ControlTower / Client / list_enabled_controls

list_enabled_controls#

ControlTower.Client.list_enabled_controls(**kwargs)#

Lists the controls enabled by AWS Control Tower on the specified organizational unit and the accounts it contains. For usage examples, see the AWS Control Tower User Guide

See also: AWS API Documentation

Request Syntax

response = client.list_enabled_controls(
    maxResults=123,
    nextToken='string',
    targetIdentifier='string'
)
Parameters:

  • maxResults (integer) – How many results to return per API call.

  • nextToken (string) – The token to continue the list from a previous API call with the same parameters.

  • targetIdentifier (string) –

    [REQUIRED]

    The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

Return type:

dict

Returns:

Response Syntax

{
    'enabledControls': [
        {
            'arn': 'string',
            'controlIdentifier': 'string',
            'driftStatusSummary': {
                'driftStatus': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN'
            },
            'statusSummary': {
                'lastOperationIdentifier': 'string',
                'status': 'SUCCEEDED'|'FAILED'|'UNDER_CHANGE'
            },
            'targetIdentifier': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) –

    • enabledControls (list) –

      Lists the controls enabled by AWS Control Tower on the specified organizational unit and the accounts it contains.

      • (dict) –

        A summary of enabled controls.

        • arn (string) –

          The ARN of the enabled control.

        • controlIdentifier (string) –

          The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny control. For information on how to find the controlIdentifier, see the overview page.

        • driftStatusSummary (dict) –

          The drift status of the enabled control.

          • driftStatus (string) –

            The drift status of the enabled control.

            Valid values:

            • DRIFTED: The enabledControl deployed in this configuration doesn’t match the configuration that AWS Control Tower expected.

            • IN_SYNC: The enabledControl deployed in this configuration matches the configuration that AWS Control Tower expected.

            • NOT_CHECKING: AWS Control Tower does not check drift for this enabled control. Drift is not supported for the control type.

            • UNKNOWN: AWS Control Tower is not able to check the drift status for the enabled control.

        • statusSummary (dict) –

          • lastOperationIdentifier (string) –

            The last operation identifier for the enabled control.

          • status (string) –

            The deployment status of the enabled control.

            Valid values:

            • SUCCEEDED: The enabledControl configuration was deployed successfully.

            • UNDER_CHANGE: The enabledControl configuration is changing.

            • FAILED: The enabledControl configuration failed to deploy.

        • targetIdentifier (string) –

          The ARN of the organizational unit.

    • nextToken (string) –

      Retrieves the next page of results. If the string is empty, the current response is the end of the results.

Exceptions

  • ControlTower.Client.exceptions.ValidationException

  • ControlTower.Client.exceptions.InternalServerException

  • ControlTower.Client.exceptions.AccessDeniedException

  • ControlTower.Client.exceptions.ThrottlingException

  • ControlTower.Client.exceptions.ResourceNotFoundException