, 1388 "LandingZoneStatus":{ 1389 "type":"string", 1390 "enum":[ 1391 "ACTIVE", 1392 "PROCESSING", 1393 "FAILED" 1394 ] 1395 }, 1396 "LandingZoneSummary":{ 1397 "type":"structure", 1398 "members":{ 1399 "arn":{ 1400 "shape":"Arn", 1401 "documentation":"<p>The ARN of the landing zone.</p>" 1402 } 1403 }, 1404 "documentation":"<p>Returns a summary of information about a landing zone.</p>" 1405 }, 1406 "LandingZoneVersion":{ 1407 "type":"string", 1408 "max":10, 1409 "min":3, 1410 "pattern":"^\\d+.\\d+$" 1411 }, 1412 "ListBaselinesInput":{ 1413 "type":"structure", 1414 "members":{ 1415 "maxResults":{ 1416 "shape":"ListBaselinesMaxResults", 1417 "documentation":"<p>The maximum number of results to be shown.</p>" 1418 }, 1419 "nextToken":{ 1420 "shape":"String", 1421 "documentation":"<p>A pagination token.</p>" 1422 } 1423 } 1424 }, 1425 "ListBaselinesMaxResults":{ 1426 "type":"integer", 1427 "box":true, 1428 "max":100, 1429 "min":4 1430 }, 1431 "ListBaselinesOutput":{ 1432 "type":"structure", 1433 "required":["baselines"], 1434 "members":{ 1435 "baselines":{ 1436 "shape":"Baselines", 1437 "documentation":"<p>A list of <code>Baseline</code> object details.</p>" 1438 }, 1439 "nextToken":{ 1440 "shape":"String", 1441 "documentation":"<p>A pagination token.</p>" 1442 } 1443 } 1444 }, 1445 "ListEnabledBaselinesInput":{ 1446 "type":"structure", 1447 "members":{ 1448 "filter":{ 1449 "shape":"EnabledBaselineFilter", 1450 "documentation":"<p>A filter applied on the <code>ListEnabledBaseline</code> operation. Allowed filters are <code>baselineIdentifiers</code> and <code>targetIdentifiers</code>. The filter can be applied for either, or both.</p>" 1451 }, 1452 "maxResults":{ 1453 "shape":"ListEnabledBaselinesMaxResults", 1454 "documentation":"<p>The maximum number of results to be shown.</p>" 1455 }, 1456 "nextToken":{ 1457 "shape":"ListEnabledBaselinesNextToken", 1458 "documentation":"<p>A pagination token.</p>" 1459 } 1460 } 1461 }, 1462 "ListEnabledBaselinesMaxResults":{ 1463 "type":"integer", 1464 "box":true, 1465 "max":100, 1466 "min":5 1467 }, 1468 "ListEnabledBaselinesNextToken":{ 1469 "type":"string", 1470 "pattern":"\\S+" 1471 }, 1472 "ListEnabledBaselinesOutput":{ 1473 "type":"structure", 1474 "required":["enabledBaselines"], 1475 "members":{ 1476 "enabledBaselines":{ 1477 "shape":"EnabledBaselines", 1478 "documentation":"<p>Retuens a list of summaries of <code>EnabledBaseline</code> resources.</p>" 1479 }, 1480 "nextToken":{ 1481 "shape":"ListEnabledBaselinesNextToken", 1482 "documentation":"<p>A pagination token.</p>" 1483 } 1484 } 1485 }, 1486 "ListEnabledControlsInput":{ 1487 "type":"structure", 1488 "required":["targetIdentifier"], 1489 "members":{ 1490 "maxResults":{ 1491 "shape":"MaxResults", 1492 "documentation":"<p>How many results to return per API call.</p>" 1493 }, 1494 "nextToken":{ 1495 "shape":"String", 1496 "documentation":"<p>The token to continue the list from a previous API call with the same parameters.</p>" 1497 }, 1498 "targetIdentifier":{ 1499 "shape":"TargetIdentifier", 1500 "documentation":"<p>The ARN of the organizational unit. For information on how to find the <code>targetIdentifier</code>, see <a href=\"https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html\">the overview page</a>.</p>" 1501 } 1502 } 1503 }, 1504 "ListEnabledControlsOutput":{ 1505 "type":"structure", 1506 "required":["enabledControls"], 1507 "members":{ 1508 "enabledControls":{ 1509 "shape":"EnabledControls", 1510 "documentation":"<p>Lists the controls enabled by Amazon Web Services Control Tower on the specified organizational unit and the accounts it contains.</p>" 1511 }, 1512 "nextToken":{ 1513 "shape":"String", 1514 "documentation":"<p>Retrieves the next page of results. If the string is empty, the response is the end of the results.