From 360b88a25ffa62c4059ba5ec092ca562cd5867be Mon Sep 17 00:00:00 2001
From: awstools These interfaces allow you to apply the AWS library of pre-defined
-controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms. .
To call these APIs, you'll need to know:
the ARN associated with the target organizational unit (OU), which we call the targetIdentifier
.
the ARN associated with a resource that you wish to tag or untag.
+
To get the A quick-reference list of control identifers for the AWS Control Tower legacy Strongly recommended and
Elective controls is given in Resource identifiers for
-APIs and guardrails in the Controls reference guide section
+APIs and controlscontrolIdentifier
for your AWS Control Tower
@@ -28,7 +31,7 @@ find the controlIdentifier
for each Region and control in the
These interfaces allow you to apply the AWS library of pre-defined - * controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms. .
+ * controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms. *To call these APIs, you'll need to know:
*the ARN associated with the target organizational unit (OU), which we call the targetIdentifier
.
the ARN associated with a resource that you wish to tag or untag.
+ *
* To get the controlIdentifier
for your AWS Control Tower
- * control:
+ * control:
*
The controlIdentifier
is an ARN that is specified for each
- * control. You can view the controlIdentifier
in the console on the Control details page, as well as in the documentation.
controlIdentifier
in the console on the Control details page, as well as in the documentation.
* The controlIdentifier
is unique in each AWS Region for each control. You can
- * find the controlIdentifier
for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide.
+ * find the controlIdentifier
for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide.
*
A quick-reference list of control identifers for the AWS Control Tower legacy Strongly recommended and - * Elective controls is given in Resource identifiers for - * APIs and guardrails in the Controls reference guide section - * of the AWS Control Tower User Guide. Remember that Mandatory controls - * cannot be added or removed.
+ * Elective controls is given in Resource identifiers for + * APIs and controls in the Controls reference guide section + * of the AWS Control Tower User Guide. Remember that Mandatory controls + * cannot be added or removed. ** ARN format: @@ -213,13 +269,13 @@ export interface ControlTower { * Recording API Requests *
*AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your - * AWS account and delivers log files to an Amazon S3 bucket. By using information collected by - * CloudTrail, you can determine which requests the AWS Control Tower service received, who made - * the request and when, and so on. For more about AWS Control Tower and its support for - * CloudTrail, see Logging AWS Control Tower - * Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about - * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User - * Guide.
+ * AWS account and delivers log files to an Amazon S3 bucket. By using information collected by + * CloudTrail, you can determine which requests the AWS Control Tower service received, who made + * the request and when, and so on. For more about AWS Control Tower and its support for + * CloudTrail, see Logging AWS Control Tower + * Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about + * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User + * Guide. */ export class ControlTower extends ControlTowerClient implements ControlTower {} createAggregatedClient(commands, ControlTower); diff --git a/clients/client-controltower/src/ControlTowerClient.ts b/clients/client-controltower/src/ControlTowerClient.ts index bfad797d353b..81d6ee688aa0 100644 --- a/clients/client-controltower/src/ControlTowerClient.ts +++ b/clients/client-controltower/src/ControlTowerClient.ts @@ -61,6 +61,12 @@ import { ListEnabledControlsCommandInput, ListEnabledControlsCommandOutput, } from "./commands/ListEnabledControlsCommand"; +import { + ListTagsForResourceCommandInput, + ListTagsForResourceCommandOutput, +} from "./commands/ListTagsForResourceCommand"; +import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand"; +import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand"; import { ClientInputEndpointParameters, ClientResolvedEndpointParameters, @@ -80,7 +86,10 @@ export type ServiceInputTypes = | EnableControlCommandInput | GetControlOperationCommandInput | GetEnabledControlCommandInput - | ListEnabledControlsCommandInput; + | ListEnabledControlsCommandInput + | ListTagsForResourceCommandInput + | TagResourceCommandInput + | UntagResourceCommandInput; /** * @public @@ -90,7 +99,10 @@ export type ServiceOutputTypes = | EnableControlCommandOutput | GetControlOperationCommandOutput | GetEnabledControlCommandOutput - | ListEnabledControlsCommandOutput; + | ListEnabledControlsCommandOutput + | ListTagsForResourceCommandOutput + | TagResourceCommandOutput + | UntagResourceCommandOutput; /** * @public @@ -265,7 +277,7 @@ export interface ControlTowerClientResolvedConfig extends ControlTowerClientReso /** * @public *These interfaces allow you to apply the AWS library of pre-defined - * controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms. .
+ * controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms. *To call these APIs, you'll need to know:
*the ARN associated with the target organizational unit (OU), which we call the targetIdentifier
.
the ARN associated with a resource that you wish to tag or untag.
+ *
* To get the controlIdentifier
for your AWS Control Tower
- * control:
+ * control:
*
The controlIdentifier
is an ARN that is specified for each
- * control. You can view the controlIdentifier
in the console on the Control details page, as well as in the documentation.
controlIdentifier
in the console on the Control details page, as well as in the documentation.
* The controlIdentifier
is unique in each AWS Region for each control. You can
- * find the controlIdentifier
for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide.
+ * find the controlIdentifier
for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide.
*
A quick-reference list of control identifers for the AWS Control Tower legacy Strongly recommended and - * Elective controls is given in Resource identifiers for - * APIs and guardrails in the Controls reference guide section - * of the AWS Control Tower User Guide. Remember that Mandatory controls - * cannot be added or removed.
