From 360b88a25ffa62c4059ba5ec092ca562cd5867be Mon Sep 17 00:00:00 2001 From: awstools Date: Fri, 10 Nov 2023 19:36:11 +0000 Subject: [PATCH] feat(client-controltower): AWS Control Tower supports tagging for enabled controls. This release introduces TagResource, UntagResource and ListTagsForResource APIs to manage tags in existing enabled controls. It updates EnabledControl API to tag resources at creation time. --- clients/client-controltower/README.md | 31 +- .../client-controltower/src/ControlTower.ts | 86 ++++- .../src/ControlTowerClient.ts | 49 ++- .../src/commands/DisableControlCommand.ts | 4 +- .../src/commands/EnableControlCommand.ts | 11 +- .../commands/GetControlOperationCommand.ts | 7 +- .../src/commands/GetEnabledControlCommand.ts | 17 +- .../commands/ListEnabledControlsCommand.ts | 5 +- .../commands/ListTagsForResourceCommand.ts | 160 +++++++++ .../src/commands/TagResourceCommand.ts | 157 +++++++++ .../src/commands/UntagResourceCommand.ts | 157 +++++++++ .../client-controltower/src/commands/index.ts | 3 + clients/client-controltower/src/index.ts | 33 +- .../src/models/models_0.ts | 180 ++++++---- .../src/protocols/Aws_restJson1.ts | 248 ++++++++++++++ .../sdk-codegen/aws-models/controltower.json | 324 ++++++++++++++++-- 16 files changed, 1293 insertions(+), 179 deletions(-) create mode 100644 clients/client-controltower/src/commands/ListTagsForResourceCommand.ts create mode 100644 clients/client-controltower/src/commands/TagResourceCommand.ts create mode 100644 clients/client-controltower/src/commands/UntagResourceCommand.ts diff --git a/clients/client-controltower/README.md b/clients/client-controltower/README.md index 51a7195dbbd0..f47083511730 100644 --- a/clients/client-controltower/README.md +++ b/clients/client-controltower/README.md @@ -7,7 +7,7 @@ AWS SDK for JavaScript ControlTower Client for Node.js, Browser and React Native.

These interfaces allow you to apply the AWS library of pre-defined -controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms. .

+controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms.

To call these APIs, you'll need to know:

To get the controlIdentifier for your AWS Control Tower @@ -28,7 +31,7 @@ find the controlIdentifier for each Region and control in the

A quick-reference list of control identifers for the AWS Control Tower legacy Strongly recommended and Elective controls is given in Resource identifiers for -APIs and guardrails in the Controls reference guide section +APIs and controls in the Controls reference guide section of the AWS Control Tower User Guide. Remember that Mandatory controls cannot be added or removed.

@@ -345,3 +348,27 @@ ListEnabledControls [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/classes/listenabledcontrolscommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/listenabledcontrolscommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/listenabledcontrolscommandoutput.html) +
+ +ListTagsForResource + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/classes/listtagsforresourcecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/listtagsforresourcecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/listtagsforresourcecommandoutput.html) + +
+
+ +TagResource + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/classes/tagresourcecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/tagresourcecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/tagresourcecommandoutput.html) + +
+
+ +UntagResource + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/classes/untagresourcecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/untagresourcecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-controltower/interfaces/untagresourcecommandoutput.html) + +
diff --git a/clients/client-controltower/src/ControlTower.ts b/clients/client-controltower/src/ControlTower.ts index e1868a5998a1..54ad7708a1a8 100644 --- a/clients/client-controltower/src/ControlTower.ts +++ b/clients/client-controltower/src/ControlTower.ts @@ -27,6 +27,17 @@ import { ListEnabledControlsCommandInput, ListEnabledControlsCommandOutput, } from "./commands/ListEnabledControlsCommand"; +import { + ListTagsForResourceCommand, + ListTagsForResourceCommandInput, + ListTagsForResourceCommandOutput, +} from "./commands/ListTagsForResourceCommand"; +import { TagResourceCommand, TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand"; +import { + UntagResourceCommand, + UntagResourceCommandInput, + UntagResourceCommandOutput, +} from "./commands/UntagResourceCommand"; import { ControlTowerClient, ControlTowerClientConfig } from "./ControlTowerClient"; const commands = { @@ -35,6 +46,9 @@ const commands = { GetControlOperationCommand, GetEnabledControlCommand, ListEnabledControlsCommand, + ListTagsForResourceCommand, + TagResourceCommand, + UntagResourceCommand, }; export interface ControlTower { @@ -113,12 +127,51 @@ export interface ControlTower { options: __HttpHandlerOptions, cb: (err: any, data?: ListEnabledControlsCommandOutput) => void ): void; + + /** + * @see {@link ListTagsForResourceCommand} + */ + listTagsForResource( + args: ListTagsForResourceCommandInput, + options?: __HttpHandlerOptions + ): Promise; + listTagsForResource( + args: ListTagsForResourceCommandInput, + cb: (err: any, data?: ListTagsForResourceCommandOutput) => void + ): void; + listTagsForResource( + args: ListTagsForResourceCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: ListTagsForResourceCommandOutput) => void + ): void; + + /** + * @see {@link TagResourceCommand} + */ + tagResource(args: TagResourceCommandInput, options?: __HttpHandlerOptions): Promise; + tagResource(args: TagResourceCommandInput, cb: (err: any, data?: TagResourceCommandOutput) => void): void; + tagResource( + args: TagResourceCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: TagResourceCommandOutput) => void + ): void; + + /** + * @see {@link UntagResourceCommand} + */ + untagResource(args: UntagResourceCommandInput, options?: __HttpHandlerOptions): Promise; + untagResource(args: UntagResourceCommandInput, cb: (err: any, data?: UntagResourceCommandOutput) => void): void; + untagResource( + args: UntagResourceCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: UntagResourceCommandOutput) => void + ): void; } /** * @public *

These interfaces allow you to apply the AWS library of pre-defined - * controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms. .

+ * controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms.

*

To call these APIs, you'll need to know:

*
    *
  • @@ -127,21 +180,24 @@ export interface ControlTower { *
  • *

    the ARN associated with the target organizational unit (OU), which we call the targetIdentifier.

    *
    • + *
  • + *

    the ARN associated with a resource that you wish to tag or untag.

    + *
    • *
*

* To get the controlIdentifier for your AWS Control Tower - * control: + * control: *

*

The controlIdentifier is an ARN that is specified for each - * control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.

+ * control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.

*

The controlIdentifier is unique in each AWS Region for each control. You can - * find the controlIdentifier for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide. + * find the controlIdentifier for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide. *

*

A quick-reference list of control identifers for the AWS Control Tower legacy Strongly recommended and - * Elective controls is given in Resource identifiers for - * APIs and guardrails in the Controls reference guide section - * of the AWS Control Tower User Guide. Remember that Mandatory controls - * cannot be added or removed.

+ * Elective controls is given in Resource identifiers for + * APIs and controls in the Controls reference guide section + * of the AWS Control Tower User Guide. Remember that Mandatory controls + * cannot be added or removed.

* *

* ARN format: @@ -213,13 +269,13 @@ export interface ControlTower { * Recording API Requests *

*

AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your - * AWS account and delivers log files to an Amazon S3 bucket. By using information collected by - * CloudTrail, you can determine which requests the AWS Control Tower service received, who made - * the request and when, and so on. For more about AWS Control Tower and its support for - * CloudTrail, see Logging AWS Control Tower - * Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about - * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User - * Guide.

+ * AWS account and delivers log files to an Amazon S3 bucket. By using information collected by + * CloudTrail, you can determine which requests the AWS Control Tower service received, who made + * the request and when, and so on. For more about AWS Control Tower and its support for + * CloudTrail, see Logging AWS Control Tower + * Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about + * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User + * Guide.

*/ export class ControlTower extends ControlTowerClient implements ControlTower {} createAggregatedClient(commands, ControlTower); diff --git a/clients/client-controltower/src/ControlTowerClient.ts b/clients/client-controltower/src/ControlTowerClient.ts index bfad797d353b..81d6ee688aa0 100644 --- a/clients/client-controltower/src/ControlTowerClient.ts +++ b/clients/client-controltower/src/ControlTowerClient.ts @@ -61,6 +61,12 @@ import { ListEnabledControlsCommandInput, ListEnabledControlsCommandOutput, } from "./commands/ListEnabledControlsCommand"; +import { + ListTagsForResourceCommandInput, + ListTagsForResourceCommandOutput, +} from "./commands/ListTagsForResourceCommand"; +import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand"; +import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand"; import { ClientInputEndpointParameters, ClientResolvedEndpointParameters, @@ -80,7 +86,10 @@ export type ServiceInputTypes = | EnableControlCommandInput | GetControlOperationCommandInput | GetEnabledControlCommandInput - | ListEnabledControlsCommandInput; + | ListEnabledControlsCommandInput + | ListTagsForResourceCommandInput + | TagResourceCommandInput + | UntagResourceCommandInput; /** * @public @@ -90,7 +99,10 @@ export type ServiceOutputTypes = | EnableControlCommandOutput | GetControlOperationCommandOutput | GetEnabledControlCommandOutput - | ListEnabledControlsCommandOutput; + | ListEnabledControlsCommandOutput + | ListTagsForResourceCommandOutput + | TagResourceCommandOutput + | UntagResourceCommandOutput; /** * @public @@ -265,7 +277,7 @@ export interface ControlTowerClientResolvedConfig extends ControlTowerClientReso /** * @public *

These interfaces allow you to apply the AWS library of pre-defined - * controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms. .

+ * controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms.

*

To call these APIs, you'll need to know:

* *

* To get the controlIdentifier for your AWS Control Tower - * control: + * control: *

*

The controlIdentifier is an ARN that is specified for each - * control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.

+ * control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.

*

The controlIdentifier is unique in each AWS Region for each control. You can - * find the controlIdentifier for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide. + * find the controlIdentifier for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide. *

*

A quick-reference list of control identifers for the AWS Control Tower legacy Strongly recommended and - * Elective controls is given in Resource identifiers for - * APIs and guardrails in the Controls reference guide section - * of the AWS Control Tower User Guide. Remember that Mandatory controls - * cannot be added or removed.

+ * Elective controls is given in Resource identifiers for + * APIs and controls in the Controls reference guide section + * of the AWS Control Tower User Guide. Remember that Mandatory controls + * cannot be added or removed.

* *

* ARN format: @@ -360,13 +375,13 @@ export interface ControlTowerClientResolvedConfig extends ControlTowerClientReso * Recording API Requests *

*

AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your - * AWS account and delivers log files to an Amazon S3 bucket. By using information collected by - * CloudTrail, you can determine which requests the AWS Control Tower service received, who made - * the request and when, and so on. For more about AWS Control Tower and its support for - * CloudTrail, see Logging AWS Control Tower - * Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about - * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User - * Guide.

+ * AWS account and delivers log files to an Amazon S3 bucket. By using information collected by + * CloudTrail, you can determine which requests the AWS Control Tower service received, who made + * the request and when, and so on. For more about AWS Control Tower and its support for + * CloudTrail, see Logging AWS Control Tower + * Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about + * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User + * Guide.

*/ export class ControlTowerClient extends __Client< __HttpHandlerOptions, diff --git a/clients/client-controltower/src/commands/DisableControlCommand.ts b/clients/client-controltower/src/commands/DisableControlCommand.ts index 2bdc0b0b5526..2ab45586b902 100644 --- a/clients/client-controltower/src/commands/DisableControlCommand.ts +++ b/clients/client-controltower/src/commands/DisableControlCommand.ts @@ -38,8 +38,8 @@ export interface DisableControlCommandOutput extends DisableControlOutput, __Met /** * @public *

This API call turns off a control. It starts an asynchronous operation that deletes AWS - * resources on the specified organizational unit and the accounts it contains. The resources - * will vary according to the control that you specify. For usage examples, see + * resources on the specified organizational unit and the accounts it contains. The resources + * will vary according to the control that you specify. For usage examples, see * the AWS Control Tower User Guide * .

* @example diff --git a/clients/client-controltower/src/commands/EnableControlCommand.ts b/clients/client-controltower/src/commands/EnableControlCommand.ts index 1407c93a8f9a..757a5b07e01f 100644 --- a/clients/client-controltower/src/commands/EnableControlCommand.ts +++ b/clients/client-controltower/src/commands/EnableControlCommand.ts @@ -38,11 +38,10 @@ export interface EnableControlCommandOutput extends EnableControlOutput, __Metad /** * @public *

This API call activates a control. It starts an asynchronous operation that creates AWS - * resources on the specified organizational unit and the accounts it contains. The resources - * created will vary according to the control that you specify. For usage examples, see + * resources on the specified organizational unit and the accounts it contains. The resources + * created will vary according to the control that you specify. For usage examples, see * the AWS Control Tower User Guide - * - *

+ * .

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -52,11 +51,15 @@ export interface EnableControlCommandOutput extends EnableControlOutput, __Metad * const input = { // EnableControlInput * controlIdentifier: "STRING_VALUE", // required * targetIdentifier: "STRING_VALUE", // required + * tags: { // TagMap + * "": "STRING_VALUE", + * }, * }; * const command = new EnableControlCommand(input); * const response = await client.send(command); * // { // EnableControlOutput * // operationIdentifier: "STRING_VALUE", // required + * // arn: "STRING_VALUE", * // }; * * ``` diff --git a/clients/client-controltower/src/commands/GetControlOperationCommand.ts b/clients/client-controltower/src/commands/GetControlOperationCommand.ts index e50bd4ee2768..88a4e2b10143 100644 --- a/clients/client-controltower/src/commands/GetControlOperationCommand.ts +++ b/clients/client-controltower/src/commands/GetControlOperationCommand.ts @@ -38,11 +38,10 @@ export interface GetControlOperationCommandOutput extends GetControlOperationOut /** * @public *

Returns the status of a particular EnableControl or - * DisableControl operation. Displays a message in case of error. Details for an - * operation are available for 90 days. For usage examples, see + * DisableControl operation. Displays a message in case of error. Details for an + * operation are available for 90 days. For usage examples, see * the AWS Control Tower User Guide - * - *

+ * .

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-controltower/src/commands/GetEnabledControlCommand.ts b/clients/client-controltower/src/commands/GetEnabledControlCommand.ts index 22e67972df42..a992ab4a2205 100644 --- a/clients/client-controltower/src/commands/GetEnabledControlCommand.ts +++ b/clients/client-controltower/src/commands/GetEnabledControlCommand.ts @@ -37,24 +37,9 @@ export interface GetEnabledControlCommandOutput extends GetEnabledControlOutput, /** * @public - *

- * Provides details about the enabled control. For usage examples, see + *

Retrieves details about an enabled control. For usage examples, see * the AWS Control Tower User Guide * .

- *

- * Returned values - *

- *
    - *
  • - *

    TargetRegions: Shows target AWS Regions where the enabled control is available to be deployed.

    - *
    • - *
  • - *

    StatusSummary: Provides a detailed summary of the deployment status.

    - *
    • - *
  • - *

    DriftSummary: Provides a detailed summary of the drifted status.

    - *
    • - *
* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts b/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts index e5ee83389249..d0a60399cc95 100644 --- a/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts +++ b/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts @@ -38,10 +38,9 @@ export interface ListEnabledControlsCommandOutput extends ListEnabledControlsOut /** * @public *

Lists the controls enabled by AWS Control Tower on the specified organizational unit and - * the accounts it contains. For usage examples, see + * the accounts it contains. For usage examples, see * the AWS Control Tower User Guide - * - *

+ * .

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-controltower/src/commands/ListTagsForResourceCommand.ts b/clients/client-controltower/src/commands/ListTagsForResourceCommand.ts new file mode 100644 index 000000000000..de79844c4a53 --- /dev/null +++ b/clients/client-controltower/src/commands/ListTagsForResourceCommand.ts @@ -0,0 +1,160 @@ +// smithy-typescript generated code +import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint"; +import { getSerdePlugin } from "@smithy/middleware-serde"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; +import { Command as $Command } from "@smithy/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, + SerdeContext as __SerdeContext, + SMITHY_CONTEXT_KEY, +} from "@smithy/types"; + +import { ControlTowerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../ControlTowerClient"; +import { ListTagsForResourceInput, ListTagsForResourceOutput } from "../models/models_0"; +import { de_ListTagsForResourceCommand, se_ListTagsForResourceCommand } from "../protocols/Aws_restJson1"; + +/** + * @public + */ +export { __MetadataBearer, $Command }; +/** + * @public + * + * The input for {@link ListTagsForResourceCommand}. + */ +export interface ListTagsForResourceCommandInput extends ListTagsForResourceInput {} +/** + * @public + * + * The output of {@link ListTagsForResourceCommand}. + */ +export interface ListTagsForResourceCommandOutput extends ListTagsForResourceOutput, __MetadataBearer {} + +/** + * @public + *

Returns a list of tags associated with the resource. For usage examples, see + * the AWS Control Tower User Guide + * .

