ControlTower / Client / list_enabled_controls
list_enabled_controls#
- ControlTower.Client.list_enabled_controls(**kwargs)#
Lists the controls enabled by Amazon Web Services Control Tower on the specified organizational unit and the accounts it contains. For usage examples, see the Controls Reference Guide.
See also: AWS API Documentation
Request Syntax
response = client.list_enabled_controls( filter={ 'controlIdentifiers': [ 'string', ], 'driftStatuses': [ 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN', ], 'statuses': [ 'SUCCEEDED'|'FAILED'|'UNDER_CHANGE', ] }, maxResults=123, nextToken='string', targetIdentifier='string' )
- Parameters:
filter (dict) –
An input filter for the
ListEnabledControlsAPI that lets you select the types of control operations to view.controlIdentifiers (list) –
The set of
controlIdentifierreturned by the filter.(string) –
driftStatuses (list) –
A list of
DriftStatusitems.(string) –
statuses (list) –
A list of
EnablementStatusitems.(string) –
maxResults (integer) – How many results to return per API call.
nextToken (string) – The token to continue the list from a previous API call with the same parameters.
targetIdentifier (string) – The ARN of the organizational unit. For information on how to find the
targetIdentifier, see the overview page.
- Return type:
dict
- Returns:
Response Syntax
{ 'enabledControls': [ { 'arn': 'string', 'controlIdentifier': 'string', 'driftStatusSummary': { 'driftStatus': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN' }, 'statusSummary': { 'lastOperationIdentifier': 'string', 'status': 'SUCCEEDED'|'FAILED'|'UNDER_CHANGE' }, 'targetIdentifier': 'string' }, ], 'nextToken': 'string' }
Response Structure
(dict) –
enabledControls (list) –
Lists the controls enabled by Amazon Web Services Control Tower on the specified organizational unit and the accounts it contains.
(dict) –
Returns a summary of information about an enabled control.
arn (string) –
The ARN of the enabled control.
controlIdentifier (string) –
The
controlIdentifierof the enabled control.driftStatusSummary (dict) –
The drift status of the enabled control.
driftStatus (string) –
The drift status of the enabled control.
Valid values:
DRIFTED: TheenabledControldeployed in this configuration doesn’t match the configuration that Amazon Web Services Control Tower expected.IN_SYNC: TheenabledControldeployed in this configuration matches the configuration that Amazon Web Services Control Tower expected.NOT_CHECKING: Amazon Web Services Control Tower does not check drift for this enabled control. Drift is not supported for the control type.UNKNOWN: Amazon Web Services Control Tower is not able to check the drift status for the enabled control.
statusSummary (dict) –
A short description of the status of the enabled control.
lastOperationIdentifier (string) –
The last operation identifier for the enabled resource.
status (string) –
The deployment status of the enabled resource.
Valid values:
SUCCEEDED: TheEnabledControlorEnabledBaselineconfiguration was deployed successfully.UNDER_CHANGE: TheEnabledControlorEnabledBaselineconfiguration is changing.FAILED: TheEnabledControlorEnabledBaselineconfiguration failed to deploy.
targetIdentifier (string) –
The ARN of the organizational unit.
nextToken (string) –
Retrieves the next page of results. If the string is empty, the response is the end of the results.
Exceptions
ControlTower.Client.exceptions.ValidationExceptionControlTower.Client.exceptions.InternalServerExceptionControlTower.Client.exceptions.AccessDeniedExceptionControlTower.Client.exceptions.ThrottlingExceptionControlTower.Client.exceptions.ResourceNotFoundException