</p>" 1515 } 1516 } 1517 }, 1518 "ListLandingZonesInput":{ 1519 "type":"structure", 1520 "members":{ 1521 "maxResults":{ 1522 "shape":"ListLandingZonesMaxResults", 1523 "documentation":"<p>The maximum number of returned landing zone ARNs, which is one.</p>" 1524 }, 1525 "nextToken":{ 1526 "shape":"String", 1527 "documentation":"<p>The token to continue the list from a previous API call with the same parameters.</p>" 1528 } 1529 } 1530 }, 1531 "ListLandingZonesMaxResults":{ 1532 "type":"integer", 1533 "box":true, 1534 "max":1, 1535 "min":1 1536 }, 1537 "ListLandingZonesOutput":{ 1538 "type":"structure", 1539 "required":["landingZones"], 1540 "members":{ 1541 "landingZones":{ 1542 "shape":"ListLandingZonesOutputLandingZonesList", 1543 "documentation":"<p>The ARN of the landing zone.</p>" 1544 }, 1545 "nextToken":{ 1546 "shape":"String", 1547 "documentation":"<p>Retrieves the next page of results. If the string is empty, the response is the end of the results.</p>" 1548 } 1549 } 1550 }, 1551 "ListLandingZonesOutputLandingZonesList":{ 1552 "type":"list", 1553 "member":{"shape":"LandingZoneSummary"}, 1554 "max":1, 1555 "min":0 1556 }, 1557 "ListTagsForResourceInput":{ 1558 "type":"structure", 1559 "required":["resourceArn"], 1560 "members":{ 1561 "resourceArn":{ 1562 "shape":"Arn", 1563 "documentation":"<p> The ARN of the resource.</p>", 1564 "location":"uri", 1565 "locationName":"resourceArn" 1566 } 1567 } 1568 }, 1569 "ListTagsForResourceOutput":{ 1570 "type":"structure", 1571 "required":["tags"], 1572 "members":{ 1573 "tags":{ 1574 "shape":"TagMap", 1575 "documentation":"<p>A list of tags, as <code>key:value</code> strings.</p>" 1576 } 1577 } 1578 }, 1579 "Manifest":{ 1580 "type":"structure", 1581 "members":{ 1582 }, 1583 "document":true 1584 }, 1585 "MaxResults":{ 1586 "type":"integer", 1587 "box":true, 1588 "max":200, 1589 "min":1 1590 }, 1591 "OperationIdentifier":{ 1592 "type":"string", 1593 "max":36, 1594 "min":36, 1595 "pattern":"^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" 1596 }, 1597 "Region":{ 1598 "type":"structure", 1599 "members":{ 1600 "name":{ 1601 "shape":"RegionName", 1602 "documentation":"<p>The Amazon Web Services Region name.</p>" 1603 } 1604 }, 1605 "documentation":"<p>An Amazon Web Services Region in which Amazon Web Services Control Tower expects to find the control deployed. </p> <p>The expected Regions are based on the Regions that are governed by the landing zone. In certain cases, a control is not actually enabled in the Region as expected, such as during drift, or <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/region-how.html#mixed-governance\">mixed governance</a>.</p>" 1606 }, 1607 "RegionName":{ 1608 "type":"string", 1609 "max":50, 1610 "min":1 1611 }, 1612 "ResetEnabledBaselineInput":{ 1613 "type":"structure", 1614 "required":["enabledBaselineIdentifier"], 1615 "members":{ 1616 "enabledBaselineIdentifier":{ 1617 "shape":"Arn", 1618 "documentation":"<p>Specifies the ID of the <code>EnabledBaseline</code> resource to be re-enabled, in ARN format.</p>" 1619 } 1620 } 1621 }, 1622 "ResetEnabledBaselineOutput":{ 1623 "type":"structure", 1624 "required":["operationIdentifier"], 1625 "members":{ 1626 "operationIdentifier":{ 1627 "shape":"OperationIdentifier", 1628 "documentation":"<p>The ID (in UUID format) of the asynchronous <code>ResetEnabledBaseline</code> operation. This <code>operationIdentifier</code> is used to track status through calls to the <code>GetBaselineOperation</code> API.</p>" 1629 } 1630 } 1631 }, 1632 "ResetLandingZoneInput":{ 1633 "type":"structure", 1634 "required":["landingZoneIdentifier"], 1635 "members":{ 1636 "landingZoneIdentifier":{ 1637 "shape":"String", 1638 "documentation":"<p>The unique identifier of the landing zone.