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { ControlTowerClient, ListTagsForResourceCommand } from "@aws-sdk/client-controltower"; // ES Modules import + * // const { ControlTowerClient, ListTagsForResourceCommand } = require("@aws-sdk/client-controltower"); // CommonJS import + * const client = new ControlTowerClient(config); + * const input = { // ListTagsForResourceInput + * resourceArn: "STRING_VALUE", // required + * }; + * const command = new ListTagsForResourceCommand(input); + * const response = await client.send(command); + * // { // ListTagsForResourceOutput + * // tags: { // TagMap // required + * // "": "STRING_VALUE", + * // }, + * // }; + * + * ``` + * + * @param ListTagsForResourceCommandInput - {@link ListTagsForResourceCommandInput} + * @returns {@link ListTagsForResourceCommandOutput} + * @see {@link ListTagsForResourceCommandInput} for command's `input` shape. + * @see {@link ListTagsForResourceCommandOutput} for command's `response` shape. + * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape. + * + * @throws {@link InternalServerException} (server fault) + *

Unexpected error during processing of request.

+ * + * @throws {@link ResourceNotFoundException} (client fault) + *

Request references a resource which does not exist.

+ * + * @throws {@link ValidationException} (client fault) + *

The input fails to satisfy the constraints specified by an AWS service.

+ * + * @throws {@link ControlTowerServiceException} + *

Base exception class for all service exceptions from ControlTower service.

+ * + */ +export class ListTagsForResourceCommand extends $Command< + ListTagsForResourceCommandInput, + ListTagsForResourceCommandOutput, + ControlTowerClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: ListTagsForResourceCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStack, + configuration: ControlTowerClientResolvedConfig, + options?: __HttpHandlerOptions + ): Handler { + this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + this.middlewareStack.use( + getEndpointPlugin(configuration, ListTagsForResourceCommand.getEndpointParameterInstructions()) + ); + + const stack = clientStack.concat(this.middlewareStack); + + const { logger } = configuration; + const clientName = "ControlTowerClient"; + const commandName = "ListTagsForResourceCommand"; + const handlerExecutionContext: HandlerExecutionContext = { + logger, + clientName, + commandName, + inputFilterSensitiveLog: (_: any) => _, + outputFilterSensitiveLog: (_: any) => _, + [SMITHY_CONTEXT_KEY]: { + service: "AWSControlTowerApis", + operation: "ListTagsForResource", + }, + }; + const { requestHandler } = configuration; + return stack.resolve( + (request: FinalizeHandlerArguments) => + requestHandler.handle(request.request as __HttpRequest, options || {}), + handlerExecutionContext + ); + } + + /** + * @internal + */ + private serialize(input: ListTagsForResourceCommandInput, context: __SerdeContext): Promise<__HttpRequest> { + return se_ListTagsForResourceCommand(input, context); + } + + /** + * @internal + */ + private deserialize(output: __HttpResponse, context: __SerdeContext): Promise { + return de_ListTagsForResourceCommand(output, context); + } + + // Start section: command_body_extra + // End section: command_body_extra +} diff --git a/clients/client-controltower/src/commands/TagResourceCommand.ts b/clients/client-controltower/src/commands/TagResourceCommand.ts new file mode 100644 index 000000000000..763a885715c9 --- /dev/null +++ b/clients/client-controltower/src/commands/TagResourceCommand.ts @@ -0,0 +1,157 @@ +// smithy-typescript generated code +import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint"; +import { getSerdePlugin } from "@smithy/middleware-serde"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; +import { Command as $Command } from "@smithy/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, + SerdeContext as __SerdeContext, + SMITHY_CONTEXT_KEY, +} from "@smithy/types"; + +import { ControlTowerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../ControlTowerClient"; +import { TagResourceInput, TagResourceOutput } from "../models/models_0"; +import { de_TagResourceCommand, se_TagResourceCommand } from "../protocols/Aws_restJson1"; + +/** + * @public + */ +export { __MetadataBearer, $Command }; +/** + * @public + * + * The input for {@link TagResourceCommand}. + */ +export interface TagResourceCommandInput extends TagResourceInput {} +/** + * @public + * + * The output of {@link TagResourceCommand}. + */ +export interface TagResourceCommandOutput extends TagResourceOutput, __MetadataBearer {} + +/** + * @public + *

Applies tags to a resource. For usage examples, see + * the AWS Control Tower User Guide + * .

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { ControlTowerClient, TagResourceCommand } from "@aws-sdk/client-controltower"; // ES Modules import + * // const { ControlTowerClient, TagResourceCommand } = require("@aws-sdk/client-controltower"); // CommonJS import + * const client = new ControlTowerClient(config); + * const input = { // TagResourceInput + * resourceArn: "STRING_VALUE", // required + * tags: { // TagMap // required + * "": "STRING_VALUE", + * }, + * }; + * const command = new TagResourceCommand(input); + * const response = await client.send(command); + * // {}; + * + * ``` + * + * @param TagResourceCommandInput - {@link TagResourceCommandInput} + * @returns {@link TagResourceCommandOutput} + * @see {@link TagResourceCommandInput} for command's `input` shape. + * @see {@link TagResourceCommandOutput} for command's `response` shape. + * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape. + * + * @throws {@link InternalServerException} (server fault) + *

Unexpected error during processing of request.

+ * + * @throws {@link ResourceNotFoundException} (client fault) + *

Request references a resource which does not exist.

+ * + * @throws {@link ValidationException} (client fault) + *

The input fails to satisfy the constraints specified by an AWS service.

+ * + * @throws {@link ControlTowerServiceException} + *

Base exception class for all service exceptions from ControlTower service.

+ * + */ +export class TagResourceCommand extends $Command< + TagResourceCommandInput, + TagResourceCommandOutput, + ControlTowerClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: TagResourceCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStack, + configuration: ControlTowerClientResolvedConfig, + options?: __HttpHandlerOptions + ): Handler { + this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + this.middlewareStack.use(getEndpointPlugin(configuration, TagResourceCommand.getEndpointParameterInstructions())); + + const stack = clientStack.concat(this.middlewareStack); + + const { logger } = configuration; + const clientName = "ControlTowerClient"; + const commandName = "TagResourceCommand"; + const handlerExecutionContext: HandlerExecutionContext = { + logger, + clientName, + commandName, + inputFilterSensitiveLog: (_: any) => _, + outputFilterSensitiveLog: (_: any) => _, + [SMITHY_CONTEXT_KEY]: { + service: "AWSControlTowerApis", + operation: "TagResource", + }, + }; + const { requestHandler } = configuration; + return stack.resolve( + (request: FinalizeHandlerArguments) => + requestHandler.handle(request.request as __HttpRequest, options || {}), + handlerExecutionContext + ); + } + + /** + * @internal + */ + private serialize(input: TagResourceCommandInput, context: __SerdeContext): Promise<__HttpRequest> { + return se_TagResourceCommand(input, context); + } + + /** + * @internal + */ + private deserialize(output: __HttpResponse, context: __SerdeContext): Promise { + return de_TagResourceCommand(output, context); + } + + // Start section: command_body_extra + // End section: command_body_extra +} diff --git a/clients/client-controltower/src/commands/UntagResourceCommand.ts b/clients/client-controltower/src/commands/UntagResourceCommand.ts new file mode 100644 index 000000000000..d664d4611e10 --- /dev/null +++ b/clients/client-controltower/src/commands/UntagResourceCommand.ts @@ -0,0 +1,157 @@ +// smithy-typescript generated code +import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint"; +import { getSerdePlugin } from "@smithy/middleware-serde"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; +import { Command as $Command } from "@smithy/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, + SerdeContext as __SerdeContext, + SMITHY_CONTEXT_KEY, +} from "@smithy/types"; + +import { ControlTowerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../ControlTowerClient"; +import { UntagResourceInput, UntagResourceOutput } from "../models/models_0"; +import { de_UntagResourceCommand, se_UntagResourceCommand } from "../protocols/Aws_restJson1"; + +/** + * @public + */ +export { __MetadataBearer, $Command }; +/** + * @public + * + * The input for {@link UntagResourceCommand}. + */ +export interface UntagResourceCommandInput extends UntagResourceInput {} +/** + * @public + * + * The output of {@link UntagResourceCommand}. + */ +export interface UntagResourceCommandOutput extends UntagResourceOutput, __MetadataBearer {} + +/** + * @public + *

Removes tags from a resource. For usage examples, see + * the AWS Control Tower User Guide + * .

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { ControlTowerClient, UntagResourceCommand } from "@aws-sdk/client-controltower"; // ES Modules import + * // const { ControlTowerClient, UntagResourceCommand } = require("@aws-sdk/client-controltower"); // CommonJS import + * const client = new ControlTowerClient(config); + * const input = { // UntagResourceInput + * resourceArn: "STRING_VALUE", // required + * tagKeys: [ // TagKeys // required + * "STRING_VALUE", + * ], + * }; + * const command = new UntagResourceCommand(input); + * const response = await client.send(command); + * // {}; + * + * ``` + * + * @param UntagResourceCommandInput - {@link UntagResourceCommandInput} + * @returns {@link UntagResourceCommandOutput} + * @see {@link UntagResourceCommandInput} for command's `input` shape. + * @see {@link UntagResourceCommandOutput} for command's `response` shape. + * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape. + * + * @throws {@link InternalServerException} (server fault) + *

Unexpected error during processing of request.

