feat(client-controltower): AWS Control Tower supports tagging for ena…

…bled controls. This release introduces TagResource, UntagResource and ListTagsForResource APIs to manage tags in existing enabled controls. It updates EnabledControl API to tag resources at creation time.

clients/client-controltower/README.md

@@ -7,7 +7,7 @@
 AWS SDK for JavaScript ControlTower Client for Node.js, Browser and React Native.
 
 <p>These interfaces allow you to apply the AWS library of pre-defined
-<i>controls</i> to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms. .</p>
+<i>controls</i> to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms.</p>
 <p>To call these APIs, you'll need to know:</p>
 <ul>
 <li>
@@ -16,6 +16,9 @@ AWS SDK for JavaScript ControlTower Client for Node.js, Browser and React Native
 <li>
 <p>the ARN associated with the target organizational unit (OU), which we call the <code>targetIdentifier</code>.</p>
 </li>
+<li>
+<p>the ARN associated with a resource that you wish to tag or untag.</p>
+</li>
 </ul>
 <p>
 <b>To get the <code>controlIdentifier</code> for your AWS Control Tower
@@ -28,7 +31,7 @@ find the <code>controlIdentifier</code> for each Region and control in the <a hr
 </p>
 <p>A quick-reference list of control identifers for the AWS Control Tower legacy <i>Strongly recommended</i> and
 <i>Elective</i> controls is given in <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html.html">Resource identifiers for
-APIs and guardrails</a> in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html">Controls reference guide section</a>
+APIs and controls</a> in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html">Controls reference guide section</a>
 of the <i>AWS Control Tower User Guide</i>. Remember that <i>Mandatory</i> controls
 cannot be added or removed.</p>
 <note>
@@ -345,3 +348,27 @@ ListEnabledControls
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/classes/listenabledcontrolscommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/listenabledcontrolscommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/listenabledcontrolscommandoutput.html)
 
 </details>
+<details>
+<summary>
+ListTagsForResource
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/classes/listtagsforresourcecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/listtagsforresourcecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/listtagsforresourcecommandoutput.html)
+
+</details>
+<details>
+<summary>
+TagResource
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/classes/tagresourcecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/tagresourcecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/tagresourcecommandoutput.html)
+
+</details>
+<details>
+<summary>
+UntagResource
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/classes/untagresourcecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/untagresourcecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/untagresourcecommandoutput.html)
+
+</details>

clients/client-controltower/src/ControlTower.ts

@@ -27,6 +27,17 @@ import {
  ListEnabledControlsCommandInput,
  ListEnabledControlsCommandOutput,
 } from "./commands/ListEnabledControlsCommand";
+import {
+ ListTagsForResourceCommand,
+ ListTagsForResourceCommandInput,
+ ListTagsForResourceCommandOutput,
+} from "./commands/ListTagsForResourceCommand";
+import { TagResourceCommand, TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
+import {
+ UntagResourceCommand,
+ UntagResourceCommandInput,
+ UntagResourceCommandOutput,
+} from "./commands/UntagResourceCommand";
 import { ControlTowerClient, ControlTowerClientConfig } from "./ControlTowerClient";
 
 const commands = {
@@ -35,6 +46,9 @@ const commands = {
  GetControlOperationCommand,
  GetEnabledControlCommand,
  ListEnabledControlsCommand,
+ ListTagsForResourceCommand,
+ TagResourceCommand,
+ UntagResourceCommand,
 };
 