+ * Elective controls is given in Resource identifiers for + * APIs and controls in the Controls reference guide section + * of the AWS Control Tower User Guide. Remember that Mandatory controls + * cannot be added or removed. ** ARN format: @@ -360,13 +375,13 @@ export interface ControlTowerClientResolvedConfig extends ControlTowerClientReso * Recording API Requests *
*AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your - * AWS account and delivers log files to an Amazon S3 bucket. By using information collected by - * CloudTrail, you can determine which requests the AWS Control Tower service received, who made - * the request and when, and so on. For more about AWS Control Tower and its support for - * CloudTrail, see Logging AWS Control Tower - * Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about - * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User - * Guide.
+ * AWS account and delivers log files to an Amazon S3 bucket. By using information collected by + * CloudTrail, you can determine which requests the AWS Control Tower service received, who made + * the request and when, and so on. For more about AWS Control Tower and its support for + * CloudTrail, see Logging AWS Control Tower + * Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about + * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User + * Guide. */ export class ControlTowerClient extends __Client< __HttpHandlerOptions, diff --git a/clients/client-controltower/src/commands/DisableControlCommand.ts b/clients/client-controltower/src/commands/DisableControlCommand.ts index 2bdc0b0b5526..2ab45586b902 100644 --- a/clients/client-controltower/src/commands/DisableControlCommand.ts +++ b/clients/client-controltower/src/commands/DisableControlCommand.ts @@ -38,8 +38,8 @@ export interface DisableControlCommandOutput extends DisableControlOutput, __Met /** * @public *This API call turns off a control. It starts an asynchronous operation that deletes AWS - * resources on the specified organizational unit and the accounts it contains. The resources - * will vary according to the control that you specify. For usage examples, see + * resources on the specified organizational unit and the accounts it contains. The resources + * will vary according to the control that you specify. For usage examples, see * the AWS Control Tower User Guide * .
* @example diff --git a/clients/client-controltower/src/commands/EnableControlCommand.ts b/clients/client-controltower/src/commands/EnableControlCommand.ts index 1407c93a8f9a..757a5b07e01f 100644 --- a/clients/client-controltower/src/commands/EnableControlCommand.ts +++ b/clients/client-controltower/src/commands/EnableControlCommand.ts @@ -38,11 +38,10 @@ export interface EnableControlCommandOutput extends EnableControlOutput, __Metad /** * @public *This API call activates a control. It starts an asynchronous operation that creates AWS - * resources on the specified organizational unit and the accounts it contains. The resources - * created will vary according to the control that you specify. For usage examples, see + * resources on the specified organizational unit and the accounts it contains. The resources + * created will vary according to the control that you specify. For usage examples, see * the AWS Control Tower User Guide - * - *
+ * . * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -52,11 +51,15 @@ export interface EnableControlCommandOutput extends EnableControlOutput, __Metad * const input = { // EnableControlInput * controlIdentifier: "STRING_VALUE", // required * targetIdentifier: "STRING_VALUE", // required + * tags: { // TagMap + * "Returns the status of a particular EnableControl
or
- * DisableControl
operation. Displays a message in case of error. Details for an
- * operation are available for 90 days. For usage examples, see
+ * DisableControl
operation. Displays a message in case of error. Details for an
+ * operation are available for 90 days. For usage examples, see
* the AWS Control Tower User Guide
- *
- *
- * Provides details about the enabled control. For usage examples, see
+ * Retrieves details about an enabled control. For usage examples, see
* the AWS Control Tower User Guide
* .
- * Returned values
- * TargetRegions: Shows target AWS Regions where the enabled control is available to be deployed. StatusSummary: Provides a detailed summary of the deployment status. DriftSummary: Provides a detailed summary of the drifted status. Lists the controls enabled by AWS Control Tower on the specified organizational unit and
- * the accounts it contains. For usage examples, see
+ * the accounts it contains. For usage examples, see
* the AWS Control Tower User Guide
- *
- *
- *
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
diff --git a/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts b/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts
index e5ee83389249..d0a60399cc95 100644
--- a/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts
+++ b/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts
@@ -38,10 +38,9 @@ export interface ListEnabledControlsCommandOutput extends ListEnabledControlsOut
/**
* @public
*
Returns a list of tags associated with the resource. For usage examples, see + * the AWS Control Tower User Guide + * .
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { ControlTowerClient, ListTagsForResourceCommand } from "@aws-sdk/client-controltower"; // ES Modules import + * // const { ControlTowerClient, ListTagsForResourceCommand } = require("@aws-sdk/client-controltower"); // CommonJS import + * const client = new ControlTowerClient(config); + * const input = { // ListTagsForResourceInput + * resourceArn: "STRING_VALUE", // required + * }; + * const command = new ListTagsForResourceCommand(input); + * const response = await client.send(command); + * // { // ListTagsForResourceOutput + * // tags: { // TagMap // required + * // "Unexpected error during processing of request.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *Request references a resource which does not exist.
+ * + * @throws {@link ValidationException} (client fault) + *The input fails to satisfy the constraints specified by an AWS service.
+ * + * @throws {@link ControlTowerServiceException} + *Base exception class for all service exceptions from ControlTower service.
+ * + */ +export class ListTagsForResourceCommand extends $Command< + ListTagsForResourceCommandInput, + ListTagsForResourceCommandOutput, + ControlTowerClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: ListTagsForResourceCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackApplies tags to a resource. For usage examples, see + * the AWS Control Tower User Guide + * .
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { ControlTowerClient, TagResourceCommand } from "@aws-sdk/client-controltower"; // ES Modules import + * // const { ControlTowerClient, TagResourceCommand } = require("@aws-sdk/client-controltower"); // CommonJS import + * const client = new ControlTowerClient(config); + * const input = { // TagResourceInput + * resourceArn: "STRING_VALUE", // required + * tags: { // TagMap // required + * "Unexpected error during processing of request.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *Request references a resource which does not exist.
