com.amazonaws.services.controltower.package-info Maven / Gradle / Ivy
Show all versions of aws-java-sdk-controltower Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
/**
*
* Amazon Web Services Control Tower offers application programming interface (API) operations that support programmatic
* interaction with these types of resources:
*
*
* -
*
* Controls
*
*
* -
*
* DisableControl
*
*
* -
*
* EnableControl
*
*
* -
*
*
* -
*
*
* -
*
*
* -
*
*
*
*
* -
*
* Landing zones
*
*
* -
*
*
* -
*
*
* -
*
* GetLandingZone
*
*
* -
*
*
* -
*
* ListLandingZones
*
*
* -
*
* ResetLandingZone
*
*
* -
*
*
*
*
* -
*
* Baselines
*
*
* -
*
* DisableBaseline
*
*
* -
*
* EnableBaseline
*
*
* -
*
* GetBaseline
*
*
* -
*
*
* -
*
*
* -
*
* ListBaselines
*
*
* -
*
*
* -
*
*
* -
*
*
*
*
* -
*
* Tagging
*
*
* -
*
*
* -
*
* TagResource
*
*
* -
*
* UntagResource
*
*
*
*
*
*
* For more information about these types of resources, see the Amazon Web Services
* Control Tower User Guide .
*
*
* About control APIs
*
*
* These interfaces allow you to apply the Amazon Web Services library of pre-defined controls to your
* organizational units, programmatically. In Amazon Web Services Control Tower, the terms "control" and "guardrail" are
* synonyms.
*
*
* To call these APIs, you'll need to know:
*
*
* -
*
* the controlIdentifier for the control--or guardrail--you are targeting.
*
*
* -
*
* the ARN associated with the target organizational unit (OU), which we call the targetIdentifier.
*
*
* -
*
* the ARN associated with a resource that you wish to tag or untag.
*
*
*
*
* To get the controlIdentifier for your Amazon Web Services Control Tower control:
*
*
* The controlIdentifier is an ARN that is specified for each control. You can view the
* controlIdentifier in the console on the Control details page, as well as in the documentation.
*
*
* The controlIdentifier is unique in each Amazon Web Services Region for each control. You can find the
* controlIdentifier for each Region and control in the Tables of
* control metadata or the Control
* availability by Region tables in the Amazon Web Services Control Tower Controls Reference Guide.
*
*
* A quick-reference list of control identifers for the Amazon Web Services Control Tower legacy Strongly
* recommended and Elective controls is given in Resource
* identifiers for APIs and controls in the Amazon Web
* Services Control Tower Controls Reference Guide . Remember that Mandatory controls cannot be added or
* removed.
*
*
*
* ARN format: arn:aws:controltower:{REGION}::control/{CONTROL_NAME}
*
*
* Example:
*
*
* arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED
*
*
*
* To get the targetIdentifier:
*
*
* The targetIdentifier is the ARN for an OU.
*
*
* In the Amazon Web Services Organizations console, you can find the ARN for the OU on the Organizational unit
* details page associated with that OU.
*
*
*
* OU ARN format:
*
*
* arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}
*
*
*
* About landing zone APIs
*
*
* You can configure and launch an Amazon Web Services Control Tower landing zone with APIs. For an introduction and
* steps, see Getting
* started with Amazon Web Services Control Tower using APIs.
*
*
* For an overview of landing zone API operations, see Amazon Web Services
* Control Tower supports landing zone APIs. The individual API operations for landing zones are detailed in this
* document, the API
* reference manual, in the "Actions" section.
*
*
* About baseline APIs
*
*
* You can apply the AWSControlTowerBaseline baseline to an organizational unit (OU) as a way to register
* the OU with Amazon Web Services Control Tower, programmatically. For a general overview of this capability, see Amazon Web Services
* Control Tower supports APIs for OU registration and configuration with baselines.
*
*
* You can call the baseline API operations to view the baselines that Amazon Web Services Control Tower enables for
* your landing zone, on your behalf, when setting up the landing zone. These baselines are read-only baselines.
*
*
* The individual API operations for baselines are detailed in this document, the API reference manual, in
* the "Actions" section. For usage examples, see Baseline API input and
* output examples with CLI.
*
*
* Details and examples
*
*
* -
*
*
* -
*
*
* -
*
*
* -
*
*
* -
*
*
* -
*
*
* -
*
*
* -
*
*
* -
*
*
* -
*
*
* Creating Amazon Web Services Control Tower resources with Amazon Web Services CloudFormation
*
*
*
*
* To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower
*
*
* Recording API Requests
*
*
* Amazon Web Services Control Tower supports Amazon Web Services CloudTrail, a service that records Amazon Web Services
* API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information
* collected by CloudTrail, you can determine which requests the Amazon Web Services Control Tower service received, who
* made the request and when, and so on. For more about Amazon Web Services Control Tower and its support for
* CloudTrail, see Logging Amazon Web
* Services Control Tower Actions with Amazon Web Services CloudTrail in the Amazon Web Services Control Tower User
* Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the Amazon Web
* Services CloudTrail User Guide.
*
*/
package com.amazonaws.services.controltower;