From 4b14e8f5443c5c2a63cdcdd886136ea1ef04b3d8 Mon Sep 17 00:00:00 2001 From: awstools Date: Mon, 27 Nov 2023 20:10:28 +0000 Subject: [PATCH] feat(client-controltower): This release adds the following support: 1. The EnableControl API can configure controls that are configurable. 2. The GetEnabledControl API shows the configured parameters on an enabled control. 3. The new UpdateEnabledControl API can change parameters on an enabled control. --- clients/client-controltower/README.md | 14 +- .../client-controltower/src/ControlTower.ts | 29 +- .../src/ControlTowerClient.ts | 12 +- .../src/commands/CreateLandingZoneCommand.ts | 12 +- .../src/commands/DeleteLandingZoneCommand.ts | 14 +- .../src/commands/DisableControlCommand.ts | 12 +- .../src/commands/EnableControlCommand.ts | 18 +- .../commands/GetControlOperationCommand.ts | 8 +- .../src/commands/GetEnabledControlCommand.ts | 14 +- .../src/commands/GetLandingZoneCommand.ts | 10 +- .../GetLandingZoneOperationCommand.ts | 10 +- .../commands/ListEnabledControlsCommand.ts | 8 +- .../src/commands/ListLandingZonesCommand.ts | 8 +- .../commands/ListTagsForResourceCommand.ts | 6 +- .../src/commands/ResetLandingZoneCommand.ts | 12 +- .../src/commands/TagResourceCommand.ts | 6 +- .../src/commands/UntagResourceCommand.ts | 6 +- .../commands/UpdateEnabledControlCommand.ts | 173 ++++++++++++ .../src/commands/UpdateLandingZoneCommand.ts | 14 +- .../client-controltower/src/commands/index.ts | 1 + clients/client-controltower/src/index.ts | 6 +- .../src/models/models_0.ts | 212 +++++++++----- .../src/protocols/Aws_restJson1.ts | 181 +++++++++++- .../sdk-codegen/aws-models/controltower.json | 264 ++++++++++++++---- 24 files changed, 833 insertions(+), 217 deletions(-) create mode 100644 clients/client-controltower/src/commands/UpdateEnabledControlCommand.ts diff --git a/clients/client-controltower/README.md b/clients/client-controltower/README.md index e770c533a823..273e11ec11db 100644 --- a/clients/client-controltower/README.md +++ b/clients/client-controltower/README.md @@ -6,8 +6,8 @@ AWS SDK for JavaScript ControlTower Client for Node.js, Browser and React Native. -

These interfaces allow you to apply the Amazon Web Services library of pre-defined -controls to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms "control" and "guardrail" are synonyms.

+

These interfaces allow you to apply the Amazon Web Services library of pre-defined +controls to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms "control" and "guardrail" are synonyms.

To call these APIs, you'll need to know:

-To get the controlIdentifier for your AWS Control Tower +To get the controlIdentifier for your Amazon Web Services Control Tower control:

The controlIdentifier is an ARN that is specified for each @@ -419,6 +419,14 @@ UntagResource [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/controltower/command/UntagResourceCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-controltower/Interface/UntagResourceCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-controltower/Interface/UntagResourceCommandOutput/) + +

+ +UpdateEnabledControl + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/controltower/command/UpdateEnabledControlCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-controltower/Interface/UpdateEnabledControlCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-controltower/Interface/UpdateEnabledControlCommandOutput/) +
diff --git a/clients/client-controltower/src/ControlTower.ts b/clients/client-controltower/src/ControlTower.ts index 898c644fadfd..b5d8a4ebc5d5 100644 --- a/clients/client-controltower/src/ControlTower.ts +++ b/clients/client-controltower/src/ControlTower.ts @@ -68,6 +68,11 @@ import { UntagResourceCommandInput, UntagResourceCommandOutput, } from "./commands/UntagResourceCommand"; +import { + UpdateEnabledControlCommand, + UpdateEnabledControlCommandInput, + UpdateEnabledControlCommandOutput, +} from "./commands/UpdateEnabledControlCommand"; import { UpdateLandingZoneCommand, UpdateLandingZoneCommandInput, @@ -90,6 +95,7 @@ const commands = { ResetLandingZoneCommand, TagResourceCommand, UntagResourceCommand, + UpdateEnabledControlCommand, UpdateLandingZoneCommand, }; @@ -308,6 +314,23 @@ export interface ControlTower { cb: (err: any, data?: UntagResourceCommandOutput) => void ): void; + /** + * @see {@link UpdateEnabledControlCommand} + */ + updateEnabledControl( + args: UpdateEnabledControlCommandInput, + options?: __HttpHandlerOptions + ): Promise; + updateEnabledControl( + args: UpdateEnabledControlCommandInput, + cb: (err: any, data?: UpdateEnabledControlCommandOutput) => void + ): void; + updateEnabledControl( + args: UpdateEnabledControlCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: UpdateEnabledControlCommandOutput) => void + ): void; + /** * @see {@link UpdateLandingZoneCommand} */ @@ -328,8 +351,8 @@ export interface ControlTower { /** * @public - *

These interfaces allow you to apply the Amazon Web Services library of pre-defined - * controls to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms "control" and "guardrail" are synonyms.

+ *

These interfaces allow you to apply the Amazon Web Services library of pre-defined + * controls to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms "control" and "guardrail" are synonyms.

*

To call these APIs, you'll need to know:

*
    *
  • @@ -343,7 +366,7 @@ export interface ControlTower { *
    • *
*

- * To get the controlIdentifier for your AWS Control Tower + * To get the controlIdentifier for your Amazon Web Services Control Tower * control: *

*

The controlIdentifier is an ARN that is specified for each diff --git a/clients/client-controltower/src/ControlTowerClient.ts b/clients/client-controltower/src/ControlTowerClient.ts index 449e7cc0d51c..951b72b64bb6 100644 --- a/clients/client-controltower/src/ControlTowerClient.ts +++ b/clients/client-controltower/src/ControlTowerClient.ts @@ -76,6 +76,10 @@ import { import { ResetLandingZoneCommandInput, ResetLandingZoneCommandOutput } from "./commands/ResetLandingZoneCommand"; import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand"; import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand"; +import { + UpdateEnabledControlCommandInput, + UpdateEnabledControlCommandOutput, +} from "./commands/UpdateEnabledControlCommand"; import { UpdateLandingZoneCommandInput, UpdateLandingZoneCommandOutput } from "./commands/UpdateLandingZoneCommand"; import { ClientInputEndpointParameters, @@ -106,6 +110,7 @@ export type ServiceInputTypes = | ResetLandingZoneCommandInput | TagResourceCommandInput | UntagResourceCommandInput + | UpdateEnabledControlCommandInput | UpdateLandingZoneCommandInput; /** @@ -126,6 +131,7 @@ export type ServiceOutputTypes = | ResetLandingZoneCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput + | UpdateEnabledControlCommandOutput | UpdateLandingZoneCommandOutput; /** @@ -300,8 +306,8 @@ export interface ControlTowerClientResolvedConfig extends ControlTowerClientReso /** * @public - *

These interfaces allow you to apply the Amazon Web Services library of pre-defined - * controls to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms "control" and "guardrail" are synonyms.

+ *

These interfaces allow you to apply the Amazon Web Services library of pre-defined + * controls to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms "control" and "guardrail" are synonyms.

*

To call these APIs, you'll need to know:

*
    *
  • @@ -315,7 +321,7 @@ export interface ControlTowerClientResolvedConfig extends ControlTowerClientReso *
    • *
*

- * To get the controlIdentifier for your AWS Control Tower + * To get the controlIdentifier for your Amazon Web Services Control Tower * control: *

*

The controlIdentifier is an ARN that is specified for each diff --git a/clients/client-controltower/src/commands/CreateLandingZoneCommand.ts b/clients/client-controltower/src/commands/CreateLandingZoneCommand.ts index 4b42708796e5..babefc612450 100644 --- a/clients/client-controltower/src/commands/CreateLandingZoneCommand.ts +++ b/clients/client-controltower/src/commands/CreateLandingZoneCommand.ts @@ -37,8 +37,8 @@ export interface CreateLandingZoneCommandOutput extends CreateLandingZoneOutput, /** * @public - *

Creates a new landing zone. This starts an asynchronous operation that creates and configures a landing zone - * based on the parameters specified in the manifest JSON file.