+ * + * @throws {@link ValidationException} (client fault) + *The input fails to satisfy the constraints specified by an AWS service.
+ * + * @throws {@link ControlTowerServiceException} + *Base exception class for all service exceptions from ControlTower service.
+ * + */ +export class TagResourceCommand extends $Command< + TagResourceCommandInput, + TagResourceCommandOutput, + ControlTowerClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: TagResourceCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackRemoves tags from a resource. For usage examples, see + * the AWS Control Tower User Guide + * .
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { ControlTowerClient, UntagResourceCommand } from "@aws-sdk/client-controltower"; // ES Modules import + * // const { ControlTowerClient, UntagResourceCommand } = require("@aws-sdk/client-controltower"); // CommonJS import + * const client = new ControlTowerClient(config); + * const input = { // UntagResourceInput + * resourceArn: "STRING_VALUE", // required + * tagKeys: [ // TagKeys // required + * "STRING_VALUE", + * ], + * }; + * const command = new UntagResourceCommand(input); + * const response = await client.send(command); + * // {}; + * + * ``` + * + * @param UntagResourceCommandInput - {@link UntagResourceCommandInput} + * @returns {@link UntagResourceCommandOutput} + * @see {@link UntagResourceCommandInput} for command's `input` shape. + * @see {@link UntagResourceCommandOutput} for command's `response` shape. + * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape. + * + * @throws {@link InternalServerException} (server fault) + *Unexpected error during processing of request.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *Request references a resource which does not exist.
+ * + * @throws {@link ValidationException} (client fault) + *The input fails to satisfy the constraints specified by an AWS service.
+ * + * @throws {@link ControlTowerServiceException} + *Base exception class for all service exceptions from ControlTower service.
+ * + */ +export class UntagResourceCommand extends $Command< + UntagResourceCommandInput, + UntagResourceCommandOutput, + ControlTowerClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: UntagResourceCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackThese interfaces allow you to apply the AWS library of pre-defined - * controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms. .
+ * controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms. *To call these APIs, you'll need to know:
*the ARN associated with the target organizational unit (OU), which we call the targetIdentifier
.
the ARN associated with a resource that you wish to tag or untag.
+ *
* To get the controlIdentifier
for your AWS Control Tower
- * control:
+ * control:
*
The controlIdentifier
is an ARN that is specified for each
- * control. You can view the controlIdentifier
in the console on the Control details page, as well as in the documentation.
controlIdentifier
in the console on the Control details page, as well as in the documentation.
* The controlIdentifier
is unique in each AWS Region for each control. You can
- * find the controlIdentifier
for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide.
+ * find the controlIdentifier
for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide.
*
A quick-reference list of control identifers for the AWS Control Tower legacy Strongly recommended and - * Elective controls is given in Resource identifiers for - * APIs and guardrails in the Controls reference guide section - * of the AWS Control Tower User Guide. Remember that Mandatory controls - * cannot be added or removed.
+ * Elective controls is given in Resource identifiers for + * APIs and controls in the Controls reference guide section + * of the AWS Control Tower User Guide. Remember that Mandatory controls + * cannot be added or removed. ** ARN format: @@ -97,13 +100,13 @@ * Recording API Requests *
*AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your - * AWS account and delivers log files to an Amazon S3 bucket. By using information collected by - * CloudTrail, you can determine which requests the AWS Control Tower service received, who made - * the request and when, and so on. For more about AWS Control Tower and its support for - * CloudTrail, see Logging AWS Control Tower - * Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about - * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User - * Guide.
+ * AWS account and delivers log files to an Amazon S3 bucket. By using information collected by + * CloudTrail, you can determine which requests the AWS Control Tower service received, who made + * the request and when, and so on. For more about AWS Control Tower and its support for + * CloudTrail, see Logging AWS Control Tower + * Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about + * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User + * Guide. * * @packageDocumentation */ diff --git a/clients/client-controltower/src/models/models_0.ts b/clients/client-controltower/src/models/models_0.ts index 2792cd3d0a88..65f3b678e12b 100644 --- a/clients/client-controltower/src/models/models_0.ts +++ b/clients/client-controltower/src/models/models_0.ts @@ -50,8 +50,8 @@ export interface DisableControlInput { /** * @public *The ARN of the control. Only Strongly recommended and
- * Elective controls are permitted, with the exception of the
- * Region deny control. For information on how to find the controlIdentifier
, see the overview page.
controlIdentifier
, see the overview page.
*/
controlIdentifier: string | undefined;
@@ -69,7 +69,7 @@ export interface DisableControlOutput {
/**
* @public
* The ID of the asynchronous operation, which is used to track status. The operation is - * available for 90 days.
+ * available for 90 days. */ operationIdentifier: string | undefined; } @@ -206,8 +206,8 @@ export interface EnableControlInput { /** * @public *The ARN of the control. Only Strongly recommended and
- * Elective controls are permitted, with the exception of the
- * Region deny control. For information on how to find the controlIdentifier
, see the overview page.
controlIdentifier
, see the overview page.
*/
controlIdentifier: string | undefined;
@@ -216,6 +216,12 @@ export interface EnableControlInput {
* The ARN of the organizational unit. For information on how to find the targetIdentifier
, see the overview page.
Tags to be applied to the EnabledControl
resource.
The ID of the asynchronous operation, which is used to track status. The operation is - * available for 90 days.
+ * available for 90 days. */ operationIdentifier: string | undefined; + + /** + * @public + *The ARN of the EnabledControl
resource.
