ControlTower / Client / enable_control



This API call activates a control. It starts an asynchronous operation that creates Amazon Web Services resources on the specified organizational unit and the accounts it contains. The resources created will vary according to the control that you specify. For usage examples, see the Amazon Web Services Control Tower User Guide.

See also: AWS API Documentation

Request Syntax

response = client.enable_control(
            'key': 'string',
            'value': {...}|[...]|123|123.4|'string'|True|None
        'string': 'string'
  • controlIdentifier (string) –


    The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny control. For information on how to find the controlIdentifier, see the overview page.

  • parameters (list) –

    A list of input parameter values, which are specified to configure the control when you enable it.

    • (dict) –

      A key/value pair, where Key is of type String and Value is of type Document.

      • key (string) – [REQUIRED]

        The key of a key/value pair.

      • value (document) – [REQUIRED]

        The value of a key/value pair.

  • tags (dict) –

    Tags to be applied to the EnabledControl resource.

    • (string) –

      • (string) –

  • targetIdentifier (string) –


    The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

Return type:



Response Syntax

    'arn': 'string',
    'operationIdentifier': 'string'

Response Structure

  • (dict) –

    • arn (string) –

      The ARN of the EnabledControl resource.

    • operationIdentifier (string) –

      The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.


  • ControlTower.Client.exceptions.ValidationException

  • ControlTower.Client.exceptions.ConflictException

  • ControlTower.Client.exceptions.ServiceQuotaExceededException

  • ControlTower.Client.exceptions.InternalServerException

  • ControlTower.Client.exceptions.AccessDeniedException

  • ControlTower.Client.exceptions.ThrottlingException

  • ControlTower.Client.exceptions.ResourceNotFoundException