+ *

Creates a new landing zone. This API call starts an asynchronous operation that creates and configures a landing zone, + * based on the parameters specified in the manifest JSON file.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -71,16 +71,16 @@ export interface CreateLandingZoneCommandOutput extends CreateLandingZoneOutput, *

You do not have sufficient access to perform this action.

* * @throws {@link ConflictException} (client fault) - *

Updating or deleting a resource can cause an inconsistent state.

+ *

Updating or deleting the resource can cause an inconsistent state.

* * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ThrottlingException} (client fault) - *

Request was denied due to request throttling.

+ *

The request was denied due to request throttling.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/DeleteLandingZoneCommand.ts b/clients/client-controltower/src/commands/DeleteLandingZoneCommand.ts index 65c134d496e5..1faf27173c82 100644 --- a/clients/client-controltower/src/commands/DeleteLandingZoneCommand.ts +++ b/clients/client-controltower/src/commands/DeleteLandingZoneCommand.ts @@ -37,8 +37,8 @@ export interface DeleteLandingZoneCommandOutput extends DeleteLandingZoneOutput, /** * @public - *

This decommissions a landing zone. This starts an asynchronous operation that deletes Amazon Web Services Control Tower - * resources deployed in Amazon Web Services Control Tower managed accounts.

+ *

Decommissions a landing zone. This API call starts an asynchronous operation that deletes Amazon Web Services Control Tower + * resources deployed in accounts managed by Amazon Web Services Control Tower.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -66,19 +66,19 @@ export interface DeleteLandingZoneCommandOutput extends DeleteLandingZoneOutput, *

You do not have sufficient access to perform this action.

* * @throws {@link ConflictException} (client fault) - *

Updating or deleting a resource can cause an inconsistent state.

+ *

Updating or deleting the resource can cause an inconsistent state.

* * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ResourceNotFoundException} (client fault) - *

Request references a resource which does not exist.

+ *

The request references a resource that does not exist.

* * @throws {@link ThrottlingException} (client fault) - *

Request was denied due to request throttling.

+ *

The request was denied due to request throttling.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/DisableControlCommand.ts b/clients/client-controltower/src/commands/DisableControlCommand.ts index df14b0799ce3..feb7860b6c69 100644 --- a/clients/client-controltower/src/commands/DisableControlCommand.ts +++ b/clients/client-controltower/src/commands/DisableControlCommand.ts @@ -70,22 +70,22 @@ export interface DisableControlCommandOutput extends DisableControlOutput, __Met *

You do not have sufficient access to perform this action.

* * @throws {@link ConflictException} (client fault) - *

Updating or deleting a resource can cause an inconsistent state.

+ *

Updating or deleting the resource can cause an inconsistent state.

* * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ResourceNotFoundException} (client fault) - *

Request references a resource which does not exist.

+ *

The request references a resource that does not exist.

* * @throws {@link ServiceQuotaExceededException} (client fault) - *

Request would cause a service quota to be exceeded. The limit is 10 concurrent operations.

+ *

The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.

* * @throws {@link ThrottlingException} (client fault) - *

Request was denied due to request throttling.

+ *

The request was denied due to request throttling.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/EnableControlCommand.ts b/clients/client-controltower/src/commands/EnableControlCommand.ts index 071fe94f9a8e..5eafd3cda412 100644 --- a/clients/client-controltower/src/commands/EnableControlCommand.ts +++ b/clients/client-controltower/src/commands/EnableControlCommand.ts @@ -54,6 +54,12 @@ export interface EnableControlCommandOutput extends EnableControlOutput, __Metad * tags: { // TagMap * "": "STRING_VALUE", * }, + * parameters: [ // EnabledControlParameters + * { // EnabledControlParameter + * key: "STRING_VALUE", // required + * value: "DOCUMENT_VALUE", // required + * }, + * ], * }; * const command = new EnableControlCommand(input); * const response = await client.send(command); @@ -74,22 +80,22 @@ export interface EnableControlCommandOutput extends EnableControlOutput, __Metad *

You do not have sufficient access to perform this action.

* * @throws {@link ConflictException} (client fault) - *

Updating or deleting a resource can cause an inconsistent state.

+ *

Updating or deleting the resource can cause an inconsistent state.

* * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ResourceNotFoundException} (client fault) - *

Request references a resource which does not exist.

+ *

The request references a resource that does not exist.

* * @throws {@link ServiceQuotaExceededException} (client fault) - *

Request would cause a service quota to be exceeded. The limit is 10 concurrent operations.

+ *

The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.

* * @throws {@link ThrottlingException} (client fault) - *

Request was denied due to request throttling.

+ *

The request was denied due to request throttling.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/GetControlOperationCommand.ts b/clients/client-controltower/src/commands/GetControlOperationCommand.ts index 5eefd5b56459..a57bddd2f7ae 100644 --- a/clients/client-controltower/src/commands/GetControlOperationCommand.ts +++ b/clients/client-controltower/src/commands/GetControlOperationCommand.ts @@ -75,16 +75,16 @@ export interface GetControlOperationCommandOutput extends GetControlOperationOut *

You do not have sufficient access to perform this action.

* * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ResourceNotFoundException} (client fault) - *

Request references a resource which does not exist.

+ *

The request references a resource that does not exist.

* * @throws {@link ThrottlingException} (client fault) - *

Request was denied due to request throttling.

+ *

The request was denied due to request throttling.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/GetEnabledControlCommand.ts b/clients/client-controltower/src/commands/GetEnabledControlCommand.ts index 91650a49797c..8698ae171034 100644 --- a/clients/client-controltower/src/commands/GetEnabledControlCommand.ts +++ b/clients/client-controltower/src/commands/GetEnabledControlCommand.ts @@ -68,6 +68,12 @@ export interface GetEnabledControlCommandOutput extends GetEnabledControlOutput, * // driftStatusSummary: { // DriftStatusSummary * // driftStatus: "DRIFTED" || "IN_SYNC" || "NOT_CHECKING" || "UNKNOWN", * // }, + * // parameters: [ // EnabledControlParameterSummaries + * // { // EnabledControlParameterSummary + * // key: "STRING_VALUE", // required + * // value: "DOCUMENT_VALUE", // required + * // }, + * // ], * // }, * // }; * @@ -83,16 +89,16 @@ export interface GetEnabledControlCommandOutput extends GetEnabledControlOutput, *

You do not have sufficient access to perform this action.

* * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ResourceNotFoundException} (client fault) - *

Request references a resource which does not exist.

+ *

The request references a resource that does not exist.

* * @throws {@link ThrottlingException} (client fault) - *

Request was denied due to request throttling.

+ *

The request was denied due to request throttling.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/GetLandingZoneCommand.ts b/clients/client-controltower/src/commands/GetLandingZoneCommand.ts index 0d50f0cd44d9..5c5ad49bd03c 100644 --- a/clients/client-controltower/src/commands/GetLandingZoneCommand.ts +++ b/clients/client-controltower/src/commands/GetLandingZoneCommand.ts @@ -37,7 +37,7 @@ export interface GetLandingZoneCommandOutput extends GetLandingZoneOutput, __Met /** * @public - *

Returns details about the landing zone. Displays a message in case of error.

+ *

Returns details about the landing zone. Displays a message in case of error.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -74,16 +74,16 @@ export interface GetLandingZoneCommandOutput extends GetLandingZoneOutput, __Met *

You do not have sufficient access to perform this action.

* * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ResourceNotFoundException} (client fault) - *

Request references a resource which does not exist.

+ *

The request references a resource that does not exist.

