ControlTower / Client / get_enabled_control

get_enabled_control#

ControlTower.Client.get_enabled_control(**kwargs)#

Retrieves details about an enabled control. For usage examples, see the AWS Control Tower User Guide.

See also: AWS API Documentation

Request Syntax

response = client.get_enabled_control(
    enabledControlIdentifier='string'
)
Parameters:

enabledControlIdentifier (string) –

[REQUIRED]

The controlIdentifier of the enabled control.

Return type:

dict

Returns:

Response Syntax

{
    'enabledControlDetails': {
        'arn': 'string',
        'controlIdentifier': 'string',
        'driftStatusSummary': {
            'driftStatus': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN'
        },
        'statusSummary': {
            'lastOperationIdentifier': 'string',
            'status': 'SUCCEEDED'|'FAILED'|'UNDER_CHANGE'
        },
        'targetIdentifier': 'string',
        'targetRegions': [
            {
                'name': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) –

    • enabledControlDetails (dict) –

      Information about the enabled control.

      • arn (string) –

        The ARN of the enabled control.

      • controlIdentifier (string) –

        The control identifier of the enabled control. For information on how to find the controlIdentifier, see the overview page.

      • driftStatusSummary (dict) –

        The drift status of the enabled control.

        • driftStatus (string) –

          The drift status of the enabled control.

          Valid values:

          • DRIFTED: The enabledControl deployed in this configuration doesn’t match the configuration that AWS Control Tower expected.

          • IN_SYNC: The enabledControl deployed in this configuration matches the configuration that AWS Control Tower expected.

          • NOT_CHECKING: AWS Control Tower does not check drift for this enabled control. Drift is not supported for the control type.

          • UNKNOWN: AWS Control Tower is not able to check the drift status for the enabled control.

      • statusSummary (dict) –

        The deployment summary of the enabled control.

        • lastOperationIdentifier (string) –

          The last operation identifier for the enabled control.

        • status (string) –

          The deployment status of the enabled control.

          Valid values:

          • SUCCEEDED: The enabledControl configuration was deployed successfully.

          • UNDER_CHANGE: The enabledControl configuration is changing.

          • FAILED: The enabledControl configuration failed to deploy.

      • targetIdentifier (string) –

        The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

      • targetRegions (list) –

        Target AWS Regions for the enabled control.

        • (dict) –

          An AWS Region in which AWS Control Tower expects to find the control deployed.

          The expected Regions are based on the Regions that are governed by the landing zone. In certain cases, a control is not actually enabled in the Region as expected, such as during drift, or mixed governance.

          • name (string) –

            The AWS Region name.

Exceptions

  • ControlTower.Client.exceptions.ValidationException

  • ControlTower.Client.exceptions.InternalServerException

  • ControlTower.Client.exceptions.AccessDeniedException

  • ControlTower.Client.exceptions.ThrottlingException

  • ControlTower.Client.exceptions.ResourceNotFoundException