The ID of the asynchronous operation, which is used to track status. The operation is - * available for 90 days.
+ * available for 90 days. */ operationIdentifier: string | undefined; } @@ -303,7 +315,7 @@ export interface ControlOperation { /** * @public *If the operation result is FAILED
, this string contains a message explaining
- * why the operation failed.
- * The ARN of the enabled control. - *
+ *The controlIdentifier
of the enabled control.
The drift summary of the enabled control.
*AWS Control Tower expects the enabled control - * configuration to include all supported and governed Regions. If the enabled control differs - * from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.
+ * configuration to include all supported and governed Regions. If the enabled control differs + * from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control. */ export interface DriftStatusSummary { /** @@ -364,22 +374,22 @@ export interface DriftStatusSummary { *
* DRIFTED
: The enabledControl
deployed in this configuration
- * doesn’t match the configuration that AWS Control Tower expected.
* IN_SYNC
: The enabledControl
deployed in this configuration matches
- * the configuration that AWS Control Tower expected.
* NOT_CHECKING
: AWS Control Tower does not check drift for this enabled
- * control. Drift is not supported for the control type.
* UNKNOWN
: AWS Control Tower is not able to check the drift status for the
- * enabled control.
- * The deployment summary of the enabled control. - *
+ *The deployment summary of the enabled control.
*/ export interface EnablementStatusSummary { /** @@ -431,9 +439,7 @@ export interface EnablementStatusSummary { /** * @public - *- * The last operation identifier for the enabled control. - *
+ *The last operation identifier for the enabled control.
*/ lastOperationIdentifier?: string; } @@ -442,71 +448,55 @@ export interface EnablementStatusSummary { * @public *An AWS Region in which AWS Control Tower expects to find the control deployed.
*The expected Regions are based on the Regions that are governed by the landing zone. In - * certain cases, a control is not actually enabled in the Region as expected, such as during - * drift, or mixed governance.
+ * certain cases, a control is not actually enabled in the Region as expected, such as during + * drift, or mixed governance. */ export interface Region { /** * @public - *- * The AWS Region name. - *
+ *The AWS Region name.
*/ name?: string; } /** * @public - *- * Information about the enabled control. - *
+ *Information about the enabled control.
*/ export interface EnabledControlDetails { /** * @public - *- * The ARN of the enabled control. - *
+ *The ARN of the enabled control.
*/ arn?: string; /** * @public - *
- * The control identifier of the enabled control. For information on how to find the controlIdentifier
, see the overview page.
- *
The control identifier of the enabled control. For information on how to find the controlIdentifier
, see the overview page.
- * The ARN of the organizational unit. For information on how to find the targetIdentifier
, see the overview page.
- *
The ARN of the organizational unit. For information on how to find the targetIdentifier
, see the overview page.
- * Target AWS Regions for the enabled control. - *
+ *Target AWS Regions for the enabled control.
*/ targetRegions?: Region[]; /** * @public - *- * The deployment summary of the enabled control. - *
+ *The deployment summary of the enabled control.
*/ statusSummary?: EnablementStatusSummary; /** * @public - *- * The drift status of the enabled control. - *
+ *The drift status of the enabled control.
*/ driftStatusSummary?: DriftStatusSummary; } @@ -517,9 +507,7 @@ export interface EnabledControlDetails { export interface GetEnabledControlOutput { /** * @public - *- * Information about the enabled control. - *
+ *Information about the enabled control.
*/ enabledControlDetails: EnabledControlDetails | undefined; } @@ -549,44 +537,38 @@ export interface ListEnabledControlsInput { /** * @public - *A summary of enabled controls.
+ *Returns a summary of information about an enabled control.
*/ export interface EnabledControlSummary { /** * @public - *The ARN of the control. Only Strongly recommended and
- * Elective controls are permitted, with the exception of the
- * Region deny control. For information on how to find the controlIdentifier
, see the overview page.
The controlIdentifier
of the enabled control.
- * The ARN of the enabled control. - *
+ *The ARN of the enabled control.
*/ arn?: string; /** * @public *- * The ARN of the organizational unit. + * The ARN of the organizational unit. *
*/ targetIdentifier?: string; /** * @public - * + *A short description of the status of the enabled control.
*/ statusSummary?: EnablementStatusSummary; /** * @public - *- * The drift status of the enabled control. - *
+ *The drift status of the enabled control.
*/ driftStatusSummary?: DriftStatusSummary; } @@ -598,14 +580,80 @@ export interface ListEnabledControlsOutput { /** * @public *Lists the controls enabled by AWS Control Tower on the specified organizational unit and - * the accounts it contains.
+ * the accounts it contains. */ enabledControls: EnabledControlSummary[] | undefined; /** * @public *Retrieves the next page of results. If the string is empty, the current response is the - * end of the results.
+ * end of the results. */ nextToken?: string; } + +/** + * @public + */ +export interface ListTagsForResourceInput { + /** + * @public + *The ARN of the resource.
+ */ + resourceArn: string | undefined; +} + +/** + * @public + */ +export interface ListTagsForResourceOutput { + /** + * @public + *A list of tags, as key:value
strings.
The ARN of the resource to be tagged.
+ */ + resourceArn: string | undefined; + + /** + * @public + *Tags to be applied to the resource.
+ */ + tags: RecordThe ARN of the resource.
+ */ + resourceArn: string | undefined; + + /** + * @public + *Tag keys to be removed from the resource.