* * @throws {@link ThrottlingException} (client fault) - *

Request was denied due to request throttling.

+ *

The request was denied due to request throttling.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/GetLandingZoneOperationCommand.ts b/clients/client-controltower/src/commands/GetLandingZoneOperationCommand.ts index a3f1395e10df..6b124775e693 100644 --- a/clients/client-controltower/src/commands/GetLandingZoneOperationCommand.ts +++ b/clients/client-controltower/src/commands/GetLandingZoneOperationCommand.ts @@ -38,7 +38,7 @@ export interface GetLandingZoneOperationCommandOutput extends GetLandingZoneOper /** * @public *

Returns the status of the specified landing zone operation. Details for an operation are available for - * X days.

+ * 60 days.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -72,16 +72,16 @@ export interface GetLandingZoneOperationCommandOutput extends GetLandingZoneOper *

You do not have sufficient access to perform this action.

* * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ResourceNotFoundException} (client fault) - *

Request references a resource which does not exist.

+ *

The request references a resource that does not exist.

* * @throws {@link ThrottlingException} (client fault) - *

Request was denied due to request throttling.

+ *

The request was denied due to request throttling.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts b/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts index 91de66f82259..0a41a1cc8059 100644 --- a/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts +++ b/clients/client-controltower/src/commands/ListEnabledControlsCommand.ts @@ -84,16 +84,16 @@ export interface ListEnabledControlsCommandOutput extends ListEnabledControlsOut *

You do not have sufficient access to perform this action.

* * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ResourceNotFoundException} (client fault) - *

Request references a resource which does not exist.

+ *

The request references a resource that does not exist.

* * @throws {@link ThrottlingException} (client fault) - *

Request was denied due to request throttling.

+ *

The request was denied due to request throttling.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/ListLandingZonesCommand.ts b/clients/client-controltower/src/commands/ListLandingZonesCommand.ts index c81607acb565..aa77eed9931d 100644 --- a/clients/client-controltower/src/commands/ListLandingZonesCommand.ts +++ b/clients/client-controltower/src/commands/ListLandingZonesCommand.ts @@ -39,7 +39,7 @@ export interface ListLandingZonesCommandOutput extends ListLandingZonesOutput, _ * @public *

Returns the landing zone ARN for the landing zone deployed in your managed account. This API also * creates an ARN for existing accounts that do not yet have a landing zone ARN.

- *

The return limit is one landing zone ARN.

+ *

Returns one landing zone ARN.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -73,13 +73,13 @@ export interface ListLandingZonesCommandOutput extends ListLandingZonesOutput, _ *

You do not have sufficient access to perform this action.

* * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ThrottlingException} (client fault) - *

Request was denied due to request throttling.

+ *

The request was denied due to request throttling.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/ListTagsForResourceCommand.ts b/clients/client-controltower/src/commands/ListTagsForResourceCommand.ts index 2fcff2e73364..642cff16334a 100644 --- a/clients/client-controltower/src/commands/ListTagsForResourceCommand.ts +++ b/clients/client-controltower/src/commands/ListTagsForResourceCommand.ts @@ -66,13 +66,13 @@ export interface ListTagsForResourceCommandOutput extends ListTagsForResourceOut * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape. * * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ResourceNotFoundException} (client fault) - *

Request references a resource which does not exist.

+ *

The request references a resource that does not exist.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/ResetLandingZoneCommand.ts b/clients/client-controltower/src/commands/ResetLandingZoneCommand.ts index 86b2f4f04555..82a767e7ad15 100644 --- a/clients/client-controltower/src/commands/ResetLandingZoneCommand.ts +++ b/clients/client-controltower/src/commands/ResetLandingZoneCommand.ts @@ -38,7 +38,7 @@ export interface ResetLandingZoneCommandOutput extends ResetLandingZoneOutput, _ /** * @public *

This API call resets a landing zone. It starts an asynchronous operation that resets the - * landing zone to the parameters specified in its original configuration.

+ * landing zone to the parameters specified in its original configuration.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -66,19 +66,19 @@ export interface ResetLandingZoneCommandOutput extends ResetLandingZoneOutput, _ *

You do not have sufficient access to perform this action.

* * @throws {@link ConflictException} (client fault) - *

Updating or deleting a resource can cause an inconsistent state.

+ *

Updating or deleting the resource can cause an inconsistent state.

* * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ResourceNotFoundException} (client fault) - *

Request references a resource which does not exist.

+ *

The request references a resource that does not exist.

* * @throws {@link ThrottlingException} (client fault) - *

Request was denied due to request throttling.

+ *

The request was denied due to request throttling.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/TagResourceCommand.ts b/clients/client-controltower/src/commands/TagResourceCommand.ts index 13a51c3daa98..37902c936728 100644 --- a/clients/client-controltower/src/commands/TagResourceCommand.ts +++ b/clients/client-controltower/src/commands/TagResourceCommand.ts @@ -65,13 +65,13 @@ export interface TagResourceCommandOutput extends TagResourceOutput, __MetadataB * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape. * * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ResourceNotFoundException} (client fault) - *

Request references a resource which does not exist.

+ *

The request references a resource that does not exist.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/UntagResourceCommand.ts b/clients/client-controltower/src/commands/UntagResourceCommand.ts index 73e7e767f575..daaa5690c1b6 100644 --- a/clients/client-controltower/src/commands/UntagResourceCommand.ts +++ b/clients/client-controltower/src/commands/UntagResourceCommand.ts @@ -65,13 +65,13 @@ export interface UntagResourceCommandOutput extends UntagResourceOutput, __Metad * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape. * * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ResourceNotFoundException} (client fault) - *

Request references a resource which does not exist.

+ *

The request references a resource that does not exist.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/UpdateEnabledControlCommand.ts b/clients/client-controltower/src/commands/UpdateEnabledControlCommand.ts new file mode 100644 index 000000000000..45686f2403bb --- /dev/null +++ b/clients/client-controltower/src/commands/UpdateEnabledControlCommand.ts @@ -0,0 +1,173 @@ +// smithy-typescript generated code +import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint"; +import { getSerdePlugin } from "@smithy/middleware-serde"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; +import { Command as $Command } from "@smithy/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, + SerdeContext as __SerdeContext, + SMITHY_CONTEXT_KEY, +} from "@smithy/types"; + +import { ControlTowerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../ControlTowerClient"; +import { UpdateEnabledControlInput, UpdateEnabledControlOutput } from "../models/models_0"; +import { de_UpdateEnabledControlCommand, se_UpdateEnabledControlCommand } from "../protocols/Aws_restJson1"; + +/** + * @public + */ +export { __MetadataBearer, $Command }; +/** + * @public + * + * The input for {@link UpdateEnabledControlCommand}. + */ +export interface UpdateEnabledControlCommandInput extends UpdateEnabledControlInput {} +/** + * @public + * + * The output of {@link UpdateEnabledControlCommand}. + */ +export interface UpdateEnabledControlCommandOutput extends UpdateEnabledControlOutput, __MetadataBearer {} + +/** + * @public + *

+ * Updates the configuration of an already enabled control.

+ *

If the enabled control shows an EnablementStatus of SUCCEEDED, supply parameters that are different from the currently configured parameters. Otherwise, Amazon Web Services Control Tower will not accept the request.

+ *

If the enabled control shows an EnablementStatus of FAILED, Amazon Web Services Control Tower will update the control to match any valid parameters that you supply.