+ * + * @throws {@link ResourceNotFoundException} (client fault) + *

Request references a resource which does not exist.

+ * + * @throws {@link ValidationException} (client fault) + *

The input fails to satisfy the constraints specified by an AWS service.

+ * + * @throws {@link ControlTowerServiceException} + *

Base exception class for all service exceptions from ControlTower service.

+ * + */ +export class UntagResourceCommand extends $Command< + UntagResourceCommandInput, + UntagResourceCommandOutput, + ControlTowerClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: UntagResourceCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStack, + configuration: ControlTowerClientResolvedConfig, + options?: __HttpHandlerOptions + ): Handler { + this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + this.middlewareStack.use(getEndpointPlugin(configuration, UntagResourceCommand.getEndpointParameterInstructions())); + + const stack = clientStack.concat(this.middlewareStack); + + const { logger } = configuration; + const clientName = "ControlTowerClient"; + const commandName = "UntagResourceCommand"; + const handlerExecutionContext: HandlerExecutionContext = { + logger, + clientName, + commandName, + inputFilterSensitiveLog: (_: any) => _, + outputFilterSensitiveLog: (_: any) => _, + [SMITHY_CONTEXT_KEY]: { + service: "AWSControlTowerApis", + operation: "UntagResource", + }, + }; + const { requestHandler } = configuration; + return stack.resolve( + (request: FinalizeHandlerArguments) => + requestHandler.handle(request.request as __HttpRequest, options || {}), + handlerExecutionContext + ); + } + + /** + * @internal + */ + private serialize(input: UntagResourceCommandInput, context: __SerdeContext): Promise<__HttpRequest> { + return se_UntagResourceCommand(input, context); + } + + /** + * @internal + */ + private deserialize(output: __HttpResponse, context: __SerdeContext): Promise { + return de_UntagResourceCommand(output, context); + } + + // Start section: command_body_extra + // End section: command_body_extra +} diff --git a/clients/client-controltower/src/commands/index.ts b/clients/client-controltower/src/commands/index.ts index 00dcde7d094c..8daf13b3958f 100644 --- a/clients/client-controltower/src/commands/index.ts +++ b/clients/client-controltower/src/commands/index.ts @@ -4,3 +4,6 @@ export * from "./EnableControlCommand"; export * from "./GetControlOperationCommand"; export * from "./GetEnabledControlCommand"; export * from "./ListEnabledControlsCommand"; +export * from "./ListTagsForResourceCommand"; +export * from "./TagResourceCommand"; +export * from "./UntagResourceCommand"; diff --git a/clients/client-controltower/src/index.ts b/clients/client-controltower/src/index.ts index 8eb77626a932..499713325a4e 100644 --- a/clients/client-controltower/src/index.ts +++ b/clients/client-controltower/src/index.ts @@ -2,7 +2,7 @@ /* eslint-disable */ /** *

These interfaces allow you to apply the AWS library of pre-defined - * controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms. .

+ * controls to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms.

*

To call these APIs, you'll need to know:

*
    *
  • @@ -11,21 +11,24 @@ *
  • *

    the ARN associated with the target organizational unit (OU), which we call the targetIdentifier.

    *
    • + *
  • + *

    the ARN associated with a resource that you wish to tag or untag.

    + *
    • *
*

* To get the controlIdentifier for your AWS Control Tower - * control: + * control: *

*

The controlIdentifier is an ARN that is specified for each - * control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.

+ * control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.

*

The controlIdentifier is unique in each AWS Region for each control. You can - * find the controlIdentifier for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide. + * find the controlIdentifier for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide. *

*

A quick-reference list of control identifers for the AWS Control Tower legacy Strongly recommended and - * Elective controls is given in Resource identifiers for - * APIs and guardrails in the Controls reference guide section - * of the AWS Control Tower User Guide. Remember that Mandatory controls - * cannot be added or removed.

+ * Elective controls is given in Resource identifiers for + * APIs and controls in the Controls reference guide section + * of the AWS Control Tower User Guide. Remember that Mandatory controls + * cannot be added or removed.

* *

* ARN format: @@ -97,13 +100,13 @@ * Recording API Requests *

*

AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your - * AWS account and delivers log files to an Amazon S3 bucket. By using information collected by - * CloudTrail, you can determine which requests the AWS Control Tower service received, who made - * the request and when, and so on. For more about AWS Control Tower and its support for - * CloudTrail, see Logging AWS Control Tower - * Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about - * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User - * Guide.

+ * AWS account and delivers log files to an Amazon S3 bucket. By using information collected by + * CloudTrail, you can determine which requests the AWS Control Tower service received, who made + * the request and when, and so on. For more about AWS Control Tower and its support for + * CloudTrail, see Logging AWS Control Tower + * Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about + * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User + * Guide.

* * @packageDocumentation */ diff --git a/clients/client-controltower/src/models/models_0.ts b/clients/client-controltower/src/models/models_0.ts index 2792cd3d0a88..65f3b678e12b 100644 --- a/clients/client-controltower/src/models/models_0.ts +++ b/clients/client-controltower/src/models/models_0.ts @@ -50,8 +50,8 @@ export interface DisableControlInput { /** * @public *

The ARN of the control. Only Strongly recommended and - * Elective controls are permitted, with the exception of the - * Region deny control. For information on how to find the controlIdentifier, see the overview page.

+ * Elective controls are permitted, with the exception of the + * Region deny control. For information on how to find the controlIdentifier, see the overview page.

*/ controlIdentifier: string | undefined; @@ -69,7 +69,7 @@ export interface DisableControlOutput { /** * @public *

The ID of the asynchronous operation, which is used to track status. The operation is - * available for 90 days.

+ * available for 90 days.

*/ operationIdentifier: string | undefined; } @@ -206,8 +206,8 @@ export interface EnableControlInput { /** * @public *

The ARN of the control. Only Strongly recommended and - * Elective controls are permitted, with the exception of the - * Region deny control. For information on how to find the controlIdentifier, see the overview page.

+ * Elective controls are permitted, with the exception of the + * Region deny control. For information on how to find the controlIdentifier, see the overview page.

*/ controlIdentifier: string | undefined; @@ -216,6 +216,12 @@ export interface EnableControlInput { *

The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

*/ targetIdentifier: string | undefined; + + /** + * @public + *

Tags to be applied to the EnabledControl resource.

+ */ + tags?: Record; } /** @@ -225,9 +231,15 @@ export interface EnableControlOutput { /** * @public *

The ID of the asynchronous operation, which is used to track status. The operation is - * available for 90 days.

+ * available for 90 days.

*/ operationIdentifier: string | undefined; + + /** + * @public + *

The ARN of the EnabledControl resource.

+ */ + arn?: string; } /** @@ -237,7 +249,7 @@ export interface GetControlOperationInput { /** * @public *

The ID of the asynchronous operation, which is used to track status. The operation is - * available for 90 days.

+ * available for 90 days.

*/ operationIdentifier: string | undefined; } @@ -303,7 +315,7 @@ export interface ControlOperation { /** * @public *

If the operation result is FAILED, this string contains a message explaining - * why the operation failed.

+ * why the operation failed.

*/ statusMessage?: string; } @@ -325,9 +337,7 @@ export interface GetControlOperationOutput { export interface GetEnabledControlInput { /** * @public - *

- * The ARN of the enabled control. - *

+ *

The controlIdentifier of the enabled control.

*/ enabledControlIdentifier: string | undefined; } @@ -352,8 +362,8 @@ export type DriftStatus = (typeof DriftStatus)[keyof typeof DriftStatus]; * @public *

The drift summary of the enabled control.

*

AWS Control Tower expects the enabled control - * configuration to include all supported and governed Regions. If the enabled control differs - * from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.

+ * configuration to include all supported and governed Regions. If the enabled control differs + * from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.

*/ export interface DriftStatusSummary { /** @@ -364,22 +374,22 @@ export interface DriftStatusSummary { *
  • *

    * DRIFTED: The enabledControl deployed in this configuration - * doesn’t match the configuration that AWS Control Tower expected.

    + * doesn’t match the configuration that AWS Control Tower expected.

    *
    • *
  • *

    * IN_SYNC: The enabledControl deployed in this configuration matches - * the configuration that AWS Control Tower expected.

    + * the configuration that AWS Control Tower expected.

    *
    • *
  • *

    * NOT_CHECKING: AWS Control Tower does not check drift for this enabled - * control. Drift is not supported for the control type.

    + * control. Drift is not supported for the control type.

    *
    • *
  • *

    * UNKNOWN: AWS Control Tower is not able to check the drift status for the - * enabled control.

    + * enabled control.