 export interface ControlTower {
@@ -113,12 +127,51 @@ export interface ControlTower {
  options: __HttpHandlerOptions,
  cb: (err: any, data?: ListEnabledControlsCommandOutput) => void
  ): void;
+
+ /**
+ * @see {@link ListTagsForResourceCommand}
+ */
+ listTagsForResource(
+ args: ListTagsForResourceCommandInput,
+ options?: __HttpHandlerOptions
+ ): Promise<ListTagsForResourceCommandOutput>;
+ listTagsForResource(
+ args: ListTagsForResourceCommandInput,
+ cb: (err: any, data?: ListTagsForResourceCommandOutput) => void
+ ): void;
+ listTagsForResource(
+ args: ListTagsForResourceCommandInput,
+ options: __HttpHandlerOptions,
+ cb: (err: any, data?: ListTagsForResourceCommandOutput) => void
+ ): void;
+
+ /**
+ * @see {@link TagResourceCommand}
+ */
+ tagResource(args: TagResourceCommandInput, options?: __HttpHandlerOptions): Promise<TagResourceCommandOutput>;
+ tagResource(args: TagResourceCommandInput, cb: (err: any, data?: TagResourceCommandOutput) => void): void;
+ tagResource(
+ args: TagResourceCommandInput,
+ options: __HttpHandlerOptions,
+ cb: (err: any, data?: TagResourceCommandOutput) => void
+ ): void;
+
+ /**
+ * @see {@link UntagResourceCommand}
+ */
+ untagResource(args: UntagResourceCommandInput, options?: __HttpHandlerOptions): Promise<UntagResourceCommandOutput>;
+ untagResource(args: UntagResourceCommandInput, cb: (err: any, data?: UntagResourceCommandOutput) => void): void;
+ untagResource(
+ args: UntagResourceCommandInput,
+ options: __HttpHandlerOptions,
+ cb: (err: any, data?: UntagResourceCommandOutput) => void
+ ): void;
 }
 
 /**
  * @public
  * <p>These interfaces allow you to apply the AWS library of pre-defined
- * <i>controls</i> to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms. .</p>
+ *  <i>controls</i> to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms.</p>
  * <p>To call these APIs, you'll need to know:</p>
  * <ul>
  * <li>
@@ -127,21 +180,24 @@ export interface ControlTower {
  * <li>
  * <p>the ARN associated with the target organizational unit (OU), which we call the <code>targetIdentifier</code>.</p>
  * </li>
+ * <li>
+ * <p>the ARN associated with a resource that you wish to tag or untag.</p>
+ * </li>
  * </ul>
  * <p>
  * <b>To get the <code>controlIdentifier</code> for your AWS Control Tower
- * control:</b>
+ *  control:</b>
  * </p>
  * <p>The <code>controlIdentifier</code> is an ARN that is specified for each
- * control. You can view the <code>controlIdentifier</code> in the console on the <b>Control details</b> page, as well as in the documentation.</p>
+ *  control. You can view the <code>controlIdentifier</code> in the console on the <b>Control details</b> page, as well as in the documentation.</p>
  * <p>The <code>controlIdentifier</code> is unique in each AWS Region for each control. You can
- * find the <code>controlIdentifier</code> for each Region and control in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-metadata-tables.html">Tables of control metadata</a> in the <i>AWS Control Tower User Guide.</i>
+ *  find the <code>controlIdentifier</code> for each Region and control in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-metadata-tables.html">Tables of control metadata</a> in the <i>AWS Control Tower User Guide.</i>
  * </p>
  * <p>A quick-reference list of control identifers for the AWS Control Tower legacy <i>Strongly recommended</i> and
- * <i>Elective</i> controls is given in <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html.html">Resource identifiers for
- * APIs and guardrails</a> in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html">Controls reference guide section</a>
- * of the <i>AWS Control Tower User Guide</i>. Remember that <i>Mandatory</i> controls
- * cannot be added or removed.</p>
+ *  <i>Elective</i> controls is given in <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html.html">Resource identifiers for
+ *  APIs and controls</a> in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html">Controls reference guide section</a>
+ *  of the <i>AWS Control Tower User Guide</i>. Remember that <i>Mandatory</i> controls
+ *  cannot be added or removed.</p>
  * <note>
  * <p>
  * <b>ARN format:</b>
@@ -213,13 +269,13 @@ export interface ControlTower {
  * <b>Recording API Requests</b>
  * </p>
  * <p>AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your
- * AWS account and delivers log files to an Amazon S3 bucket. By using information collected by
- * CloudTrail, you can determine which requests the AWS Control Tower service received, who made
- * the request and when, and so on. For more about AWS Control Tower and its support for
- * CloudTrail, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/logging-using-cloudtrail.html">Logging AWS Control Tower
- * Actions with AWS CloudTrail</a> in the AWS Control Tower User Guide. To learn more about
- * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User
- * Guide.</p>
+ *  AWS account and delivers log files to an Amazon S3 bucket. By using information collected by
+ *  CloudTrail, you can determine which requests the AWS Control Tower service received, who made
+ *  the request and when, and so on. For more about AWS Control Tower and its support for
+ *  CloudTrail, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/logging-using-cloudtrail.html">Logging AWS Control Tower
+ *  Actions with AWS CloudTrail</a> in the AWS Control Tower User Guide. To learn more about
+ *  CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User
+ *  Guide.</p>
  */
 export class ControlTower extends ControlTowerClient implements ControlTower {}
 createAggregatedClient(commands, ControlTower);

