ControlTower / Client / list_enabled_controls

list_enabled_controls#

ControlTower.Client.list_enabled_controls(**kwargs)#

Lists the controls enabled by AWS Control Tower on the specified organizational unit and the accounts it contains. For usage examples, see the AWS Control Tower User Guide.

See also: AWS API Documentation

Request Syntax

response = client.list_enabled_controls(
    maxResults=123,
    nextToken='string',
    targetIdentifier='string'
)
Parameters:

  • maxResults (integer) – How many results to return per API call.

  • nextToken (string) – The token to continue the list from a previous API call with the same parameters.

  • targetIdentifier (string) –

    [REQUIRED]

    The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

Return type:

dict

Returns:

Response Syntax

{
    'enabledControls': [
        {
            'arn': 'string',
            'controlIdentifier': 'string',
            'driftStatusSummary': {
                'driftStatus': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN'
            },
            'statusSummary': {
                'lastOperationIdentifier': 'string',
                'status': 'SUCCEEDED'|'FAILED'|'UNDER_CHANGE'
            },
            'targetIdentifier': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) –

    • enabledControls (list) –

      Lists the controls enabled by AWS Control Tower on the specified organizational unit and the accounts it contains.

      • (dict) –

        Returns a summary of information about an enabled control.

        • arn (string) –

          The ARN of the enabled control.

        • controlIdentifier (string) –

          The controlIdentifier of the enabled control.

        • driftStatusSummary (dict) –

          The drift status of the enabled control.

          • driftStatus (string) –

            The drift status of the enabled control.

            Valid values:

            • DRIFTED: The enabledControl deployed in this configuration doesn’t match the configuration that AWS Control Tower expected.

            • IN_SYNC: The enabledControl deployed in this configuration matches the configuration that AWS Control Tower expected.

            • NOT_CHECKING: AWS Control Tower does not check drift for this enabled control. Drift is not supported for the control type.

            • UNKNOWN: AWS Control Tower is not able to check the drift status for the enabled control.

        • statusSummary (dict) –

          A short description of the status of the enabled control.

          • lastOperationIdentifier (string) –

            The last operation identifier for the enabled control.

          • status (string) –

            The deployment status of the enabled control.

            Valid values:

            • SUCCEEDED: The enabledControl configuration was deployed successfully.

            • UNDER_CHANGE: The enabledControl configuration is changing.

            • FAILED: The enabledControl configuration failed to deploy.

        • targetIdentifier (string) –

          The ARN of the organizational unit.

    • nextToken (string) –

      Retrieves the next page of results. If the string is empty, the current response is the end of the results.

Exceptions

  • ControlTower.Client.exceptions.ValidationException

  • ControlTower.Client.exceptions.InternalServerException

  • ControlTower.Client.exceptions.AccessDeniedException

  • ControlTower.Client.exceptions.ThrottlingException

  • ControlTower.Client.exceptions.ResourceNotFoundException