    *
    • * */ @@ -403,9 +413,7 @@ export type EnablementStatus = (typeof EnablementStatus)[keyof typeof Enablement /** * @public - *

    - * The deployment summary of the enabled control. - *

    + *

    The deployment summary of the enabled control.

    */ export interface EnablementStatusSummary { /** @@ -431,9 +439,7 @@ export interface EnablementStatusSummary { /** * @public - *

    - * The last operation identifier for the enabled control. - *

    + *

    The last operation identifier for the enabled control.

    */ lastOperationIdentifier?: string; } @@ -442,71 +448,55 @@ export interface EnablementStatusSummary { * @public *

    An AWS Region in which AWS Control Tower expects to find the control deployed.

    *

    The expected Regions are based on the Regions that are governed by the landing zone. In - * certain cases, a control is not actually enabled in the Region as expected, such as during - * drift, or mixed governance.

    + * certain cases, a control is not actually enabled in the Region as expected, such as during + * drift, or mixed governance.

    */ export interface Region { /** * @public - *

    - * The AWS Region name. - *

    + *

    The AWS Region name.

    */ name?: string; } /** * @public - *

    - * Information about the enabled control. - *

    + *

    Information about the enabled control.

    */ export interface EnabledControlDetails { /** * @public - *

    - * The ARN of the enabled control. - *

    + *

    The ARN of the enabled control.

    */ arn?: string; /** * @public - *

    - * The control identifier of the enabled control. For information on how to find the controlIdentifier, see the overview page. - *

    + *

    The control identifier of the enabled control. For information on how to find the controlIdentifier, see the overview page.

    */ controlIdentifier?: string; /** * @public - *

    - * The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page. - *

    + *

    The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

    */ targetIdentifier?: string; /** * @public - *

    - * Target AWS Regions for the enabled control. - *

    + *

    Target AWS Regions for the enabled control.

    */ targetRegions?: Region[]; /** * @public - *

    - * The deployment summary of the enabled control. - *

    + *

    The deployment summary of the enabled control.

    */ statusSummary?: EnablementStatusSummary; /** * @public - *

    - * The drift status of the enabled control. - *

    + *

    The drift status of the enabled control.

    */ driftStatusSummary?: DriftStatusSummary; } @@ -517,9 +507,7 @@ export interface EnabledControlDetails { export interface GetEnabledControlOutput { /** * @public - *

    - * Information about the enabled control. - *

    + *

    Information about the enabled control.

    */ enabledControlDetails: EnabledControlDetails | undefined; } @@ -549,44 +537,38 @@ export interface ListEnabledControlsInput { /** * @public - *

    A summary of enabled controls.

    + *

    Returns a summary of information about an enabled control.

    */ export interface EnabledControlSummary { /** * @public - *

    The ARN of the control. Only Strongly recommended and - * Elective controls are permitted, with the exception of the - * Region deny control. For information on how to find the controlIdentifier, see the overview page.

    + *

    The controlIdentifier of the enabled control.

    */ controlIdentifier?: string; /** * @public - *

    - * The ARN of the enabled control. - *

    + *

    The ARN of the enabled control.

    */ arn?: string; /** * @public *

    - * The ARN of the organizational unit. + * The ARN of the organizational unit. *

    */ targetIdentifier?: string; /** * @public - * + *

    A short description of the status of the enabled control.

    */ statusSummary?: EnablementStatusSummary; /** * @public - *

    - * The drift status of the enabled control. - *

    + *

    The drift status of the enabled control.

    */ driftStatusSummary?: DriftStatusSummary; } @@ -598,14 +580,80 @@ export interface ListEnabledControlsOutput { /** * @public *

    Lists the controls enabled by AWS Control Tower on the specified organizational unit and - * the accounts it contains.

    + * the accounts it contains.

    */ enabledControls: EnabledControlSummary[] | undefined; /** * @public *

    Retrieves the next page of results. If the string is empty, the current response is the - * end of the results.

    + * end of the results.

    */ nextToken?: string; } + +/** + * @public + */ +export interface ListTagsForResourceInput { + /** + * @public + *

    The ARN of the resource.

    + */ + resourceArn: string | undefined; +} + +/** + * @public + */ +export interface ListTagsForResourceOutput { + /** + * @public + *

    A list of tags, as key:value strings.

    + */ + tags: Record | undefined; +} + +/** + * @public + */ +export interface TagResourceInput { + /** + * @public + *

    The ARN of the resource to be tagged.

    + */ + resourceArn: string | undefined; + + /** + * @public + *

    Tags to be applied to the resource.

    + */ + tags: Record | undefined; +} + +/** + * @public + */ +export interface TagResourceOutput {} + +/** + * @public + */ +export interface UntagResourceInput { + /** + * @public + *

    The ARN of the resource.

    + */ + resourceArn: string | undefined; + + /** + * @public + *

    Tag keys to be removed from the resource.

    + */ + tagKeys: string[] | undefined; +} + +/** + * @public + */ +export interface UntagResourceOutput {} diff --git a/clients/client-controltower/src/protocols/Aws_restJson1.ts b/clients/client-controltower/src/protocols/Aws_restJson1.ts index 9bbbab32ff7e..d2b672eac139 100644 --- a/clients/client-controltower/src/protocols/Aws_restJson1.ts +++ b/clients/client-controltower/src/protocols/Aws_restJson1.ts @@ -7,8 +7,10 @@ import { expectNonNull as __expectNonNull, expectObject as __expectObject, expectString as __expectString, + extendedEncodeURIComponent as __extendedEncodeURIComponent, map, parseRfc3339DateTimeWithOffset as __parseRfc3339DateTimeWithOffset, + resolvedPath as __resolvedPath, strictParseInt32 as __strictParseInt32, take, withBaseException, @@ -30,6 +32,12 @@ import { ListEnabledControlsCommandInput, ListEnabledControlsCommandOutput, } from "../commands/ListEnabledControlsCommand"; +import { + ListTagsForResourceCommandInput, + ListTagsForResourceCommandOutput, +} from "../commands/ListTagsForResourceCommand"; +import { TagResourceCommandInput, TagResourceCommandOutput } from "../commands/TagResourceCommand"; +import { UntagResourceCommandInput, UntagResourceCommandOutput } from "../commands/UntagResourceCommand"; import { ControlTowerServiceException as __BaseException } from "../models/ControlTowerServiceException"; import { AccessDeniedException, @@ -88,6 +96,7 @@ export const se_EnableControlCommand = async ( body = JSON.stringify( take(input, { controlIdentifier: [], + tags: (_) => _json(_), targetIdentifier: [], }) ); @@ -191,6 +200,89 @@ export const se_ListEnabledControlsCommand = async ( }); }; +/** + * serializeAws_restJson1ListTagsForResourceCommand + */ +export const se_ListTagsForResourceCommand = async ( + input: ListTagsForResourceCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = {}; + let resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/tags/{resourceArn}"; + resolvedPath = __resolvedPath(resolvedPath, input, "resourceArn", () => input.resourceArn!, "{resourceArn}", false); + let body: any; + return new __HttpRequest({ + protocol, + hostname, + port, + method: "GET", + headers, + path: resolvedPath, + body, + }); +}; + +/** + * serializeAws_restJson1TagResourceCommand + */ +export const se_TagResourceCommand = async ( + input: TagResourceCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + let resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/tags/{resourceArn}"; + resolvedPath = __resolvedPath(resolvedPath, input, "resourceArn", () => input.resourceArn!, "{resourceArn}", false); + let body: any; + body = JSON.stringify( + take(input, { + tags: (_) => _json(_), + }) + ); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "POST", + headers, + path: resolvedPath, + body, + }); +}; + +/** + * serializeAws_restJson1UntagResourceCommand + */ +export const se_UntagResourceCommand = async ( + input: UntagResourceCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = {}; + let resolvedPath = `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/tags/{resourceArn}"; + resolvedPath = __resolvedPath(resolvedPath, input, "resourceArn", () => input.resourceArn!, "{resourceArn}", false); + const query: any = map({ + tagKeys: [ + __expectNonNull(input.tagKeys, `tagKeys`) != null, + () => (input.tagKeys! || []).map((_entry) => _entry as any), + ], + }); + let body: any; + return new __HttpRequest({ + protocol, + hostname, + port, + method: "DELETE", + headers, + path: resolvedPath, + query, + body, + }); +}; + /** * deserializeAws_restJson1DisableControlCommand */ @@ -271,6 +363,7 @@ export const de_EnableControlCommand = async ( }); const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); const doc = take(data, { + arn: __expectString, operationIdentifier: __expectString, }); Object.assign(contents, doc); @@ -499,6 +592,157 @@ const de_ListEnabledControlsCommandError = async ( } }; +/** + * deserializeAws_restJson1ListTagsForResourceCommand + */ +export const de_ListTagsForResourceCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_ListTagsForResourceCommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + const doc = take(data, { + tags: _json, + }); + Object.assign(contents, doc); + return contents; +}; + +/** + * deserializeAws_restJson1ListTagsForResourceCommandError + */ +const de_ListTagsForResourceCommandError = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + const parsedOutput: any = { + ...output, + body: await parseErrorBody(output.body, context), + }; + const errorCode = loadRestJsonErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "InternalServerException": + case "com.amazonaws.controltower#InternalServerException": + throw await de_InternalServerExceptionRes(parsedOutput, context); + case "ResourceNotFoundException": + case "com.amazonaws.controltower#ResourceNotFoundException": + throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); + case "ValidationException": + case "com.amazonaws.controltower#ValidationException": + throw await de_ValidationExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody, + errorCode, + }); + } +}; + +/** + * deserializeAws_restJson1TagResourceCommand + */ +export const de_TagResourceCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 204 && output.statusCode >= 300) { + return de_TagResourceCommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + await collectBody(output.body, context); + return contents; +}; + +/** + * deserializeAws_restJson1TagResourceCommandError + */ +const de_TagResourceCommandError = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + const parsedOutput: any = { + ...output, + body: await parseErrorBody(output.body, context), + }; + const errorCode = loadRestJsonErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "InternalServerException": + case "com.amazonaws.controltower#InternalServerException": + throw await de_InternalServerExceptionRes(parsedOutput, context); + case "ResourceNotFoundException": + case "com.amazonaws.controltower#ResourceNotFoundException": + throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); + case "ValidationException": + case "com.amazonaws.controltower#ValidationException": + throw await de_ValidationExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody, + errorCode, + }); + } +}; + +/** + * deserializeAws_restJson1UntagResourceCommand + */ +export const de_UntagResourceCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 204 && output.statusCode >= 300) { + return de_UntagResourceCommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + await collectBody(output.body, context); + return contents; +}; + +/** + * deserializeAws_restJson1UntagResourceCommandError + */ +const de_UntagResourceCommandError = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + const parsedOutput: any = { + ...output, + body: await parseErrorBody(output.body, context), + }; + const errorCode = loadRestJsonErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "InternalServerException": + case "com.amazonaws.controltower#InternalServerException": + throw await de_InternalServerExceptionRes(parsedOutput, context); + case "ResourceNotFoundException": + case "com.amazonaws.controltower#ResourceNotFoundException": + throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); + case "ValidationException": + case "com.amazonaws.controltower#ValidationException": + throw await de_ValidationExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody, + errorCode, + }); + } +}; + const throwDefaultError = withBaseException(__BaseException); /** * deserializeAws_restJson1AccessDeniedExceptionRes @@ -638,6 +882,8 @@ const de_ValidationExceptionRes = async (parsedOutput: any, context: __SerdeCont return __decorateServiceException(exception, parsedOutput.body); }; +// se_TagMap omitted. + /** * deserializeAws_restJson1ControlOperation */ @@ -663,6 +909,8 @@ const de_ControlOperation = (output: any, context: __SerdeContext): ControlOpera // de_Region omitted. +// de_TagMap omitted. + // de_TargetRegions omitted. const deserializeMetadata = (output: __HttpResponse): __ResponseMetadata => ({ diff --git a/codegen/sdk-codegen/aws-models/controltower.json b/codegen/sdk-codegen/aws-models/controltower.json index 534f080e9b56..ad3be5e5941a 100644 --- a/codegen/sdk-codegen/aws-models/controltower.json +++ b/codegen/sdk-codegen/aws-models/controltower.json @@ -19,6 +19,15 @@ }, { "target": "com.amazonaws.controltower#ListEnabledControls" + }, + { + "target": "com.amazonaws.controltower#ListTagsForResource" + }, + { + "target": "com.amazonaws.controltower#TagResource" + }, + { + "target": "com.amazonaws.controltower#UntagResource" } ], "traits": { @@ -48,7 +57,7 @@ ], "additionalExposedHeaders": ["x-amzn-errortype", "x-amzn-requestid", "x-amzn-trace-id"] }, - "smithy.api#documentation": "