+ */ + tagKeys: string[] | undefined; +} + +/** + * @public + */ +export interface UntagResourceOutput {} diff --git a/clients/client-controltower/src/protocols/Aws_restJson1.ts b/clients/client-controltower/src/protocols/Aws_restJson1.ts index 9bbbab32ff7e..d2b672eac139 100644 --- a/clients/client-controltower/src/protocols/Aws_restJson1.ts +++ b/clients/client-controltower/src/protocols/Aws_restJson1.ts @@ -7,8 +7,10 @@ import { expectNonNull as __expectNonNull, expectObject as __expectObject, expectString as __expectString, + extendedEncodeURIComponent as __extendedEncodeURIComponent, map, parseRfc3339DateTimeWithOffset as __parseRfc3339DateTimeWithOffset, + resolvedPath as __resolvedPath, strictParseInt32 as __strictParseInt32, take, withBaseException, @@ -30,6 +32,12 @@ import { ListEnabledControlsCommandInput, ListEnabledControlsCommandOutput, } from "../commands/ListEnabledControlsCommand"; +import { + ListTagsForResourceCommandInput, + ListTagsForResourceCommandOutput, +} from "../commands/ListTagsForResourceCommand"; +import { TagResourceCommandInput, TagResourceCommandOutput } from "../commands/TagResourceCommand"; +import { UntagResourceCommandInput, UntagResourceCommandOutput } from "../commands/UntagResourceCommand"; import { ControlTowerServiceException as __BaseException } from "../models/ControlTowerServiceException"; import { AccessDeniedException, @@ -88,6 +96,7 @@ export const se_EnableControlCommand = async ( body = JSON.stringify( take(input, { controlIdentifier: [], + tags: (_) => _json(_), targetIdentifier: [], }) ); @@ -191,6 +200,89 @@ export const se_ListEnabledControlsCommand = async ( }); }; +/** + * serializeAws_restJson1ListTagsForResourceCommand + */ +export const se_ListTagsForResourceCommand = async ( + input: ListTagsForResourceCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = {}; + let resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/tags/{resourceArn}"; + resolvedPath = __resolvedPath(resolvedPath, input, "resourceArn", () => input.resourceArn!, "{resourceArn}", false); + let body: any; + return new __HttpRequest({ + protocol, + hostname, + port, + method: "GET", + headers, + path: resolvedPath, + body, + }); +}; + +/** + * serializeAws_restJson1TagResourceCommand + */ +export const se_TagResourceCommand = async ( + input: TagResourceCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + let resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/tags/{resourceArn}"; + resolvedPath = __resolvedPath(resolvedPath, input, "resourceArn", () => input.resourceArn!, "{resourceArn}", false); + let body: any; + body = JSON.stringify( + take(input, { + tags: (_) => _json(_), + }) + ); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "POST", + headers, + path: resolvedPath, + body, + }); +}; + +/** + * serializeAws_restJson1UntagResourceCommand + */ +export const se_UntagResourceCommand = async ( + input: UntagResourceCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = {}; + let resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/tags/{resourceArn}"; + resolvedPath = __resolvedPath(resolvedPath, input, "resourceArn", () => input.resourceArn!, "{resourceArn}", false); + const query: any = map({ + tagKeys: [ + __expectNonNull(input.tagKeys, `tagKeys`) != null, + () => (input.tagKeys! || []).map((_entry) => _entry as any), + ], + }); + let body: any; + return new __HttpRequest({ + protocol, + hostname, + port, + method: "DELETE", + headers, + path: resolvedPath, + query, + body, + }); +}; + /** * deserializeAws_restJson1DisableControlCommand */ @@ -271,6 +363,7 @@ export const de_EnableControlCommand = async ( }); const data: RecordThese interfaces allow you to apply the AWS library of pre-defined\n controls to your organizational units, programmatically. In AWS Control Tower, the terms \"control\" and \"guardrail\" are synonyms. .
\nTo call these APIs, you'll need to know:
\nthe controlIdentifier
for the control--or guardrail--you are targeting.
the ARN associated with the target organizational unit (OU), which we call the targetIdentifier
.
\n To get the controlIdentifier
for your AWS Control Tower\n control:\n
The controlIdentifier
is an ARN that is specified for each\n control. You can view the controlIdentifier
in the console on the Control details page, as well as in the documentation.
The controlIdentifier
is unique in each AWS Region for each control. You can\n find the controlIdentifier
for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide.\n
A quick-reference list of control identifers for the AWS Control Tower legacy Strongly recommended and\n Elective controls is given in Resource identifiers for\n APIs and guardrails in the Controls reference guide section\n of the AWS Control Tower User Guide. Remember that Mandatory controls\n cannot be added or removed.
\n\n ARN format:\n arn:aws:controltower:{REGION}::control/{CONTROL_NAME}
\n
\n Example:\n
\n\n arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED
\n
\n To get the targetIdentifier
:\n
The targetIdentifier
is the ARN for an OU.
In the AWS Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.
\n\n OU ARN format:\n
\n\n arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}
\n
\n Details and examples\n
\n\n Creating AWS Control Tower resources with AWS CloudFormation\n
\nTo view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower\n
\n\n Recording API Requests\n
\nAWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your\n AWS account and delivers log files to an Amazon S3 bucket. By using information collected by\n CloudTrail, you can determine which requests the AWS Control Tower service received, who made\n the request and when, and so on. For more about AWS Control Tower and its support for\n CloudTrail, see Logging AWS Control Tower\n Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about\n CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User\n Guide.
", + "smithy.api#documentation": "These interfaces allow you to apply the AWS library of pre-defined\n controls to your organizational units, programmatically. In AWS Control Tower, the terms \"control\" and \"guardrail\" are synonyms.