+ *

If the DriftSummary status for the control shows as DRIFTED, you cannot call this API. Instead, you can update the control by calling DisableControl and again calling EnableControl, or you can run an extending governance operation. For usage examples, see + * the Amazon Web Services Control Tower User Guide + * + *

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { ControlTowerClient, UpdateEnabledControlCommand } from "@aws-sdk/client-controltower"; // ES Modules import + * // const { ControlTowerClient, UpdateEnabledControlCommand } = require("@aws-sdk/client-controltower"); // CommonJS import + * const client = new ControlTowerClient(config); + * const input = { // UpdateEnabledControlInput + * parameters: [ // EnabledControlParameters // required + * { // EnabledControlParameter + * key: "STRING_VALUE", // required + * value: "DOCUMENT_VALUE", // required + * }, + * ], + * enabledControlIdentifier: "STRING_VALUE", // required + * }; + * const command = new UpdateEnabledControlCommand(input); + * const response = await client.send(command); + * // { // UpdateEnabledControlOutput + * // operationIdentifier: "STRING_VALUE", // required + * // }; + * + * ``` + * + * @param UpdateEnabledControlCommandInput - {@link UpdateEnabledControlCommandInput} + * @returns {@link UpdateEnabledControlCommandOutput} + * @see {@link UpdateEnabledControlCommandInput} for command's `input` shape. + * @see {@link UpdateEnabledControlCommandOutput} for command's `response` shape. + * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape. + * + * @throws {@link AccessDeniedException} (client fault) + *

You do not have sufficient access to perform this action.

+ * + * @throws {@link ConflictException} (client fault) + *

Updating or deleting the resource can cause an inconsistent state.

+ * + * @throws {@link InternalServerException} (server fault) + *

An unexpected error occurred during processing of a request.

+ * + * @throws {@link ResourceNotFoundException} (client fault) + *

The request references a resource that does not exist.

+ * + * @throws {@link ServiceQuotaExceededException} (client fault) + *

The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.

+ * + * @throws {@link ThrottlingException} (client fault) + *

The request was denied due to request throttling.

+ * + * @throws {@link ValidationException} (client fault) + *

The input does not satisfy the constraints specified by an Amazon Web Services service.

+ * + * @throws {@link ControlTowerServiceException} + *

Base exception class for all service exceptions from ControlTower service.

+ * + */ +export class UpdateEnabledControlCommand extends $Command< + UpdateEnabledControlCommandInput, + UpdateEnabledControlCommandOutput, + ControlTowerClientResolvedConfig +> { + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: UpdateEnabledControlCommandInput) { + super(); + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStack, + configuration: ControlTowerClientResolvedConfig, + options?: __HttpHandlerOptions + ): Handler { + this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + this.middlewareStack.use( + getEndpointPlugin(configuration, UpdateEnabledControlCommand.getEndpointParameterInstructions()) + ); + + const stack = clientStack.concat(this.middlewareStack); + + const { logger } = configuration; + const clientName = "ControlTowerClient"; + const commandName = "UpdateEnabledControlCommand"; + const handlerExecutionContext: HandlerExecutionContext = { + logger, + clientName, + commandName, + inputFilterSensitiveLog: (_: any) => _, + outputFilterSensitiveLog: (_: any) => _, + [SMITHY_CONTEXT_KEY]: { + service: "AWSControlTowerApis", + operation: "UpdateEnabledControl", + }, + }; + const { requestHandler } = configuration; + return stack.resolve( + (request: FinalizeHandlerArguments) => + requestHandler.handle(request.request as __HttpRequest, options || {}), + handlerExecutionContext + ); + } + + /** + * @internal + */ + private serialize(input: UpdateEnabledControlCommandInput, context: __SerdeContext): Promise<__HttpRequest> { + return se_UpdateEnabledControlCommand(input, context); + } + + /** + * @internal + */ + private deserialize(output: __HttpResponse, context: __SerdeContext): Promise { + return de_UpdateEnabledControlCommand(output, context); + } +} diff --git a/clients/client-controltower/src/commands/UpdateLandingZoneCommand.ts b/clients/client-controltower/src/commands/UpdateLandingZoneCommand.ts index 4ae47db6b9ed..969870491d85 100644 --- a/clients/client-controltower/src/commands/UpdateLandingZoneCommand.ts +++ b/clients/client-controltower/src/commands/UpdateLandingZoneCommand.ts @@ -38,8 +38,8 @@ export interface UpdateLandingZoneCommandOutput extends UpdateLandingZoneOutput, /** * @public *

This API call updates the landing zone. It starts an asynchronous operation that updates the - * landing zone based on the new landing zone version or the updated parameters specified in the - * updated manifest file.

+ * landing zone based on the new landing zone version, or on the changed parameters specified in the + * updated manifest file.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -69,19 +69,19 @@ export interface UpdateLandingZoneCommandOutput extends UpdateLandingZoneOutput, *

You do not have sufficient access to perform this action.

* * @throws {@link ConflictException} (client fault) - *

Updating or deleting a resource can cause an inconsistent state.

+ *

Updating or deleting the resource can cause an inconsistent state.

* * @throws {@link InternalServerException} (server fault) - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

* * @throws {@link ResourceNotFoundException} (client fault) - *

Request references a resource which does not exist.

+ *

The request references a resource that does not exist.

* * @throws {@link ThrottlingException} (client fault) - *

Request was denied due to request throttling.

+ *

The request was denied due to request throttling.

* * @throws {@link ValidationException} (client fault) - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* * @throws {@link ControlTowerServiceException} *

Base exception class for all service exceptions from ControlTower service.

diff --git a/clients/client-controltower/src/commands/index.ts b/clients/client-controltower/src/commands/index.ts index 9bb1b5fa80ab..3fc3a18e0247 100644 --- a/clients/client-controltower/src/commands/index.ts +++ b/clients/client-controltower/src/commands/index.ts @@ -13,4 +13,5 @@ export * from "./ListTagsForResourceCommand"; export * from "./ResetLandingZoneCommand"; export * from "./TagResourceCommand"; export * from "./UntagResourceCommand"; +export * from "./UpdateEnabledControlCommand"; export * from "./UpdateLandingZoneCommand"; diff --git a/clients/client-controltower/src/index.ts b/clients/client-controltower/src/index.ts index 9da906dce708..0b4f0e8e46dc 100644 --- a/clients/client-controltower/src/index.ts +++ b/clients/client-controltower/src/index.ts @@ -1,8 +1,8 @@ // smithy-typescript generated code /* eslint-disable */ /** - *

These interfaces allow you to apply the Amazon Web Services library of pre-defined - * controls to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms "control" and "guardrail" are synonyms.

+ *

These interfaces allow you to apply the Amazon Web Services library of pre-defined + * controls to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms "control" and "guardrail" are synonyms.

*

To call these APIs, you'll need to know:

*
    *
  • @@ -16,7 +16,7 @@ *
    • *
*

- * To get the controlIdentifier for your AWS Control Tower + * To get the controlIdentifier for your Amazon Web Services Control Tower * control: *

*

The controlIdentifier is an ARN that is specified for each diff --git a/clients/client-controltower/src/models/models_0.ts b/clients/client-controltower/src/models/models_0.ts index eadbcb9093fb..ab411650c986 100644 --- a/clients/client-controltower/src/models/models_0.ts +++ b/clients/client-controltower/src/models/models_0.ts @@ -26,7 +26,7 @@ export class AccessDeniedException extends __BaseException { /** * @public - *

Updating or deleting a resource can cause an inconsistent state.

+ *

Updating or deleting the resource can cause an inconsistent state.

*/ export class ConflictException extends __BaseException { readonly name: "ConflictException" = "ConflictException"; @@ -52,7 +52,7 @@ export interface DisableControlInput { * @public *

The ARN of the control. Only Strongly recommended and * Elective controls are permitted, with the exception of the - * Region deny control. For information on how to find the controlIdentifier, see the overview page.

+ * landing zone Region deny control. For information on how to find the controlIdentifier, see the overview page.

*/ controlIdentifier: string | undefined; @@ -77,7 +77,7 @@ export interface DisableControlOutput { /** * @public - *

Unexpected error during processing of request.

+ *

An unexpected error occurred during processing of a request.

*/ export class InternalServerException extends __BaseException { readonly name: "InternalServerException" = "InternalServerException"; @@ -98,7 +98,7 @@ export class InternalServerException extends __BaseException { /** * @public - *

Request references a resource which does not exist.

