ControlTower / Client / enable_control

enable_control#

ControlTower.Client.enable_control(**kwargs)#

This API call activates a control. It starts an asynchronous operation that creates Amazon Web Services resources on the specified organizational unit and the accounts it contains. The resources created will vary according to the control that you specify. For usage examples, see the Amazon Web Services Control Tower User Guide.

See also: AWS API Documentation

Request Syntax

response = client.enable_control(
    controlIdentifier='string',
    parameters=[
        {
            'key': 'string',
            'value': {...}|[...]|123|123.4|'string'|True|None
        },
    ],
    tags={
        'string': 'string'
    },
    targetIdentifier='string'
)
Parameters:

  • controlIdentifier (string) –

    [REQUIRED]

    The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the landing zone Region deny control. For information on how to find the controlIdentifier, see the overview page.

  • parameters (list) –

    An array of EnabledControlParameter objects

    • (dict) –

      A set of parameters that configure the behavior of the enabled control. A key/value pair, where Key is of type String and Value is of type Document.

      • key (string) – [REQUIRED]

        The key of a key/value pair. It is of type string.

      • value (document) – [REQUIRED]

        The value of a key/value pair. It can be of type array string, number, object, or boolean.

  • tags (dict) –

    Tags to be applied to the EnabledControl resource.

    • (string) –

      • (string) –

  • targetIdentifier (string) –

    [REQUIRED]

    The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

Return type:

dict

Returns:

Response Syntax

{
    'arn': 'string',
    'operationIdentifier': 'string'
}

Response Structure

  • (dict) –

    • arn (string) –

      The ARN of the EnabledControl resource.

    • operationIdentifier (string) –

      The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.

Exceptions

  • ControlTower.Client.exceptions.ValidationException

  • ControlTower.Client.exceptions.ConflictException

  • ControlTower.Client.exceptions.ServiceQuotaExceededException

  • ControlTower.Client.exceptions.InternalServerException

  • ControlTower.Client.exceptions.AccessDeniedException

  • ControlTower.Client.exceptions.ThrottlingException

  • ControlTower.Client.exceptions.ResourceNotFoundException