ControlTower / Client / get_enabled_control
get_enabled_control#
- ControlTower.Client.get_enabled_control(**kwargs)#
Retrieves details about an enabled control. For usage examples, see the Controls Reference Guide.
See also: AWS API Documentation
Request Syntax
response = client.get_enabled_control( enabledControlIdentifier='string' )
- Parameters:
enabledControlIdentifier (string) –
[REQUIRED]
The
controlIdentifier
of the enabled control.- Return type:
dict
- Returns:
Response Syntax
{ 'enabledControlDetails': { 'arn': 'string', 'controlIdentifier': 'string', 'driftStatusSummary': { 'driftStatus': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN' }, 'parameters': [ { 'key': 'string', 'value': {...}|[...]|123|123.4|'string'|True|None }, ], 'statusSummary': { 'lastOperationIdentifier': 'string', 'status': 'SUCCEEDED'|'FAILED'|'UNDER_CHANGE' }, 'targetIdentifier': 'string', 'targetRegions': [ { 'name': 'string' }, ] } }
Response Structure
(dict) –
enabledControlDetails (dict) –
Information about the enabled control.
arn (string) –
The ARN of the enabled control.
controlIdentifier (string) –
The control identifier of the enabled control. For information on how to find the
controlIdentifier
, see the overview page.driftStatusSummary (dict) –
The drift status of the enabled control.
driftStatus (string) –
The drift status of the enabled control.
Valid values:
DRIFTED
: TheenabledControl
deployed in this configuration doesn’t match the configuration that Amazon Web Services Control Tower expected.IN_SYNC
: TheenabledControl
deployed in this configuration matches the configuration that Amazon Web Services Control Tower expected.NOT_CHECKING
: Amazon Web Services Control Tower does not check drift for this enabled control. Drift is not supported for the control type.UNKNOWN
: Amazon Web Services Control Tower is not able to check the drift status for the enabled control.
parameters (list) –
Array of
EnabledControlParameter
objects.(dict) –
Returns a summary of information about the parameters of an enabled control.
key (string) –
The key of a key/value pair.
value (document) –
The value of a key/value pair.
statusSummary (dict) –
The deployment summary of the enabled control.
lastOperationIdentifier (string) –
The last operation identifier for the enabled resource.
status (string) –
The deployment status of the enabled resource.
Valid values:
SUCCEEDED
: TheEnabledControl
orEnabledBaseline
configuration was deployed successfully.UNDER_CHANGE
: TheEnabledControl
orEnabledBaseline
configuration is changing.FAILED
: TheEnabledControl
orEnabledBaseline
configuration failed to deploy.
targetIdentifier (string) –
The ARN of the organizational unit. For information on how to find the
targetIdentifier
, see the overview page.targetRegions (list) –
Target Amazon Web Services Regions for the enabled control.
(dict) –
An Amazon Web Services Region in which Amazon Web Services Control Tower expects to find the control deployed.
The expected Regions are based on the Regions that are governed by the landing zone. In certain cases, a control is not actually enabled in the Region as expected, such as during drift, or mixed governance.
name (string) –
The Amazon Web Services Region name.
Exceptions