clients/client-controltower/src/ControlTowerClient.ts

@@ -61,6 +61,12 @@ import {
  ListEnabledControlsCommandInput,
  ListEnabledControlsCommandOutput,
 } from "./commands/ListEnabledControlsCommand";
+import {
+ ListTagsForResourceCommandInput,
+ ListTagsForResourceCommandOutput,
+} from "./commands/ListTagsForResourceCommand";
+import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
+import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
 import {
  ClientInputEndpointParameters,
  ClientResolvedEndpointParameters,
@@ -80,7 +86,10 @@ export type ServiceInputTypes =
  | EnableControlCommandInput
  | GetControlOperationCommandInput
  | GetEnabledControlCommandInput
- | ListEnabledControlsCommandInput;
+ | ListEnabledControlsCommandInput
+ | ListTagsForResourceCommandInput
+ | TagResourceCommandInput
+ | UntagResourceCommandInput;
 
 /**
  * @public
@@ -90,7 +99,10 @@ export type ServiceOutputTypes =
  | EnableControlCommandOutput
  | GetControlOperationCommandOutput
  | GetEnabledControlCommandOutput
- | ListEnabledControlsCommandOutput;
+ | ListEnabledControlsCommandOutput
+ | ListTagsForResourceCommandOutput
+ | TagResourceCommandOutput
+ | UntagResourceCommandOutput;
 