</p>" 1639 } 1640 } 1641 }, 1642 "ResetLandingZoneOutput":{ 1643 "type":"structure", 1644 "required":["operationIdentifier"], 1645 "members":{ 1646 "operationIdentifier":{ 1647 "shape":"OperationIdentifier", 1648 "documentation":"<p>A unique identifier assigned to a <code>ResetLandingZone</code> operation. You can use this identifier as an input parameter of <code>GetLandingZoneOperation</code> to check the operation's status.</p>" 1649 } 1650 } 1651 }, 1652 "ResourceNotFoundException":{ 1653 "type":"structure", 1654 "required":["message"], 1655 "members":{ 1656 "message":{"shape":"String"} 1657 }, 1658 "documentation":"<p>The request references a resource that does not exist.</p>", 1659 "error":{ 1660 "httpStatusCode":404, 1661 "senderFault":true 1662 }, 1663 "exception":true 1664 }, 1665 "ServiceQuotaExceededException":{ 1666 "type":"structure", 1667 "required":["message"], 1668 "members":{ 1669 "message":{"shape":"String"} 1670 }, 1671 "documentation":"<p>The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.</p>", 1672 "error":{ 1673 "httpStatusCode":402, 1674 "senderFault":true 1675 }, 1676 "exception":true 1677 }, 1678 "String":{"type":"string"}, 1679 "SyntheticTimestamp_date_time":{ 1680 "type":"timestamp", 1681 "timestampFormat":"iso8601" 1682 }, 1683 "TagKey":{ 1684 "type":"string", 1685 "max":128, 1686 "min":1 1687 }, 1688 "TagKeys":{ 1689 "type":"list", 1690 "member":{"shape":"TagKey"}, 1691 "max":200, 1692 "min":0 1693 }, 1694 "TagMap":{ 1695 "type":"map", 1696 "key":{"shape":"TagKey"}, 1697 "value":{"shape":"TagValue"}, 1698 "max":200, 1699 "min":0 1700 }, 1701 "TagResourceInput":{ 1702 "type":"structure", 1703 "required":[ 1704 "resourceArn", 1705 "tags" 1706 ], 1707 "members":{ 1708 "resourceArn":{ 1709 "shape":"Arn", 1710 "documentation":"<p>The ARN of the resource to be tagged.</p>", 1711 "location":"uri", 1712 "locationName":"resourceArn" 1713 }, 1714 "tags":{ 1715 "shape":"TagMap", 1716 "documentation":"<p>Tags to be applied to the resource.</p>" 1717 } 1718 } 1719 }, 1720 "TagResourceOutput":{ 1721 "type":"structure", 1722 "members":{ 1723 } 1724 }, 1725 "TagValue":{ 1726 "type":"string", 1727 "max":256, 1728 "min":0 1729 }, 1730 "TargetIdentifier":{ 1731 "type":"string", 1732 "max":2048, 1733 "min":20, 1734 "pattern":"^arn:aws[0-9a-zA-Z_\\-:\\/]+$" 1735 }, 1736 "TargetRegions":{ 1737 "type":"list", 1738 "member":{"shape":"Region"} 1739 }, 1740 "ThrottlingException":{ 1741 "type":"structure", 1742 "required":["message"], 1743 "members":{ 1744 "message":{"shape":"String"}, 1745 "quotaCode":{ 1746 "shape":"String", 1747 "documentation":"<p>The ID of the service quota that was exceeded.</p>" 1748 }, 1749 "retryAfterSeconds":{ 1750 "shape":"Integer", 1751 "documentation":"<p>The number of seconds the caller should wait before retrying.</p>", 1752 "location":"header", 1753 "locationName":"Retry-After" 1754 }, 1755 "serviceCode":{ 1756 "shape":"String", 1757 "documentation":"<p>The ID of the service that is associated with the error.</p>" 1758 } 1759 }, 1760 "documentation":"<p>The request was denied due to request throttling.</p>", 1761 "error":{ 1762 "httpStatusCode":429, 1763 "senderFault":true 1764 }, 1765 "exception":true, 1766 "retryable":{"throttling":true} 1767 }, 1768 "Timestamp":{ 1769 "type":"timestamp", 1770 "timestampFormat":"iso8601" 1771 }, 1772 "UntagResourceInput":{ 1773 "type":"structure", 1774 "required":[ 1775 "resourceArn", 1776 "tagKeys" 1777 ], 1778 "members":{ 1779 "resourceArn":{ 1780 "shape":"Arn", 1781 "documentation":"<p>The ARN of the resource.</p>", 1782 "location":"uri", 1783 "locationName":"resourceArn" 1784 }, 1785 "tagKeys":{ 1786 "shape":"TagKeys", 1787 "documentation":"<p>Tag keys to be removed from the resource.