ControlTower / Client / get_enabled_control

get_enabled_control

ControlTower.Client.get_enabled_control(**kwargs)

Retrieves details about an enabled control. For usage examples, see the Controls Reference Guide.

See also: AWS API Documentation

Request Syntax

response = client.get_enabled_control(
    enabledControlIdentifier='string'
)

Parameters:

enabledControlIdentifier (string) –

[REQUIRED]

The controlIdentifier of the enabled control.

Return type:

dict

Returns:

Response Syntax

{
    'enabledControlDetails': {
        'arn': 'string',
        'controlIdentifier': 'string',
        'targetIdentifier': 'string',
        'statusSummary': {
            'status': 'SUCCEEDED'|'FAILED'|'UNDER_CHANGE',
            'lastOperationIdentifier': 'string'
        },
        'driftStatusSummary': {
            'driftStatus': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN',
            'types': {
                'inheritance': {
                    'status': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN'
                },
                'resource': {
                    'status': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN'
                }
            }
        },
        'parentIdentifier': 'string',
        'targetRegions': [
            {
                'name': 'string'
            },
        ],
        'parameters': [
            {
                'key': 'string',
                'value': {...}|[...]|123|123.4|'string'|True|None
            },
        ]
    }
}

Response Structure

• (dict) –

  • enabledControlDetails (dict) –

    Information about the enabled control.

    • arn (string) –

      The ARN of the enabled control.

    • controlIdentifier (string) –

      The control identifier of the enabled control. For information on how to find the controlIdentifier, see the overview page.

    • targetIdentifier (string) –

      The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

    • statusSummary (dict) –

      The deployment summary of the enabled control.

      • status (string) –

        The deployment status of the enabled resource.

        Valid values:

        • SUCCEEDED: The EnabledControl or EnabledBaseline configuration was deployed successfully.

        • UNDER_CHANGE: The EnabledControl or EnabledBaseline configuration is changing.

        • FAILED: The EnabledControl or EnabledBaseline configuration failed to deploy.

      • lastOperationIdentifier (string) –

        The last operation identifier for the enabled resource.

    • driftStatusSummary (dict) –

      The drift status of the enabled control.

      • driftStatus (string) –

        The drift status of the enabled control.

        Valid values:

        • DRIFTED: The enabledControl deployed in this configuration doesn’t match the configuration that Amazon Web Services Control Tower expected.

        • IN_SYNC: The enabledControl deployed in this configuration matches the configuration that Amazon Web Services Control Tower expected.

        • NOT_CHECKING: Amazon Web Services Control Tower does not check drift for this enabled control. Drift is not supported for the control type.

        • UNKNOWN: Amazon Web Services Control Tower is not able to check the drift status for the enabled control.

      • types (dict) –

        An object that categorizes the different types of drift detected for the enabled control.

        • inheritance (dict) –

          Indicates drift related to inheritance configuration between parent and child controls.

          • status (string) –

            The status of inheritance drift for the enabled control, indicating whether inheritance configuration matches expectations.

        • resource (dict) –

          Indicates drift related to the underlying Amazon Web Services resources managed by the control.

          • status (string) –

            The status of resource drift for the enabled control, indicating whether the underlying resources match the expected configuration.

    • parentIdentifier (string) –

      The ARN of the parent enabled control from which this control inherits its configuration, if applicable.

    • targetRegions (list) –

      Target Amazon Web Services Regions for the enabled control.

      • (dict) –

        An Amazon Web Services Region in which Amazon Web Services Control Tower expects to find the control deployed.

        The expected Regions are based on the Regions that are governed by the landing zone. In certain cases, a control is not actually enabled in the Region as expected, such as during drift, or mixed governance.

        • name (string) –

          The Amazon Web Services Region name.

    • parameters (list) –

      Array of EnabledControlParameter objects.

      • (dict) –

        Returns a summary of information about the parameters of an enabled control.

        • key (string) –

          The key of a key/value pair.

        • value (document) –

          The value of a key/value pair.

Exceptions

• ControlTower.Client.exceptions.ValidationException

• ControlTower.Client.exceptions.InternalServerException

• ControlTower.Client.exceptions.AccessDeniedException

• ControlTower.Client.exceptions.ResourceNotFoundException

• ControlTower.Client.exceptions.ThrottlingException