+ *

The request references a resource that does not exist.

*/ export class ResourceNotFoundException extends __BaseException { readonly name: "ResourceNotFoundException" = "ResourceNotFoundException"; @@ -118,7 +118,7 @@ export class ResourceNotFoundException extends __BaseException { /** * @public - *

Request would cause a service quota to be exceeded. The limit is 10 concurrent operations.

+ *

The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.

*/ export class ServiceQuotaExceededException extends __BaseException { readonly name: "ServiceQuotaExceededException" = "ServiceQuotaExceededException"; @@ -138,7 +138,7 @@ export class ServiceQuotaExceededException extends __BaseException { /** * @public - *

Request was denied due to request throttling.

+ *

The request was denied due to request throttling.

*/ export class ThrottlingException extends __BaseException { readonly name: "ThrottlingException" = "ThrottlingException"; @@ -148,7 +148,8 @@ export class ThrottlingException extends __BaseException { }; /** * @public - *

The ID of the service that is associated with the error.

+ *

The ID of the service that is associated with the error. + *

*/ serviceCode?: string; @@ -160,7 +161,7 @@ export class ThrottlingException extends __BaseException { /** * @public - *

The number of seconds the caller should wait before retrying.

+ *

The number of seconds to wait before retrying.

*/ retryAfterSeconds?: number; @@ -182,7 +183,7 @@ export class ThrottlingException extends __BaseException { /** * @public - *

The input fails to satisfy the constraints specified by an Amazon Web Services service.

+ *

The input does not satisfy the constraints specified by an Amazon Web Services service.

*/ export class ValidationException extends __BaseException { readonly name: "ValidationException" = "ValidationException"; @@ -200,6 +201,25 @@ export class ValidationException extends __BaseException { } } +/** + * @public + *

A set of parameters that configure the behavior of the enabled control. A key/value pair, where Key is of type String and Value is of type Document.

+ */ +export interface EnabledControlParameter { + /** + * @public + *

The key of a key/value pair. It is of type string.

+ */ + key: string | undefined; + + /** + * @public + *

The value of a key/value pair. It can be of type array + * string, number, object, or boolean.

+ */ + value: __DocumentType | undefined; +} + /** * @public */ @@ -208,7 +228,7 @@ export interface EnableControlInput { * @public *

The ARN of the control. Only Strongly recommended and * Elective controls are permitted, with the exception of the - * Region deny control. For information on how to find the controlIdentifier, see the overview page.

+ * landing zone Region deny control. For information on how to find the controlIdentifier, see the overview page.

*/ controlIdentifier: string | undefined; @@ -223,6 +243,12 @@ export interface EnableControlInput { *

Tags to be applied to the EnabledControl resource.

*/ tags?: Record; + + /** + * @public + *

An array of EnabledControlParameter objects

+ */ + parameters?: EnabledControlParameter[]; } /** @@ -262,6 +288,7 @@ export interface GetControlOperationInput { export const ControlOperationType = { DISABLE_CONTROL: "DISABLE_CONTROL", ENABLE_CONTROL: "ENABLE_CONTROL", + UPDATE_ENABLED_CONTROL: "UPDATE_ENABLED_CONTROL", } as const; /** @@ -361,7 +388,7 @@ export type DriftStatus = (typeof DriftStatus)[keyof typeof DriftStatus]; /** * @public - *

The drift summary of the enabled control.

+ *

The drift summary of the enabled control.

*

Amazon Web Services Control Tower expects the enabled control * configuration to include all supported and governed Regions. If the enabled control differs * from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.

@@ -375,28 +402,46 @@ export interface DriftStatusSummary { *
  • *

    * DRIFTED: The enabledControl deployed in this configuration - * doesn’t match the configuration that Amazon Web Services Control Tower expected.

    + * doesn’t match the configuration that Amazon Web Services Control Tower expected.

    *
    • *
  • *

    * IN_SYNC: The enabledControl deployed in this configuration matches - * the configuration that Amazon Web Services Control Tower expected.

    + * the configuration that Amazon Web Services Control Tower expected.

    *
    • *
  • *

    * NOT_CHECKING: Amazon Web Services Control Tower does not check drift for this enabled - * control. Drift is not supported for the control type.

    + * control. Drift is not supported for the control type.

    *
    • *
  • *

    * UNKNOWN: Amazon Web Services Control Tower is not able to check the drift status for the - * enabled control.

    + * enabled control.

    *
    • * */ driftStatus?: DriftStatus; } +/** + * @public + *

    Returns a summary of information about the parameters of an enabled control.

    + */ +export interface EnabledControlParameterSummary { + /** + * @public + *

    The key of a key/value pair.

    + */ + key: string | undefined; + + /** + * @public + *

    The value of a key/value pair.

    + */ + value: __DocumentType | undefined; +} + /** * @public * @enum @@ -447,10 +492,10 @@ export interface EnablementStatusSummary { /** * @public - *

    An Amazon Web Services Region in which Amazon Web Services Control Tower expects to find the control deployed.

    + *

    An Amazon Web Services Region in which Amazon Web Services Control Tower expects to find the control deployed.

    *

    The expected Regions are based on the Regions that are governed by the landing zone. In - * certain cases, a control is not actually enabled in the Region as expected, such as during - * drift, or mixed governance.

    + * certain cases, a control is not actually enabled in the Region as expected, such as during + * drift, or mixed governance.

    */ export interface Region { /** @@ -500,6 +545,12 @@ export interface EnabledControlDetails { *

    The drift status of the enabled control.

    */ driftStatusSummary?: DriftStatusSummary; + + /** + * @public + *

    Array of EnabledControlParameter objects.

    + */ + parameters?: EnabledControlParameterSummary[]; } /** @@ -519,7 +570,7 @@ export interface GetEnabledControlOutput { export interface CreateLandingZoneInput { /** * @public - *

    The landing zone version.

    + *

    The landing zone version, for example, 3.0.

    */ version: string | undefined; @@ -543,14 +594,14 @@ export interface CreateLandingZoneInput { export interface CreateLandingZoneOutput { /** * @public - *

    The ARN of the landing zone.

    + *

    The ARN of the landing zone resource.

    */ arn: string | undefined; /** * @public *

    A unique identifier assigned to a CreateLandingZone operation. You can use this - * identifier as an input of GetLandingZoneOperation to check the operation's status.

    + * identifier as an input of GetLandingZoneOperation to check the operation's status.

    */ operationIdentifier: string | undefined; } @@ -561,7 +612,7 @@ export interface CreateLandingZoneOutput { export interface DeleteLandingZoneInput { /** * @public - *

    The unique identifier of the landing zone.

    + *

    The unique identifier of the landing zone.

    */ landingZoneIdentifier: string | undefined; } @@ -572,8 +623,8 @@ export interface DeleteLandingZoneInput { export interface DeleteLandingZoneOutput { /** * @public - *

    A unique identifier assigned to a DeleteLandingZone operation. You can use this - * identifier as an input of GetLandingZoneOperation to check the operation's status.

    + *

    >A unique identifier assigned to a DeleteLandingZone operation. You can use this + * identifier as an input parameter of GetLandingZoneOperation to check the operation's status.

    */ operationIdentifier: string | undefined; } @@ -584,7 +635,7 @@ export interface DeleteLandingZoneOutput { export interface GetLandingZoneInput { /** * @public - *

    The unique identifier of the landing zone.

    + *

    The unique identifier of the landing zone.

    */ landingZoneIdentifier: string | undefined; } @@ -607,7 +658,7 @@ export type LandingZoneDriftStatus = (typeof LandingZoneDriftStatus)[keyof typeo * @public *

    The drift status summary of the landing zone.

    *

    If the landing zone differs from the expected configuration, it is defined to be in a state of - * drift. You can repair this drift by resetting the landing zone.

    + * drift. You can repair this drift by resetting the landing zone.

    */ export interface LandingZoneDriftStatusSummary { /** @@ -647,57 +698,42 @@ export type LandingZoneStatus = (typeof LandingZoneStatus)[keyof typeof LandingZ /** * @public - *

    Information about the landing zone.