</p>", 1788 "location":"querystring", 1789 "locationName":"tagKeys" 1790 } 1791 } 1792 }, 1793 "UntagResourceOutput":{ 1794 "type":"structure", 1795 "members":{ 1796 } 1797 }, 1798 "UpdateEnabledBaselineInput":{ 1799 "type":"structure", 1800 "required":[ 1801 "baselineVersion", 1802 "enabledBaselineIdentifier" 1803 ], 1804 "members":{ 1805 "baselineVersion":{ 1806 "shape":"BaselineVersion", 1807 "documentation":"<p>Specifies the new <code>Baseline</code> version, to which the <code>EnabledBaseline</code> should be updated.</p>" 1808 }, 1809 "enabledBaselineIdentifier":{ 1810 "shape":"Arn", 1811 "documentation":"<p>Specifies the <code>EnabledBaseline</code> resource to be updated.</p>" 1812 }, 1813 "parameters":{ 1814 "shape":"EnabledBaselineParameters", 1815 "documentation":"<p>Parameters to apply when making an update.</p>" 1816 } 1817 } 1818 }, 1819 "UpdateEnabledBaselineOutput":{ 1820 "type":"structure", 1821 "required":["operationIdentifier"], 1822 "members":{ 1823 "operationIdentifier":{ 1824 "shape":"OperationIdentifier", 1825 "documentation":"<p>The ID (in UUID format) of the asynchronous <code>UpdateEnabledBaseline</code> operation. This <code>operationIdentifier</code> is used to track status through calls to the <code>GetBaselineOperation</code> API.</p>" 1826 } 1827 } 1828 }, 1829 "UpdateEnabledControlInput":{ 1830 "type":"structure", 1831 "required":[ 1832 "enabledControlIdentifier", 1833 "parameters" 1834 ], 1835 "members":{ 1836 "enabledControlIdentifier":{ 1837 "shape":"Arn", 1838 "documentation":"<p> The ARN of the enabled control that will be updated. </p>" 1839 }, 1840 "parameters":{ 1841 "shape":"EnabledControlParameters", 1842 "documentation":"<p>A key/value pair, where <code>Key</code> is of type <code>String</code> and <code>Value</code> is of type <code>Document</code>.</p>" 1843 } 1844 } 1845 }, 1846 "UpdateEnabledControlOutput":{ 1847 "type":"structure", 1848 "required":["operationIdentifier"], 1849 "members":{ 1850 "operationIdentifier":{ 1851 "shape":"OperationIdentifier", 1852 "documentation":"<p> The operation identifier for this <code>UpdateEnabledControl</code> operation. </p>" 1853 } 1854 } 1855 }, 1856 "UpdateLandingZoneInput":{ 1857 "type":"structure", 1858 "required":[ 1859 "landingZoneIdentifier", 1860 "manifest", 1861 "version" 1862 ], 1863 "members":{ 1864 "landingZoneIdentifier":{ 1865 "shape":"String", 1866 "documentation":"<p>The unique identifier of the landing zone.</p>" 1867 }, 1868 "manifest":{ 1869 "shape":"Manifest", 1870 "documentation":"<p>The <code>manifest.yaml</code> file is a text file that describes your Amazon Web Services resources. For examples, review <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/the-manifest-file\">The manifest file</a>.</p>" 1871 }, 1872 "version":{ 1873 "shape":"LandingZoneVersion", 1874 "documentation":"<p>The landing zone version, for example, 3.2.</p>" 1875 } 1876 } 1877 }, 1878 "UpdateLandingZoneOutput":{ 1879 "type":"structure", 1880 "required":["operationIdentifier"], 1881 "members":{ 1882 "operationIdentifier":{ 1883 "shape":"OperationIdentifier", 1884 "documentation":"<p>A unique identifier assigned to a <code>UpdateLandingZone</code> operation. You can use this identifier as an input of <code>GetLandingZoneOperation</code> to check the operation's status.</p>" 1885 } 1886 } 1887 }, 1888 "ValidationException":{ 1889 "type":"structure", 1890 "required":["message"], 1891 "members":{ 1892 "message":{"shape":"String"} 1893 }, 1894 "documentation":"<p>The input does not satisfy the constraints specified by an Amazon Web Services service.</p>", 1895 "error":{ 1896 "httpStatusCode":400, 1897 "senderFault":true 1898 }, 1899 "exception":true 1900 } 1901 }, 1902 "documentation":"<p>These interfaces allow you to apply the Amazon Web Services library of pre-defined <i>controls</i> to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms \"control\" and \"guardrail\" are synonyms.</p> <p>To call these APIs, you'll need to know:</p> <ul> <li> <p>the <code>controlIdentifier</code> for the control--or guardrail--you are targeting.