    These interfaces allow you to apply the AWS library of pre-defined\n controls to your organizational units, programmatically. In AWS Control Tower, the terms \"control\" and \"guardrail\" are synonyms. .

    \n

    To call these APIs, you'll need to know:

    \n
      \n
    • \n

      the controlIdentifier for the control--or guardrail--you are targeting.

      \n
      • \n
    • \n

      the ARN associated with the target organizational unit (OU), which we call the targetIdentifier.

      \n
      • \n
    \n

    \n To get the controlIdentifier for your AWS Control Tower\n control:\n

    \n

    The controlIdentifier is an ARN that is specified for each\n control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.

    \n

    The controlIdentifier is unique in each AWS Region for each control. You can\n find the controlIdentifier for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide.\n

    \n

    A quick-reference list of control identifers for the AWS Control Tower legacy Strongly recommended and\n Elective controls is given in Resource identifiers for\n APIs and guardrails in the Controls reference guide section\n of the AWS Control Tower User Guide. Remember that Mandatory controls\n cannot be added or removed.

    \n \n

    \n ARN format:\n arn:aws:controltower:{REGION}::control/{CONTROL_NAME}\n

    \n

    \n Example:\n

    \n

    \n arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED\n

    \n     \n

    \n To get the targetIdentifier:\n

    \n

    The targetIdentifier is the ARN for an OU.

    \n

    In the AWS Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.

    \n \n

    \n OU ARN format:\n

    \n

    \n arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}\n

    \n     \n

    \n Details and examples\n

    \n \n

    To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower\n

    \n

    \n Recording API Requests\n

    \n

    AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your\n AWS account and delivers log files to an Amazon S3 bucket. By using information collected by\n CloudTrail, you can determine which requests the AWS Control Tower service received, who made\n the request and when, and so on. For more about AWS Control Tower and its support for\n CloudTrail, see Logging AWS Control Tower\n Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about\n CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User\n Guide.

    ", + "smithy.api#documentation": "

    These interfaces allow you to apply the AWS library of pre-defined\n controls to your organizational units, programmatically. In AWS Control Tower, the terms \"control\" and \"guardrail\" are synonyms.

    \n

    To call these APIs, you'll need to know:

    \n
      \n
    • \n

      the controlIdentifier for the control--or guardrail--you are targeting.

      \n
      • \n
    • \n

      the ARN associated with the target organizational unit (OU), which we call the targetIdentifier.

      \n
      • \n
    • \n

      the ARN associated with a resource that you wish to tag or untag.

      \n
      • \n
    \n

    \n To get the controlIdentifier for your AWS Control Tower\n control:\n

    \n

    The controlIdentifier is an ARN that is specified for each\n control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.

    \n

    The controlIdentifier is unique in each AWS Region for each control. You can\n find the controlIdentifier for each Region and control in the Tables of control metadata in the AWS Control Tower User Guide.\n

    \n

    A quick-reference list of control identifers for the AWS Control Tower legacy Strongly recommended and\n Elective controls is given in Resource identifiers for\n APIs and controls in the Controls reference guide section\n of the AWS Control Tower User Guide. Remember that Mandatory controls\n cannot be added or removed.

    \n \n

    \n ARN format:\n arn:aws:controltower:{REGION}::control/{CONTROL_NAME}\n

    \n

    \n Example:\n

    \n

    \n arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED\n

    \n     \n

    \n To get the targetIdentifier:\n

    \n

    The targetIdentifier is the ARN for an OU.

    \n

    In the AWS Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.

    \n \n

    \n OU ARN format:\n

    \n

    \n arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}\n

    \n     \n

    \n Details and examples\n

    \n \n

    To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower\n

    \n

    \n Recording API Requests\n

    \n

    AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your\n AWS account and delivers log files to an Amazon S3 bucket. By using information collected by\n CloudTrail, you can determine which requests the AWS Control Tower service received, who made\n the request and when, and so on. For more about AWS Control Tower and its support for\n CloudTrail, see Logging AWS Control Tower\n Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about\n CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User\n Guide.

    ", "smithy.api#title": "AWS Control Tower", "smithy.rules#endpointRuleSet": { "version": "1.0", @@ -895,6 +904,17 @@ "expect": { "error": "Invalid Configuration: Missing Region" } + }, + { + "documentation": "Partition doesn't support DualStack", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true + } } ], "version": "1.0" @@ -985,7 +1005,7 @@ "statusMessage": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "

    If the operation result is FAILED, this string contains a message explaining\n why the operation failed.

    " + "smithy.api#documentation": "

    If the operation result is FAILED, this string contains a message explaining\n why the operation failed.

    " } } }, @@ -1059,7 +1079,7 @@ } ], "traits": { - "smithy.api#documentation": "

    This API call turns off a control. It starts an asynchronous operation that deletes AWS\n resources on the specified organizational unit and the accounts it contains. The resources\n will vary according to the control that you specify. For usage examples, see \n the AWS Control Tower User Guide\n .