    + *

    Information about the landing zone.

    */ export interface LandingZoneDetail { /** * @public - *

    The landing zone's current deployed version.

    + *

    The landing zone's current deployed version.

    */ version: string | undefined; /** * @public - *

    The landing zone manifest.yaml text file that specifies the landing zone configurations.

    + *

    The landing zone manifest.yaml text file that specifies the landing zone configurations.

    */ manifest: __DocumentType | undefined; /** * @public - *

    The ARN of the landing zone.

    + *

    The ARN of the landing zone.

    */ arn?: string; /** * @public - *

    The landing zone deployment status.

    - *

    Valid values:

    - *
      - *
    • - *

      - * ACTIVE: The landing zone is actively deployed.

      - *
      • - *
    • - *

      - * PROCESSING: The landing zone is processing deployment.

      - *
      • - *
    • - *

      - * FAILED: The landing zone failed deployment.

      - *
      • - *
    + *

    The landing zone deployment status.

    */ status?: LandingZoneStatus; /** * @public - *

    The latest available version of the landing zone.

    + *

    The latest available version of the landing zone.

    */ latestAvailableVersion?: string; /** * @public - *

    The drift status of the landing zone.

    + *

    The drift status of the landing zone.

    */ driftStatus?: LandingZoneDriftStatusSummary; } @@ -708,7 +744,7 @@ export interface LandingZoneDetail { export interface GetLandingZoneOutput { /** * @public - *

    Information about the landing zone.

    + *

    Information about the landing zone.

    */ landingZone: LandingZoneDetail | undefined; } @@ -719,7 +755,7 @@ export interface GetLandingZoneOutput { export interface GetLandingZoneOperationInput { /** * @public - *

    A unique identifier assigned to a landing zone operation.

    + *

    A unique identifier assigned to a landing zone operation.

    */ operationIdentifier: string | undefined; } @@ -757,7 +793,7 @@ export type LandingZoneOperationStatus = (typeof LandingZoneOperationStatus)[key /** * @public - *

    Information about a landing zone operation.

    + *

    Information about a landing zone operation.

    */ export interface LandingZoneOperationDetail { /** @@ -787,20 +823,19 @@ export interface LandingZoneOperationDetail { /** * @public - *

    The landing zone operation start time.

    + *

    The landing zone operation start time.

    */ startTime?: Date; /** * @public - *

    The landing zone operation end time.

    + *

    The landing zone operation end time.

    */ endTime?: Date; /** * @public - *

    The landing zone operation status.

    - *

    Valid values:

    + *

    Valid values:

    *
      *
    • *

      @@ -820,7 +855,7 @@ export interface LandingZoneOperationDetail { /** * @public - *

      If the operation result is FAILED, this string contains a message explaining why the operation failed.

      + *

      If the operation result is FAILED, this string contains a message explaining why the operation failed.

      */ statusMessage?: string; } @@ -831,7 +866,7 @@ export interface LandingZoneOperationDetail { export interface GetLandingZoneOperationOutput { /** * @public - *

      The landing zone operation details.

      + *

      Details about a landing zone operation.

      */ operationDetails: LandingZoneOperationDetail | undefined; } @@ -842,25 +877,25 @@ export interface GetLandingZoneOperationOutput { export interface ListLandingZonesInput { /** * @public - *

      The token to continue the list from a previous API call with the same parameters.

      + *

      The token to continue the list from a previous API call with the same parameters.

      */ nextToken?: string; /** * @public - *

      The maximum number of returned landing zone ARNs.

      + *

      The maximum number of returned landing zone ARNs, which is one.

      */ maxResults?: number; } /** * @public - *

      Returns a summary of information about a landing zone.

      + *

      Returns a summary of information about a landing zone.

      */ export interface LandingZoneSummary { /** * @public - *

      The ARN of the landing zone.

      + *

      The ARN of the landing zone.

      */ arn?: string; } @@ -871,13 +906,13 @@ export interface LandingZoneSummary { export interface ListLandingZonesOutput { /** * @public - *

      The ARN of the landing zone.

      + *

      The ARN of the landing zone.

      */ landingZones: LandingZoneSummary[] | undefined; /** * @public - *

      Retrieves the next page of results. If the string is empty, the current response is the end of the results.

      + *

      Retrieves the next page of results. If the string is empty, the response is the end of the results.

      */ nextToken?: string; } @@ -888,7 +923,7 @@ export interface ListLandingZonesOutput { export interface ResetLandingZoneInput { /** * @public - *

      The unique identifier of the landing zone.

      + *

      The unique identifier of the landing zone.

      */ landingZoneIdentifier: string | undefined; } @@ -900,7 +935,7 @@ export interface ResetLandingZoneOutput { /** * @public *

      A unique identifier assigned to a ResetLandingZone operation. You can use this - * identifier as an input of GetLandingZoneOperation to check the operation's status.

      + * identifier as an input parameter of GetLandingZoneOperation to check the operation's status.

      */ operationIdentifier: string | undefined; } @@ -911,21 +946,20 @@ export interface ResetLandingZoneOutput { export interface UpdateLandingZoneInput { /** * @public - *

      The landing zone version.

      + *

      The landing zone version, for example, 3.2.

      */ version: string | undefined; /** * @public - *

      The manifest.yaml file is a text file that describes your Amazon Web Services resources. For examples, review - * The manifest file - *

      + *

      The manifest.yaml file is a text file that describes your Amazon Web Services resources. For examples, review + * The manifest file.

      */ manifest: __DocumentType | undefined; /** * @public - *

      The unique identifier of the landing zone.

      + *

      The unique identifier of the landing zone.

      */ landingZoneIdentifier: string | undefined; } @@ -984,9 +1018,7 @@ export interface EnabledControlSummary { /** * @public - *

      - * The ARN of the organizational unit. - *

      + *

      The ARN of the organizational unit.

      */ targetIdentifier?: string; @@ -1016,7 +1048,7 @@ export interface ListEnabledControlsOutput { /** * @public - *

      Retrieves the next page of results. If the string is empty, the current response is the + *

      Retrieves the next page of results. If the string is empty, the response is the * end of the results.

      */ nextToken?: string; @@ -1087,3 +1119,35 @@ export interface UntagResourceInput { * @public */ export interface UntagResourceOutput {} + +/** + * @public + */ +export interface UpdateEnabledControlInput { + /** + * @public + *

      A key/value pair, where Key is of type String and Value is of type Document.

      + */ + parameters: EnabledControlParameter[] | undefined; + + /** + * @public + *

      + * The ARN of the enabled control that will be updated. + *

      + */ + enabledControlIdentifier: string | undefined; +} + +/** + * @public + */ +export interface UpdateEnabledControlOutput { + /** + * @public + *