\nTo call these APIs, you'll need to know:
\nthe controlIdentifier
for the control--or guardrail--you are targeting.
the ARN associated with the target organizational unit (OU), which we call the targetIdentifier
.
the ARN associated with a resource that you wish to tag or untag.
\n\n To get the controlIdentifier
for your AWS Control Tower\n control:\n
The controlIdentifier
is an ARN that is specified for each\n control. You can view the controlIdentifier
in the console on the Control details page, as well as in the documentation.
The controlIdentifier
is unique in each AWS Region for each control. You can\n find the controlIdentifier
for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide.\n
A quick-reference list of control identifers for the AWS Control Tower legacy Strongly recommended and\n Elective controls is given in Resource identifiers for\n APIs and controls in the Controls reference guide section\n of the AWS Control Tower User Guide. Remember that Mandatory controls\n cannot be added or removed.
\n\n ARN format:\n arn:aws:controltower:{REGION}::control/{CONTROL_NAME}
\n
\n Example:\n
\n\n arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED
\n
\n To get the targetIdentifier
:\n
The targetIdentifier
is the ARN for an OU.
In the AWS Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.
\n\n OU ARN format:\n
\n\n arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}
\n
\n Details and examples\n
\n\n Creating AWS Control Tower resources with AWS CloudFormation\n
\nTo view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower\n
\n\n Recording API Requests\n
\nAWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your\n AWS account and delivers log files to an Amazon S3 bucket. By using information collected by\n CloudTrail, you can determine which requests the AWS Control Tower service received, who made\n the request and when, and so on. For more about AWS Control Tower and its support for\n CloudTrail, see Logging AWS Control Tower\n Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about\n CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User\n Guide.
", "smithy.api#title": "AWS Control Tower", "smithy.rules#endpointRuleSet": { "version": "1.0", @@ -895,6 +904,17 @@ "expect": { "error": "Invalid Configuration: Missing Region" } + }, + { + "documentation": "Partition doesn't support DualStack", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true + } } ], "version": "1.0" @@ -985,7 +1005,7 @@ "statusMessage": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "If the operation result is FAILED
, this string contains a message explaining\n why the operation failed.
If the operation result is FAILED
, this string contains a message explaining\n why the operation failed.
This API call turns off a control. It starts an asynchronous operation that deletes AWS\n resources on the specified organizational unit and the accounts it contains. The resources\n will vary according to the control that you specify. For usage examples, see \n the AWS Control Tower User Guide\n .
", + "smithy.api#documentation": "This API call turns off a control. It starts an asynchronous operation that deletes AWS\n resources on the specified organizational unit and the accounts it contains. The resources\n will vary according to the control that you specify. For usage examples, see \n the AWS Control Tower User Guide\n .
", "smithy.api#http": { "code": 200, "method": "POST", @@ -1073,7 +1093,7 @@ "controlIdentifier": { "target": "com.amazonaws.controltower#ControlIdentifier", "traits": { - "smithy.api#documentation": "The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier
, see the overview page.
The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier
, see the overview page.
The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.
", + "smithy.api#documentation": "The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.
", "smithy.api#required": {} } } @@ -1127,12 +1147,12 @@ "driftStatus": { "target": "com.amazonaws.controltower#DriftStatus", "traits": { - "smithy.api#documentation": "The drift status of the enabled control.
\nValid values:
\n\n DRIFTED
: The enabledControl
deployed in this configuration\n doesn’t match the configuration that AWS Control Tower expected.
\n IN_SYNC
: The enabledControl
deployed in this configuration matches\n the configuration that AWS Control Tower expected.
\n NOT_CHECKING
: AWS Control Tower does not check drift for this enabled\n control. Drift is not supported for the control type.
\n UNKNOWN
: AWS Control Tower is not able to check the drift status for the\n enabled control.
The drift status of the enabled control.
\nValid values:
\n\n DRIFTED
: The enabledControl
deployed in this configuration\n doesn’t match the configuration that AWS Control Tower expected.
\n IN_SYNC
: The enabledControl
deployed in this configuration matches\n the configuration that AWS Control Tower expected.
\n NOT_CHECKING
: AWS Control Tower does not check drift for this enabled\n control. Drift is not supported for the control type.
\n UNKNOWN
: AWS Control Tower is not able to check the drift status for the\n enabled control.
The drift summary of the enabled control.
\nAWS Control Tower expects the enabled control\n configuration to include all supported and governed Regions. If the enabled control differs\n from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.
" + "smithy.api#documentation": "The drift summary of the enabled control.
\nAWS Control Tower expects the enabled control\n configuration to include all supported and governed Regions. If the enabled control differs\n from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.
" } }, "com.amazonaws.controltower#EnableControl": { @@ -1167,7 +1187,7 @@ } ], "traits": { - "smithy.api#documentation": "This API call activates a control. It starts an asynchronous operation that creates AWS\n resources on the specified organizational unit and the accounts it contains. The resources\n created will vary according to the control that you specify. For usage examples, see \n the AWS Control Tower User Guide\n \n
", + "smithy.api#documentation": "This API call activates a control. It starts an asynchronous operation that creates AWS\n resources on the specified organizational unit and the accounts it contains. The resources\n created will vary according to the control that you specify. For usage examples, see \n the AWS Control Tower User Guide\n .
", "smithy.api#http": { "code": 200, "method": "POST", @@ -1181,7 +1201,7 @@ "controlIdentifier": { "target": "com.amazonaws.controltower#ControlIdentifier", "traits": { - "smithy.api#documentation": "The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier
, see the overview page.
The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier
, see the overview page.
The ARN of the organizational unit. For information on how to find the targetIdentifier
, see the overview page.
Tags to be applied to the EnabledControl
resource.
The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.