    ", + "smithy.api#documentation": "

    This API call turns off a control. It starts an asynchronous operation that deletes AWS\n resources on the specified organizational unit and the accounts it contains. The resources\n will vary according to the control that you specify. For usage examples, see \n the AWS Control Tower User Guide\n .

    ", "smithy.api#http": { "code": 200, "method": "POST", @@ -1073,7 +1093,7 @@ "controlIdentifier": { "target": "com.amazonaws.controltower#ControlIdentifier", "traits": { - "smithy.api#documentation": "

    The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier, see the overview page.

    ", + "smithy.api#documentation": "

    The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier, see the overview page.

    ", "smithy.api#required": {} } }, @@ -1092,7 +1112,7 @@ "operationIdentifier": { "target": "com.amazonaws.controltower#OperationIdentifier", "traits": { - "smithy.api#documentation": "

    The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.

    ", + "smithy.api#documentation": "

    The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.

    ", "smithy.api#required": {} } } @@ -1127,12 +1147,12 @@ "driftStatus": { "target": "com.amazonaws.controltower#DriftStatus", "traits": { - "smithy.api#documentation": "

    The drift status of the enabled control.

    \n

    Valid values:

    \n
      \n
    • \n

      \n DRIFTED: The enabledControl deployed in this configuration\n doesn’t match the configuration that AWS Control Tower expected.

      \n
      • \n
    • \n

      \n IN_SYNC: The enabledControl deployed in this configuration matches\n the configuration that AWS Control Tower expected.

      \n
      • \n
    • \n

      \n NOT_CHECKING: AWS Control Tower does not check drift for this enabled\n control. Drift is not supported for the control type.

      \n
      • \n
    • \n

      \n UNKNOWN: AWS Control Tower is not able to check the drift status for the\n enabled control.

      \n
      • \n
    " + "smithy.api#documentation": "

    The drift status of the enabled control.

    \n

    Valid values:

    \n
      \n
    • \n

      \n DRIFTED: The enabledControl deployed in this configuration\n doesn’t match the configuration that AWS Control Tower expected.

      \n
      • \n
    • \n

      \n IN_SYNC: The enabledControl deployed in this configuration matches\n the configuration that AWS Control Tower expected.

      \n
      • \n
    • \n

      \n NOT_CHECKING: AWS Control Tower does not check drift for this enabled\n control. Drift is not supported for the control type.

      \n
      • \n
    • \n

      \n UNKNOWN: AWS Control Tower is not able to check the drift status for the\n enabled control.

      \n
      • \n
    " } } }, "traits": { - "smithy.api#documentation": "

    The drift summary of the enabled control.

    \n

    AWS Control Tower expects the enabled control\n configuration to include all supported and governed Regions. If the enabled control differs\n from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.

    " + "smithy.api#documentation": "

    The drift summary of the enabled control.

    \n

    AWS Control Tower expects the enabled control\n configuration to include all supported and governed Regions. If the enabled control differs\n from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.

    " } }, "com.amazonaws.controltower#EnableControl": { @@ -1167,7 +1187,7 @@ } ], "traits": { - "smithy.api#documentation": "

    This API call activates a control. It starts an asynchronous operation that creates AWS\n resources on the specified organizational unit and the accounts it contains. The resources\n created will vary according to the control that you specify. For usage examples, see \n the AWS Control Tower User Guide\n \n

    ", + "smithy.api#documentation": "

    This API call activates a control. It starts an asynchronous operation that creates AWS\n resources on the specified organizational unit and the accounts it contains. The resources\n created will vary according to the control that you specify. For usage examples, see \n the AWS Control Tower User Guide\n .

    ", "smithy.api#http": { "code": 200, "method": "POST", @@ -1181,7 +1201,7 @@ "controlIdentifier": { "target": "com.amazonaws.controltower#ControlIdentifier", "traits": { - "smithy.api#documentation": "

    The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier, see the overview page.

    ", + "smithy.api#documentation": "

    The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier, see the overview page.

    ", "smithy.api#required": {} } }, @@ -1191,6 +1211,12 @@ "smithy.api#documentation": "

    The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

    ", "smithy.api#required": {} } + }, + "tags": { + "target": "com.amazonaws.controltower#TagMap", + "traits": { + "smithy.api#documentation": "

    Tags to be applied to the EnabledControl resource.

    " + } } } }, @@ -1200,9 +1226,15 @@ "operationIdentifier": { "target": "com.amazonaws.controltower#OperationIdentifier", "traits": { - "smithy.api#documentation": "

    The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.

    ", + "smithy.api#documentation": "

    The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.

    ", "smithy.api#required": {} } + }, + "arn": { + "target": "com.amazonaws.controltower#Arn", + "traits": { + "smithy.api#documentation": "

    The ARN of the EnabledControl resource.

    " + } } } }, @@ -1212,42 +1244,42 @@ "arn": { "target": "com.amazonaws.controltower#Arn", "traits": { - "smithy.api#documentation": "

    \n The ARN of the enabled control.\n

    " + "smithy.api#documentation": "

    The ARN of the enabled control.

    " } }, "controlIdentifier": { "target": "com.amazonaws.controltower#ControlIdentifier", "traits": { - "smithy.api#documentation": "

    \n The control identifier of the enabled control. For information on how to find the controlIdentifier, see the overview page.\n

    " + "smithy.api#documentation": "

    The control identifier of the enabled control. For information on how to find the controlIdentifier, see the overview page.

    " } }, "targetIdentifier": { "target": "com.amazonaws.controltower#TargetIdentifier", "traits": { - "smithy.api#documentation": "

    \n The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.\n

    " + "smithy.api#documentation": "

    The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

    " } }, "targetRegions": { "target": "com.amazonaws.controltower#TargetRegions", "traits": { - "smithy.api#documentation": "

    \n Target AWS Regions for the enabled control.\n

    " + "smithy.api#documentation": "

    Target AWS Regions for the enabled control.

    " } }, "statusSummary": { "target": "com.amazonaws.controltower#EnablementStatusSummary", "traits": { - "smithy.api#documentation": "

    \n The deployment summary of the enabled control.\n

    " + "smithy.api#documentation": "

    The deployment summary of the enabled control.

    " } }, "driftStatusSummary": { "target": "com.amazonaws.controltower#DriftStatusSummary", "traits": { - "smithy.api#documentation": "

    \n The drift status of the enabled control.\n

    " + "smithy.api#documentation": "

    The drift status of the enabled control.

    " } } }, "traits": { - "smithy.api#documentation": "

    \n Information about the enabled control.\n

    " + "smithy.api#documentation": "

    Information about the enabled control.

    " } }, "com.amazonaws.controltower#EnabledControlSummary": { @@ -1256,36 +1288,36 @@ "controlIdentifier": { "target": "com.amazonaws.controltower#ControlIdentifier", "traits": { - "smithy.api#documentation": "

    The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier, see the overview page.

    " + "smithy.api#documentation": "

    The controlIdentifier of the enabled control.

    " } }, "arn": { "target": "com.amazonaws.controltower#Arn", "traits": { - "smithy.api#documentation": "

    \n The ARN of the enabled control.\n

    " + "smithy.api#documentation": "

    The ARN of the enabled control.

    " } }, "targetIdentifier": { "target": "com.amazonaws.controltower#TargetIdentifier", "traits": { - "smithy.api#documentation": "

    \n The ARN of the organizational unit.\n

    " + "smithy.api#documentation": "

    \n The ARN of the organizational unit.\n

    " } }, "statusSummary": { "target": "com.amazonaws.controltower#EnablementStatusSummary", "traits": { - "smithy.api#documentation": "" + "smithy.api#documentation": "

    A short description of the status of the enabled control.

    " } }, "driftStatusSummary": { "target": "com.amazonaws.controltower#DriftStatusSummary", "traits": { - "smithy.api#documentation": "

    \n The drift status of the enabled control.\n

    " + "smithy.api#documentation": "

    The drift status of the enabled control.

    " } } }, "traits": { - "smithy.api#documentation": "

    A summary of enabled controls.

    " + "smithy.api#documentation": "

    Returns a summary of information about an enabled control.

    " } }, "com.amazonaws.controltower#EnabledControls": { @@ -1325,12 +1357,12 @@ "lastOperationIdentifier": { "target": "com.amazonaws.controltower#OperationIdentifier", "traits": { - "smithy.api#documentation": "

    \n The last operation identifier for the enabled control.\n

    " + "smithy.api#documentation": "

    The last operation identifier for the enabled control.

    " } } }, "traits": { - "smithy.api#documentation": "

    \n The deployment summary of the enabled control. \n

    " + "smithy.api#documentation": "

    The deployment summary of the enabled control.