      + * The operation identifier for this UpdateEnabledControl operation. + *

      + */ + operationIdentifier: string | undefined; +} diff --git a/clients/client-controltower/src/protocols/Aws_restJson1.ts b/clients/client-controltower/src/protocols/Aws_restJson1.ts index 229ab78ad4e9..86883dce26ef 100644 --- a/clients/client-controltower/src/protocols/Aws_restJson1.ts +++ b/clients/client-controltower/src/protocols/Aws_restJson1.ts @@ -48,12 +48,19 @@ import { import { ResetLandingZoneCommandInput, ResetLandingZoneCommandOutput } from "../commands/ResetLandingZoneCommand"; import { TagResourceCommandInput, TagResourceCommandOutput } from "../commands/TagResourceCommand"; import { UntagResourceCommandInput, UntagResourceCommandOutput } from "../commands/UntagResourceCommand"; +import { + UpdateEnabledControlCommandInput, + UpdateEnabledControlCommandOutput, +} from "../commands/UpdateEnabledControlCommand"; import { UpdateLandingZoneCommandInput, UpdateLandingZoneCommandOutput } from "../commands/UpdateLandingZoneCommand"; import { ControlTowerServiceException as __BaseException } from "../models/ControlTowerServiceException"; import { AccessDeniedException, ConflictException, ControlOperation, + EnabledControlDetails, + EnabledControlParameter, + EnabledControlParameterSummary, InternalServerException, LandingZoneDetail, LandingZoneOperationDetail, @@ -169,6 +176,7 @@ export const se_EnableControlCommand = async ( body = JSON.stringify( take(input, { controlIdentifier: [], + parameters: (_) => se_EnabledControlParameters(_, context), tags: (_) => _json(_), targetIdentifier: [], }) @@ -474,6 +482,37 @@ export const se_UntagResourceCommand = async ( }); }; +/** + * serializeAws_restJson1UpdateEnabledControlCommand + */ +export const se_UpdateEnabledControlCommand = async ( + input: UpdateEnabledControlCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const { hostname, protocol = "https", port, path: basePath } = await context.endpoint(); + const headers: any = { + "content-type": "application/json", + }; + const resolvedPath = + `${basePath?.endsWith("/") ? basePath.slice(0, -1) : basePath || ""}` + "/update-enabled-control"; + let body: any; + body = JSON.stringify( + take(input, { + enabledControlIdentifier: [], + parameters: (_) => se_EnabledControlParameters(_, context), + }) + ); + return new __HttpRequest({ + protocol, + hostname, + port, + method: "POST", + headers, + path: resolvedPath, + body, + }); +}; + /** * serializeAws_restJson1UpdateLandingZoneCommand */ @@ -832,7 +871,7 @@ export const de_GetEnabledControlCommand = async ( }); const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); const doc = take(data, { - enabledControlDetails: _json, + enabledControlDetails: (_) => de_EnabledControlDetails(_, context), }); Object.assign(contents, doc); return contents; @@ -1324,6 +1363,71 @@ const de_UntagResourceCommandError = async ( } }; +/** + * deserializeAws_restJson1UpdateEnabledControlCommand + */ +export const de_UpdateEnabledControlCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode !== 200 && output.statusCode >= 300) { + return de_UpdateEnabledControlCommandError(output, context); + } + const contents: any = map({ + $metadata: deserializeMetadata(output), + }); + const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); + const doc = take(data, { + operationIdentifier: __expectString, + }); + Object.assign(contents, doc); + return contents; +}; + +/** + * deserializeAws_restJson1UpdateEnabledControlCommandError + */ +const de_UpdateEnabledControlCommandError = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + const parsedOutput: any = { + ...output, + body: await parseErrorBody(output.body, context), + }; + const errorCode = loadRestJsonErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "AccessDeniedException": + case "com.amazonaws.controltower#AccessDeniedException": + throw await de_AccessDeniedExceptionRes(parsedOutput, context); + case "ConflictException": + case "com.amazonaws.controltower#ConflictException": + throw await de_ConflictExceptionRes(parsedOutput, context); + case "InternalServerException": + case "com.amazonaws.controltower#InternalServerException": + throw await de_InternalServerExceptionRes(parsedOutput, context); + case "ResourceNotFoundException": + case "com.amazonaws.controltower#ResourceNotFoundException": + throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); + case "ServiceQuotaExceededException": + case "com.amazonaws.controltower#ServiceQuotaExceededException": + throw await de_ServiceQuotaExceededExceptionRes(parsedOutput, context); + case "ThrottlingException": + case "com.amazonaws.controltower#ThrottlingException": + throw await de_ThrottlingExceptionRes(parsedOutput, context); + case "ValidationException": + case "com.amazonaws.controltower#ValidationException": + throw await de_ValidationExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody, + errorCode, + }); + } +}; + /** * deserializeAws_restJson1UpdateLandingZoneCommand */ @@ -1525,6 +1629,27 @@ const de_ValidationExceptionRes = async (parsedOutput: any, context: __SerdeCont return __decorateServiceException(exception, parsedOutput.body); }; +/** + * serializeAws_restJson1EnabledControlParameter + */ +const se_EnabledControlParameter = (input: EnabledControlParameter, context: __SerdeContext): any => { + return take(input, { + key: [], + value: (_) => se_Document(_, context), + }); +}; + +/** + * serializeAws_restJson1EnabledControlParameters + */ +const se_EnabledControlParameters = (input: EnabledControlParameter[], context: __SerdeContext): any => { + return input + .filter((e: any) => e != null) + .map((entry) => { + return se_EnabledControlParameter(entry, context); + }); +}; + /** * serializeAws_restJson1Manifest */ @@ -1534,6 +1659,13 @@ const se_Manifest = (input: __DocumentType, context: __SerdeContext): any => { // se_TagMap omitted. +/** + * serializeAws_restJson1Document + */ +const se_Document = (input: __DocumentType, context: __SerdeContext): any => { + return input; +}; + /** * deserializeAws_restJson1ControlOperation */ @@ -1549,7 +1681,45 @@ const de_ControlOperation = (output: any, context: __SerdeContext): ControlOpera // de_DriftStatusSummary omitted. -// de_EnabledControlDetails omitted. +/** + * deserializeAws_restJson1EnabledControlDetails + */ +const de_EnabledControlDetails = (output: any, context: __SerdeContext): EnabledControlDetails => { + return take(output, { + arn: __expectString, + controlIdentifier: __expectString, + driftStatusSummary: _json, + parameters: (_: any) => de_EnabledControlParameterSummaries(_, context), + statusSummary: _json, + targetIdentifier: __expectString, + targetRegions: _json, + }) as any; +}; + +/** + * deserializeAws_restJson1EnabledControlParameterSummaries + */ +const de_EnabledControlParameterSummaries = ( + output: any, + context: __SerdeContext +): EnabledControlParameterSummary[] => { + const retVal = (output || []) + .filter((e: any) => e != null) + .map((entry: any) => { + return de_EnabledControlParameterSummary(entry, context); + }); + return retVal; +}; + +/** + * deserializeAws_restJson1EnabledControlParameterSummary + */ +const de_EnabledControlParameterSummary = (output: any, context: __SerdeContext): EnabledControlParameterSummary => { + return take(output, { + key: __expectString, + value: (_: any) => de_Document(_, context), + }) as any; +}; // de_EnabledControls omitted. @@ -1603,6 +1773,13 @@ const de_Manifest = (output: any, context: __SerdeContext): __DocumentType => { // de_TargetRegions omitted. +/** + * deserializeAws_restJson1Document + */ +const de_Document = (output: any, context: __SerdeContext): __DocumentType => { + return output; +}; + const deserializeMetadata = (output: __HttpResponse): __ResponseMetadata => ({ httpStatusCode: output.statusCode, requestId: diff --git a/codegen/sdk-codegen/aws-models/controltower.json b/codegen/sdk-codegen/aws-models/controltower.json index 69e1e0ac3b85..e174a67eb38c 100644 --- a/codegen/sdk-codegen/aws-models/controltower.json +++ b/codegen/sdk-codegen/aws-models/controltower.json @@ -28,6 +28,9 @@ }, { "target": "com.amazonaws.controltower#UntagResource" + }, + { + "target": "com.amazonaws.controltower#UpdateEnabledControl" } ], "resources": [ @@ -63,7 +66,7 @@ ], "additionalExposedHeaders": ["x-amzn-errortype", "x-amzn-requestid", "x-amzn-trace-id"] }, - "smithy.api#documentation": "

      These interfaces allow you to apply the Amazon Web Services library of pre-defined\n controls to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms \"control\" and \"guardrail\" are synonyms.

      \n

      To call these APIs, you'll need to know:

      \n
        \n
      • \n

        the controlIdentifier for the control--or guardrail--you are targeting.

        \n
        • \n
      • \n

        the ARN associated with the target organizational unit (OU), which we call the targetIdentifier.

        \n
        • \n
      • \n

        the ARN associated with a resource that you wish to tag or untag.