", + "smithy.api#documentation": "The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.
", "smithy.api#required": {} } + }, + "arn": { + "target": "com.amazonaws.controltower#Arn", + "traits": { + "smithy.api#documentation": "The ARN of the EnabledControl
resource.
\n The ARN of the enabled control.\n
" + "smithy.api#documentation": "The ARN of the enabled control.
" } }, "controlIdentifier": { "target": "com.amazonaws.controltower#ControlIdentifier", "traits": { - "smithy.api#documentation": "\n The control identifier of the enabled control. For information on how to find the controlIdentifier
, see the overview page.\n
The control identifier of the enabled control. For information on how to find the controlIdentifier
, see the overview page.
\n The ARN of the organizational unit. For information on how to find the targetIdentifier
, see the overview page.\n
The ARN of the organizational unit. For information on how to find the targetIdentifier
, see the overview page.
\n Target AWS Regions for the enabled control.\n
" + "smithy.api#documentation": "Target AWS Regions for the enabled control.
" } }, "statusSummary": { "target": "com.amazonaws.controltower#EnablementStatusSummary", "traits": { - "smithy.api#documentation": "\n The deployment summary of the enabled control.\n
" + "smithy.api#documentation": "The deployment summary of the enabled control.
" } }, "driftStatusSummary": { "target": "com.amazonaws.controltower#DriftStatusSummary", "traits": { - "smithy.api#documentation": "\n The drift status of the enabled control.\n
" + "smithy.api#documentation": "The drift status of the enabled control.
" } } }, "traits": { - "smithy.api#documentation": "\n Information about the enabled control.\n
" + "smithy.api#documentation": "Information about the enabled control.
" } }, "com.amazonaws.controltower#EnabledControlSummary": { @@ -1256,36 +1288,36 @@ "controlIdentifier": { "target": "com.amazonaws.controltower#ControlIdentifier", "traits": { - "smithy.api#documentation": "The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier
, see the overview page.
The controlIdentifier
of the enabled control.
\n The ARN of the enabled control.\n
" + "smithy.api#documentation": "The ARN of the enabled control.
" } }, "targetIdentifier": { "target": "com.amazonaws.controltower#TargetIdentifier", "traits": { - "smithy.api#documentation": "\n The ARN of the organizational unit.\n
" + "smithy.api#documentation": "\n The ARN of the organizational unit.\n
" } }, "statusSummary": { "target": "com.amazonaws.controltower#EnablementStatusSummary", "traits": { - "smithy.api#documentation": "" + "smithy.api#documentation": "A short description of the status of the enabled control.
" } }, "driftStatusSummary": { "target": "com.amazonaws.controltower#DriftStatusSummary", "traits": { - "smithy.api#documentation": "\n The drift status of the enabled control.\n
" + "smithy.api#documentation": "The drift status of the enabled control.
" } } }, "traits": { - "smithy.api#documentation": "A summary of enabled controls.
" + "smithy.api#documentation": "Returns a summary of information about an enabled control.
" } }, "com.amazonaws.controltower#EnabledControls": { @@ -1325,12 +1357,12 @@ "lastOperationIdentifier": { "target": "com.amazonaws.controltower#OperationIdentifier", "traits": { - "smithy.api#documentation": "\n The last operation identifier for the enabled control.\n
" + "smithy.api#documentation": "The last operation identifier for the enabled control.
" } } }, "traits": { - "smithy.api#documentation": "\n The deployment summary of the enabled control. \n
" + "smithy.api#documentation": "The deployment summary of the enabled control.
" } }, "com.amazonaws.controltower#GetControlOperation": { @@ -1359,7 +1391,7 @@ } ], "traits": { - "smithy.api#documentation": "Returns the status of a particular EnableControl
or\n DisableControl
operation. Displays a message in case of error. Details for an\n operation are available for 90 days. For usage examples, see \n the AWS Control Tower User Guide\n \n
Returns the status of a particular EnableControl
or\n DisableControl
operation. Displays a message in case of error. Details for an\n operation are available for 90 days. For usage examples, see \n the AWS Control Tower User Guide\n .
The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.
", + "smithy.api#documentation": "The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.
", "smithy.api#required": {} } } @@ -1418,7 +1450,7 @@ } ], "traits": { - "smithy.api#documentation": "\n Provides details about the enabled control. For usage examples, see \n the AWS Control Tower User Guide\n .
\n\n Returned values\n
\nTargetRegions: Shows target AWS Regions where the enabled control is available to be deployed.
\nStatusSummary: Provides a detailed summary of the deployment status.
\nDriftSummary: Provides a detailed summary of the drifted status.
\nRetrieves details about an enabled control. For usage examples, see \n the AWS Control Tower User Guide\n .
", "smithy.api#http": { "code": 200, "method": "POST", @@ -1433,7 +1465,7 @@ "enabledControlIdentifier": { "target": "com.amazonaws.controltower#Arn", "traits": { - "smithy.api#documentation": "\n The ARN of the enabled control.\n
", + "smithy.api#documentation": "The controlIdentifier
of the enabled control.
\n Information about the enabled control.\n
", + "smithy.api#documentation": "Information about the enabled control.
", "smithy.api#required": {} } } @@ -1500,7 +1532,7 @@ } ], "traits": { - "smithy.api#documentation": "Lists the controls enabled by AWS Control Tower on the specified organizational unit and\n the accounts it contains. For usage examples, see \n the AWS Control Tower User Guide\n \n
", + "smithy.api#documentation": "Lists the controls enabled by AWS Control Tower on the specified organizational unit and\n the accounts it contains. For usage examples, see \n the AWS Control Tower User Guide\n .