    " } }, "com.amazonaws.controltower#GetControlOperation": { @@ -1359,7 +1391,7 @@ } ], "traits": { - "smithy.api#documentation": "

    Returns the status of a particular EnableControl or\n DisableControl operation. Displays a message in case of error. Details for an\n operation are available for 90 days. For usage examples, see \n the AWS Control Tower User Guide\n \n

    ", + "smithy.api#documentation": "

    Returns the status of a particular EnableControl or\n DisableControl operation. Displays a message in case of error. Details for an\n operation are available for 90 days. For usage examples, see \n the AWS Control Tower User Guide\n .

    ", "smithy.api#http": { "code": 200, "method": "POST", @@ -1374,7 +1406,7 @@ "operationIdentifier": { "target": "com.amazonaws.controltower#OperationIdentifier", "traits": { - "smithy.api#documentation": "

    The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.

    ", + "smithy.api#documentation": "

    The ID of the asynchronous operation, which is used to track status. The operation is\n available for 90 days.

    ", "smithy.api#required": {} } } @@ -1418,7 +1450,7 @@ } ], "traits": { - "smithy.api#documentation": "

    \n Provides details about the enabled control. For usage examples, see \n the AWS Control Tower User Guide\n .

    \n

    \n Returned values\n

    \n
      \n
    • \n

      TargetRegions: Shows target AWS Regions where the enabled control is available to be deployed.

      \n
      • \n
    • \n

      StatusSummary: Provides a detailed summary of the deployment status.

      \n
      • \n
    • \n

      DriftSummary: Provides a detailed summary of the drifted status.

      \n
      • \n
    ", + "smithy.api#documentation": "

    Retrieves details about an enabled control. For usage examples, see \n the AWS Control Tower User Guide\n .

    ", "smithy.api#http": { "code": 200, "method": "POST", @@ -1433,7 +1465,7 @@ "enabledControlIdentifier": { "target": "com.amazonaws.controltower#Arn", "traits": { - "smithy.api#documentation": "

    \n The ARN of the enabled control.\n

    ", + "smithy.api#documentation": "

    The controlIdentifier of the enabled control.

    ", "smithy.api#required": {} } } @@ -1448,7 +1480,7 @@ "enabledControlDetails": { "target": "com.amazonaws.controltower#EnabledControlDetails", "traits": { - "smithy.api#documentation": "

    \n Information about the enabled control.\n

    ", + "smithy.api#documentation": "

    Information about the enabled control.

    ", "smithy.api#required": {} } } @@ -1500,7 +1532,7 @@ } ], "traits": { - "smithy.api#documentation": "

    Lists the controls enabled by AWS Control Tower on the specified organizational unit and\n the accounts it contains. For usage examples, see \n the AWS Control Tower User Guide\n \n

    ", + "smithy.api#documentation": "

    Lists the controls enabled by AWS Control Tower on the specified organizational unit and\n the accounts it contains. For usage examples, see \n the AWS Control Tower User Guide\n .

    ", "smithy.api#http": { "code": 200, "method": "POST", @@ -1545,18 +1577,78 @@ "enabledControls": { "target": "com.amazonaws.controltower#EnabledControls", "traits": { - "smithy.api#documentation": "

    Lists the controls enabled by AWS Control Tower on the specified organizational unit and\n the accounts it contains.

    ", + "smithy.api#documentation": "

    Lists the controls enabled by AWS Control Tower on the specified organizational unit and\n the accounts it contains.

    ", "smithy.api#required": {} } }, "nextToken": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "

    Retrieves the next page of results. If the string is empty, the current response is the\n end of the results.

    " + "smithy.api#documentation": "

    Retrieves the next page of results. If the string is empty, the current response is the\n end of the results.

    " } } } }, + "com.amazonaws.controltower#ListTagsForResource": { + "type": "operation", + "input": { + "target": "com.amazonaws.controltower#ListTagsForResourceInput" + }, + "output": { + "target": "com.amazonaws.controltower#ListTagsForResourceOutput" + }, + "errors": [ + { + "target": "com.amazonaws.controltower#InternalServerException" + }, + { + "target": "com.amazonaws.controltower#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.controltower#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "

    Returns a list of tags associated with the resource. For usage examples, see \n the AWS Control Tower User Guide\n .

    ", + "smithy.api#http": { + "code": 200, + "method": "GET", + "uri": "/tags/{resourceArn}" + }, + "smithy.api#readonly": {} + } + }, + "com.amazonaws.controltower#ListTagsForResourceInput": { + "type": "structure", + "members": { + "resourceArn": { + "target": "com.amazonaws.controltower#Arn", + "traits": { + "smithy.api#documentation": "

    The ARN of the resource.

    ", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.controltower#ListTagsForResourceOutput": { + "type": "structure", + "members": { + "tags": { + "target": "com.amazonaws.controltower#TagMap", + "traits": { + "smithy.api#documentation": "

    A list of tags, as key:value strings.

    ", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.controltower#MaxResults": { "type": "integer", "traits": { @@ -1582,12 +1674,12 @@ "name": { "target": "com.amazonaws.controltower#RegionName", "traits": { - "smithy.api#documentation": "

    \n The AWS Region name.\n

    " + "smithy.api#documentation": "

    The AWS Region name.

    " } } }, "traits": { - "smithy.api#documentation": "

    An AWS Region in which AWS Control Tower expects to find the control deployed.

    \n

    The expected Regions are based on the Regions that are governed by the landing zone. In\n certain cases, a control is not actually enabled in the Region as expected, such as during\n drift, or mixed governance.

    " + "smithy.api#documentation": "

    An AWS Region in which AWS Control Tower expects to find the control deployed.

    \n

    The expected Regions are based on the Regions that are governed by the landing zone. In\n certain cases, a control is not actually enabled in the Region as expected, such as during\n drift, or mixed governance.

    " } }, "com.amazonaws.controltower#RegionName": { @@ -1631,6 +1723,109 @@ "smithy.api#httpError": 402 } }, + "com.amazonaws.controltower#TagKey": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 128 + } + } + }, + "com.amazonaws.controltower#TagKeys": { + "type": "list", + "member": { + "target": "com.amazonaws.controltower#TagKey" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 200 + } + } + }, + "com.amazonaws.controltower#TagMap": { + "type": "map", + "key": { + "target": "com.amazonaws.controltower#TagKey" + }, + "value": { + "target": "com.amazonaws.controltower#TagValue" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 200 + } + } + }, + "com.amazonaws.controltower#TagResource": { + "type": "operation", + "input": { + "target": "com.amazonaws.controltower#TagResourceInput" + }, + "output": { + "target": "com.amazonaws.controltower#TagResourceOutput" + }, + "errors": [ + { + "target": "com.amazonaws.controltower#InternalServerException" + }, + { + "target": "com.amazonaws.controltower#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.controltower#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "

    Applies tags to a resource. For usage examples, see \n the AWS Control Tower User Guide\n .

    ", + "smithy.api#http": { + "code": 204, + "method": "POST", + "uri": "/tags/{resourceArn}" + } + } + }, + "com.amazonaws.controltower#TagResourceInput": { + "type": "structure", + "members": { + "resourceArn": { + "target": "com.amazonaws.controltower#Arn", + "traits": { + "smithy.api#documentation": "

    The ARN of the resource to be tagged.

    ", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "tags": { + "target": "com.amazonaws.controltower#TagMap", + "traits": { + "smithy.api#documentation": "

    Tags to be applied to the resource.

    ", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.controltower#TagResourceOutput": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.controltower#TagValue": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 256 + } + } + }, "com.amazonaws.controltower#TargetIdentifier": { "type": "string", "traits": { @@ -1691,6 +1886,65 @@ "smithy.api#timestampFormat": "date-time" } }, + "com.amazonaws.controltower#UntagResource": { + "type": "operation", + "input": { + "target": "com.amazonaws.controltower#UntagResourceInput" + }, + "output": { + "target": "com.amazonaws.controltower#UntagResourceOutput" + }, + "errors": [ + { + "target": "com.amazonaws.controltower#InternalServerException" + }, + { + "target": "com.amazonaws.controltower#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.controltower#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "

    Removes tags from a resource. For usage examples, see \n the AWS Control Tower User Guide\n .

    ", + "smithy.api#http": { + "code": 204, + "method": "DELETE", + "uri": "/tags/{resourceArn}" + } + } + }, + "com.amazonaws.controltower#UntagResourceInput": { + "type": "structure", + "members": { + "resourceArn": { + "target": "com.amazonaws.controltower#Arn", + "traits": { + "smithy.api#documentation": "

    The ARN of the resource.

    ", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "tagKeys": { + "target": "com.amazonaws.controltower#TagKeys", + "traits": { + "smithy.api#documentation": "

    Tag keys to be removed from the resource.

    ", + "smithy.api#httpQuery": "tagKeys", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.controltower#UntagResourceOutput": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.controltower#ValidationException": { "type": "structure", "members": {