 /**
  * @public
@@ -265,7 +277,7 @@ export interface ControlTowerClientResolvedConfig extends ControlTowerClientReso
 /**
  * @public
  * <p>These interfaces allow you to apply the AWS library of pre-defined
- * <i>controls</i> to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms. .</p>
+ *  <i>controls</i> to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms.</p>
  * <p>To call these APIs, you'll need to know:</p>
  * <ul>
  * <li>
@@ -274,21 +286,24 @@ export interface ControlTowerClientResolvedConfig extends ControlTowerClientReso
  * <li>
  * <p>the ARN associated with the target organizational unit (OU), which we call the <code>targetIdentifier</code>.</p>
  * </li>
+ * <li>
+ * <p>the ARN associated with a resource that you wish to tag or untag.</p>
+ * </li>
  * </ul>
  * <p>
  * <b>To get the <code>controlIdentifier</code> for your AWS Control Tower
- * control:</b>
+ *  control:</b>
  * </p>
  * <p>The <code>controlIdentifier</code> is an ARN that is specified for each
- * control. You can view the <code>controlIdentifier</code> in the console on the <b>Control details</b> page, as well as in the documentation.</p>
+ *  control. You can view the <code>controlIdentifier</code> in the console on the <b>Control details</b> page, as well as in the documentation.</p>
  * <p>The <code>controlIdentifier</code> is unique in each AWS Region for each control. You can
- * find the <code>controlIdentifier</code> for each Region and control in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-metadata-tables.html">Tables of control metadata</a> in the <i>AWS Control Tower User Guide.</i>
+ *  find the <code>controlIdentifier</code> for each Region and control in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-metadata-tables.html">Tables of control metadata</a> in the <i>AWS Control Tower User Guide.</i>
  * </p>
  * <p>A quick-reference list of control identifers for the AWS Control Tower legacy <i>Strongly recommended</i> and
- * <i>Elective</i> controls is given in <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html.html">Resource identifiers for
- * APIs and guardrails</a> in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html">Controls reference guide section</a>
- * of the <i>AWS Control Tower User Guide</i>. Remember that <i>Mandatory</i> controls
- * cannot be added or removed.</p>
+ *  <i>Elective</i> controls is given in <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html.html">Resource identifiers for
+ *  APIs and controls</a> in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html">Controls reference guide section</a>
+ *  of the <i>AWS Control Tower User Guide</i>. Remember that <i>Mandatory</i> controls
+ *  cannot be added or removed.</p>
  * <note>
  * <p>
  * <b>ARN format:</b>
@@ -360,13 +375,13 @@ export interface ControlTowerClientResolvedConfig extends ControlTowerClientReso
  * <b>Recording API Requests</b>
  * </p>
  * <p>AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your
- * AWS account and delivers log files to an Amazon S3 bucket. By using information collected by
- * CloudTrail, you can determine which requests the AWS Control Tower service received, who made
- * the request and when, and so on. For more about AWS Control Tower and its support for
- * CloudTrail, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/logging-using-cloudtrail.html">Logging AWS Control Tower
- * Actions with AWS CloudTrail</a> in the AWS Control Tower User Guide. To learn more about
- * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User
- * Guide.</p>
+ *  AWS account and delivers log files to an Amazon S3 bucket. By using information collected by
+ *  CloudTrail, you can determine which requests the AWS Control Tower service received, who made
+ *  the request and when, and so on. For more about AWS Control Tower and its support for
+ *  CloudTrail, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/logging-using-cloudtrail.html">Logging AWS Control Tower
+ *  Actions with AWS CloudTrail</a> in the AWS Control Tower User Guide. To learn more about
+ *  CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User
+ *  Guide.</p>
  */
 export class ControlTowerClient extends __Client<
  __HttpHandlerOptions,

clients/client-controltower/src/commands/DisableControlCommand.ts

@@ -38,8 +38,8 @@ export interface DisableControlCommandOutput extends DisableControlOutput, __Met
 /**
  * @public
  * <p>This API call turns off a control. It starts an asynchronous operation that deletes AWS
- * resources on the specified organizational unit and the accounts it contains. The resources
- * will vary according to the control that you specify. For usage examples, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html">
+ *  resources on the specified organizational unit and the accounts it contains. The resources
+ *  will vary according to the control that you specify. For usage examples, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html">
  * <i>the AWS Control Tower User Guide</i>
  * </a>.</p>
  * @example

clients/client-controltower/src/commands/EnableControlCommand.ts

@@ -38,11 +38,10 @@ export interface EnableControlCommandOutput extends EnableControlOutput, __Metad
 /**
  * @public
  * <p>This API call activates a control. It starts an asynchronous operation that creates AWS
- * resources on the specified organizational unit and the accounts it contains. The resources
- * created will vary according to the control that you specify. For usage examples, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html">
+ *  resources on the specified organizational unit and the accounts it contains. The resources
+ *  created will vary according to the control that you specify. For usage examples, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html">
  * <i>the AWS Control Tower User Guide</i>
- * </a>
- * </p>
+ * </a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -52,11 +51,15 @@ export interface EnableControlCommandOutput extends EnableControlOutput, __Metad
  * const input = { // EnableControlInput
  * controlIdentifier: "STRING_VALUE", // required
  * targetIdentifier: "STRING_VALUE", // required
+ * tags: { // TagMap
+ * "<keys>": "STRING_VALUE",
+ * },
  * };
  * const command = new EnableControlCommand(input);
  * const response = await client.send(command);
  * // { // EnableControlOutput
  * // operationIdentifier: "STRING_VALUE", // required
+ * // arn: "STRING_VALUE",
  * // };
  *
  * ```