", "smithy.api#http": { "code": 200, "method": "POST", @@ -1545,18 +1577,78 @@ "enabledControls": { "target": "com.amazonaws.controltower#EnabledControls", "traits": { - "smithy.api#documentation": "Lists the controls enabled by AWS Control Tower on the specified organizational unit and\n the accounts it contains.
", + "smithy.api#documentation": "Lists the controls enabled by AWS Control Tower on the specified organizational unit and\n the accounts it contains.
", "smithy.api#required": {} } }, "nextToken": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "Retrieves the next page of results. If the string is empty, the current response is the\n end of the results.
" + "smithy.api#documentation": "Retrieves the next page of results. If the string is empty, the current response is the\n end of the results.
" } } } }, + "com.amazonaws.controltower#ListTagsForResource": { + "type": "operation", + "input": { + "target": "com.amazonaws.controltower#ListTagsForResourceInput" + }, + "output": { + "target": "com.amazonaws.controltower#ListTagsForResourceOutput" + }, + "errors": [ + { + "target": "com.amazonaws.controltower#InternalServerException" + }, + { + "target": "com.amazonaws.controltower#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.controltower#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Returns a list of tags associated with the resource. For usage examples, see \n the AWS Control Tower User Guide\n .
", + "smithy.api#http": { + "code": 200, + "method": "GET", + "uri": "/tags/{resourceArn}" + }, + "smithy.api#readonly": {} + } + }, + "com.amazonaws.controltower#ListTagsForResourceInput": { + "type": "structure", + "members": { + "resourceArn": { + "target": "com.amazonaws.controltower#Arn", + "traits": { + "smithy.api#documentation": "The ARN of the resource.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.controltower#ListTagsForResourceOutput": { + "type": "structure", + "members": { + "tags": { + "target": "com.amazonaws.controltower#TagMap", + "traits": { + "smithy.api#documentation": "A list of tags, as key:value
strings.
\n The AWS Region name.\n
" + "smithy.api#documentation": "The AWS Region name.
" } } }, "traits": { - "smithy.api#documentation": "An AWS Region in which AWS Control Tower expects to find the control deployed.
\nThe expected Regions are based on the Regions that are governed by the landing zone. In\n certain cases, a control is not actually enabled in the Region as expected, such as during\n drift, or mixed governance.
" + "smithy.api#documentation": "An AWS Region in which AWS Control Tower expects to find the control deployed.
\nThe expected Regions are based on the Regions that are governed by the landing zone. In\n certain cases, a control is not actually enabled in the Region as expected, such as during\n drift, or mixed governance.
" } }, "com.amazonaws.controltower#RegionName": { @@ -1631,6 +1723,109 @@ "smithy.api#httpError": 402 } }, + "com.amazonaws.controltower#TagKey": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 128 + } + } + }, + "com.amazonaws.controltower#TagKeys": { + "type": "list", + "member": { + "target": "com.amazonaws.controltower#TagKey" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 200 + } + } + }, + "com.amazonaws.controltower#TagMap": { + "type": "map", + "key": { + "target": "com.amazonaws.controltower#TagKey" + }, + "value": { + "target": "com.amazonaws.controltower#TagValue" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 200 + } + } + }, + "com.amazonaws.controltower#TagResource": { + "type": "operation", + "input": { + "target": "com.amazonaws.controltower#TagResourceInput" + }, + "output": { + "target": "com.amazonaws.controltower#TagResourceOutput" + }, + "errors": [ + { + "target": "com.amazonaws.controltower#InternalServerException" + }, + { + "target": "com.amazonaws.controltower#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.controltower#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Applies tags to a resource. For usage examples, see \n the AWS Control Tower User Guide\n .
", + "smithy.api#http": { + "code": 204, + "method": "POST", + "uri": "/tags/{resourceArn}" + } + } + }, + "com.amazonaws.controltower#TagResourceInput": { + "type": "structure", + "members": { + "resourceArn": { + "target": "com.amazonaws.controltower#Arn", + "traits": { + "smithy.api#documentation": "The ARN of the resource to be tagged.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "tags": { + "target": "com.amazonaws.controltower#TagMap", + "traits": { + "smithy.api#documentation": "Tags to be applied to the resource.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.controltower#TagResourceOutput": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.controltower#TagValue": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 256 + } + } + }, "com.amazonaws.controltower#TargetIdentifier": { "type": "string", "traits": { @@ -1691,6 +1886,65 @@ "smithy.api#timestampFormat": "date-time" } }, + "com.amazonaws.controltower#UntagResource": { + "type": "operation", + "input": { + "target": "com.amazonaws.controltower#UntagResourceInput" + }, + "output": { + "target": "com.amazonaws.controltower#UntagResourceOutput" + }, + "errors": [ + { + "target": "com.amazonaws.controltower#InternalServerException" + }, + { + "target": "com.amazonaws.controltower#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.controltower#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Removes tags from a resource. For usage examples, see \n the AWS Control Tower User Guide\n .
", + "smithy.api#http": { + "code": 204, + "method": "DELETE", + "uri": "/tags/{resourceArn}" + } + } + }, + "com.amazonaws.controltower#UntagResourceInput": { + "type": "structure", + "members": { + "resourceArn": { + "target": "com.amazonaws.controltower#Arn", + "traits": { + "smithy.api#documentation": "The ARN of the resource.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "tagKeys": { + "target": "com.amazonaws.controltower#TagKeys", + "traits": { + "smithy.api#documentation": "Tag keys to be removed from the resource.
", + "smithy.api#httpQuery": "tagKeys", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.controltower#UntagResourceOutput": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.controltower#ValidationException": { "type": "structure", "members": {