</p> </li> <li> <p>the ARN associated with the target organizational unit (OU), which we call the <code>targetIdentifier</code>.</p> </li> <li> <p>the ARN associated with a resource that you wish to tag or untag.</p> </li> </ul> <p> <b>To get the <code>controlIdentifier</code> for your Amazon Web Services Control Tower control:</b> </p> <p>The <code>controlIdentifier</code> is an ARN that is specified for each control. You can view the <code>controlIdentifier</code> in the console on the <b>Control details</b> page, as well as in the documentation.</p> <p>The <code>controlIdentifier</code> is unique in each Amazon Web Services Region for each control. You can find the <code>controlIdentifier</code> for each Region and control in the <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-metadata-tables.html\">Tables of control metadata</a> in the <i>Amazon Web Services Control Tower User Guide.</i> </p> <p>A quick-reference list of control identifers for the Amazon Web Services Control Tower legacy <i>Strongly recommended</i> and <i>Elective</i> controls is given in <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html.html\">Resource identifiers for APIs and controls</a> in the <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html\">Controls reference guide section</a> of the <i>Amazon Web Services Control Tower User Guide</i>. Remember that <i>Mandatory</i> controls cannot be added or removed.</p> <note> <p> <b>ARN format:</b> <code>arn:aws:controltower:{REGION}::control/{CONTROL_NAME}</code> </p> <p> <b>Example:</b> </p> <p> <code>arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED</code> </p> </note> <p> <b>To get the <code>targetIdentifier</code>:</b> </p> <p>The <code>targetIdentifier</code> is the ARN for an OU.</p> <p>In the Amazon Web Services Organizations console, you can find the ARN for the OU on the <b>Organizational unit details</b> page associated with that OU.</p> <note> <p> <b>OU ARN format:</b> </p> <p> <code>arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}</code> </p> </note> <p class=\"title\"> <b>Details and examples</b> </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html\">Control API input and output examples with CLI</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/enable-controls.html\">Enable controls with CloudFormation</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-metadata-tables.html\">Control metadata tables</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html\">List of identifiers for legacy controls</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/controls.html\">Controls reference guide</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/controls-reference.html\">Controls library groupings</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/creating-resources-with-cloudformation.html\">Creating Amazon Web Services Control Tower resources with Amazon Web Services CloudFormation</a> </p> </li> </ul> <p>To view the open source resource repository on GitHub, see <a href=\"https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-controltower\">aws-cloudformation/aws-cloudformation-resource-providers-controltower</a> </p> <p> <b>Recording API Requests</b> </p> <p>Amazon Web Services Control Tower supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the Amazon Web Services Control Tower service received, who made the request and when, and so on. For more about Amazon Web Services Control Tower and its support for CloudTrail, see <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/logging-using-cloudtrail.html\">Logging Amazon Web Services Control Tower Actions with Amazon Web Services CloudTrail</a> in the Amazon Web Services Control Tower User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the Amazon Web Services CloudTrail User Guide.</p>" 1903} 1904