ControlTower / Client / get_enabled_control

get_enabled_control#

ControlTower.Client.get_enabled_control(**kwargs)#

Retrieves details about an enabled control. For usage examples, see the Controls Reference Guide.

Request Syntax

response = client.get_enabled_control(
    enabledControlIdentifier='string'
)

Parameters:

enabledControlIdentifier (string) –

[REQUIRED]

The controlIdentifier of the enabled control.

Return type:

dict

Returns:

Response Syntax

{
    'enabledControlDetails': {
        'arn': 'string',
        'controlIdentifier': 'string',
        'driftStatusSummary': {
            'driftStatus': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN'
        },
        'parameters': [
            {
                'key': 'string',
                'value': {...}|[...]|123|123.4|'string'|True|None
            },
        ],
        'statusSummary': {
            'lastOperationIdentifier': 'string',
            'status': 'SUCCEEDED'|'FAILED'|'UNDER_CHANGE'
        },
        'targetIdentifier': 'string',
        'targetRegions': [
            {
                'name': 'string'
            },
        ]
    }
}

Response Structure

(dict) –
- enabledControlDetails (dict) –
  
  Information about the enabled control.
  - arn (string) –
    
    The ARN of the enabled control.
  - controlIdentifier (string) –
    
    The control identifier of the enabled control. For information on how to find the controlIdentifier, see the overview page.
  - driftStatusSummary (dict) –
    
    The drift status of the enabled control.
    - driftStatus (string) –
      
      The drift status of the enabled control.
      
      Valid values:
      - DRIFTED: The enabledControl deployed in this configuration doesn’t match the configuration that Amazon Web Services Control Tower expected.
      - IN_SYNC: The enabledControl deployed in this configuration matches the configuration that Amazon Web Services Control Tower expected.
      - NOT_CHECKING: Amazon Web Services Control Tower does not check drift for this enabled control. Drift is not supported for the control type.
      - UNKNOWN: Amazon Web Services Control Tower is not able to check the drift status for the enabled control.
  - parameters (list) –
    
    Array of EnabledControlParameter objects.
    - (dict) –
      
      Returns a summary of information about the parameters of an enabled control.
      - key (string) –
        
        The key of a key/value pair.
      - value (document) –
        
        The value of a key/value pair.
  - statusSummary (dict) –
    
    The deployment summary of the enabled control.
    - lastOperationIdentifier (string) –
      
      The last operation identifier for the enabled resource.
    - status (string) –
      
      The deployment status of the enabled resource.
      
      Valid values:
      - SUCCEEDED: The EnabledControl or EnabledBaseline configuration was deployed successfully.
      - UNDER_CHANGE: The EnabledControl or EnabledBaseline configuration is changing.
      - FAILED: The EnabledControl or EnabledBaseline configuration failed to deploy.
  - targetIdentifier (string) –
    
    The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.
  - targetRegions (list) –
    
    Target Amazon Web Services Regions for the enabled control.
    - (dict) –
      
      An Amazon Web Services Region in which Amazon Web Services Control Tower expects to find the control deployed.
      
      The expected Regions are based on the Regions that are governed by the landing zone. In certain cases, a control is not actually enabled in the Region as expected, such as during drift, or mixed governance.
      - name (string) –
        
        The Amazon Web Services Region name.

Exceptions

ControlTower.Client.exceptions.ValidationException
ControlTower.Client.exceptions.InternalServerException
ControlTower.Client.exceptions.AccessDeniedException
ControlTower.Client.exceptions.ThrottlingException
ControlTower.Client.exceptions.ResourceNotFoundException