        \n
        • \n
      \n

      \n To get the controlIdentifier for your AWS Control Tower\n control:\n

      \n

      The controlIdentifier is an ARN that is specified for each\n control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.

      \n

      The controlIdentifier is unique in each Amazon Web Services Region for each control. You can\n find the controlIdentifier for each Region and control in the Tables of control metadata in the Amazon Web Services Control Tower User Guide.\n

      \n

      A quick-reference list of control identifers for the Amazon Web Services Control Tower legacy Strongly recommended and\n Elective controls is given in Resource identifiers for\n APIs and controls in the Controls reference guide section\n of the Amazon Web Services Control Tower User Guide. Remember that Mandatory controls\n cannot be added or removed.

      \n \n

      \n ARN format:\n arn:aws:controltower:{REGION}::control/{CONTROL_NAME}\n

      \n

      \n Example:\n

      \n

      \n arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED\n

      \n       \n

      \n To get the targetIdentifier:\n

      \n

      The targetIdentifier is the ARN for an OU.

      \n

      In the Amazon Web Services Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.

      \n \n

      \n OU ARN format:\n

      \n

      \n arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}\n

      \n       \n

      \n Details and examples\n

      \n \n

      To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower\n

      \n

      \n Recording API Requests\n

      \n

      Amazon Web Services Control Tower supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your\n Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information collected by\n CloudTrail, you can determine which requests the Amazon Web Services Control Tower service received, who made\n the request and when, and so on. For more about Amazon Web Services Control Tower and its support for\n CloudTrail, see Logging Amazon Web Services Control Tower\n Actions with Amazon Web Services CloudTrail in the Amazon Web Services Control Tower User Guide. To learn more about\n CloudTrail, including how to turn it on and find your log files, see the Amazon Web Services CloudTrail User\n Guide.

      ", + "smithy.api#documentation": "

      These interfaces allow you to apply the Amazon Web Services library of pre-defined\n controls to your organizational units, programmatically. In Amazon Web Services Control Tower, the terms \"control\" and \"guardrail\" are synonyms.

      \n

      To call these APIs, you'll need to know:

      \n
        \n
      • \n

        the controlIdentifier for the control--or guardrail--you are targeting.

        \n
        • \n
      • \n

        the ARN associated with the target organizational unit (OU), which we call the targetIdentifier.

        \n
        • \n
      • \n

        the ARN associated with a resource that you wish to tag or untag.

        \n
        • \n
      \n

      \n To get the controlIdentifier for your Amazon Web Services Control Tower\n control:\n

      \n

      The controlIdentifier is an ARN that is specified for each\n control. You can view the controlIdentifier in the console on the Control details page, as well as in the documentation.

      \n

      The controlIdentifier is unique in each Amazon Web Services Region for each control. You can\n find the controlIdentifier for each Region and control in the Tables of control metadata in the Amazon Web Services Control Tower User Guide.\n

      \n

      A quick-reference list of control identifers for the Amazon Web Services Control Tower legacy Strongly recommended and\n Elective controls is given in Resource identifiers for\n APIs and controls in the Controls reference guide section\n of the Amazon Web Services Control Tower User Guide. Remember that Mandatory controls\n cannot be added or removed.

      \n \n

      \n ARN format:\n arn:aws:controltower:{REGION}::control/{CONTROL_NAME}\n

      \n

      \n Example:\n

      \n

      \n arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED\n

      \n       \n

      \n To get the targetIdentifier:\n

      \n

      The targetIdentifier is the ARN for an OU.

      \n

      In the Amazon Web Services Organizations console, you can find the ARN for the OU on the Organizational unit details page associated with that OU.

      \n \n

      \n OU ARN format:\n

      \n

      \n arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}\n

      \n       \n

      \n Details and examples\n

      \n \n

      To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower\n

      \n

      \n Recording API Requests\n

      \n

      Amazon Web Services Control Tower supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your\n Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information collected by\n CloudTrail, you can determine which requests the Amazon Web Services Control Tower service received, who made\n the request and when, and so on. For more about Amazon Web Services Control Tower and its support for\n CloudTrail, see Logging Amazon Web Services Control Tower\n Actions with Amazon Web Services CloudTrail in the Amazon Web Services Control Tower User Guide. To learn more about\n CloudTrail, including how to turn it on and find your log files, see the Amazon Web Services CloudTrail User\n Guide.

      ", "smithy.api#title": "AWS Control Tower", "smithy.rules#endpointRuleSet": { "version": "1.0", @@ -953,7 +956,7 @@ } }, "traits": { - "smithy.api#documentation": "

      Updating or deleting a resource can cause an inconsistent state.

      ", + "smithy.api#documentation": "

      Updating or deleting the resource can cause an inconsistent state.

      ", "smithy.api#error": "client", "smithy.api#httpError": 409 } @@ -1038,6 +1041,10 @@ { "name": "DISABLE_CONTROL", "value": "DISABLE_CONTROL" + }, + { + "name": "UPDATE_ENABLED_CONTROL", + "value": "UPDATE_ENABLED_CONTROL" } ] } @@ -1068,7 +1075,7 @@ } ], "traits": { - "smithy.api#documentation": "

      Creates a new landing zone. This starts an asynchronous operation that creates and configures a landing zone \n based on the parameters specified in the manifest JSON file.

      ", + "smithy.api#documentation": "

      Creates a new landing zone. This API call starts an asynchronous operation that creates and configures a landing zone, \n based on the parameters specified in the manifest JSON file.

      ", "smithy.api#http": { "code": 200, "method": "POST", @@ -1082,7 +1089,7 @@ "version": { "target": "com.amazonaws.controltower#LandingZoneVersion", "traits": { - "smithy.api#documentation": "

      The landing zone version.

      ", + "smithy.api#documentation": "

      The landing zone version, for example, 3.0.

      ", "smithy.api#required": {} } }, @@ -1111,14 +1118,14 @@ "arn": { "target": "com.amazonaws.controltower#Arn", "traits": { - "smithy.api#documentation": "

      The ARN of the landing zone.

      ", + "smithy.api#documentation": "

      The ARN of the landing zone resource.

      ", "smithy.api#required": {} } }, "operationIdentifier": { "target": "com.amazonaws.controltower#OperationIdentifier", "traits": { - "smithy.api#documentation": "

      A unique identifier assigned to a CreateLandingZone operation. You can use this \n identifier as an input of GetLandingZoneOperation to check the operation's status.

      ", + "smithy.api#documentation": "

      A unique identifier assigned to a CreateLandingZone operation. You can use this \n identifier as an input of GetLandingZoneOperation to check the operation's status.

      ", "smithy.api#required": {} } } @@ -1156,7 +1163,7 @@ } ], "traits": { - "smithy.api#documentation": "

      This decommissions a landing zone. This starts an asynchronous operation that deletes Amazon Web Services Control Tower \n resources deployed in Amazon Web Services Control Tower managed accounts.

      ", + "smithy.api#documentation": "

      Decommissions a landing zone. This API call starts an asynchronous operation that deletes Amazon Web Services Control Tower \n resources deployed in accounts managed by Amazon Web Services Control Tower.

      ", "smithy.api#http": { "code": 200, "method": "POST", @@ -1171,7 +1178,7 @@ "landingZoneIdentifier": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "

      The unique identifier of the landing zone.

      ", + "smithy.api#documentation": "

      The unique identifier of the landing zone.

      ", "smithy.api#required": {} } } @@ -1186,7 +1193,7 @@ "operationIdentifier": { "target": "com.amazonaws.controltower#OperationIdentifier", "traits": { - "smithy.api#documentation": "

      A unique identifier assigned to a DeleteLandingZone operation. You can use this \n identifier as an input of GetLandingZoneOperation to check the operation's status.

      ", + "smithy.api#documentation": "

      >A unique identifier assigned to a DeleteLandingZone operation. You can use this \n identifier as an input parameter of GetLandingZoneOperation to check the operation's status.

      ", "smithy.api#required": {} } } @@ -1241,7 +1248,7 @@ "controlIdentifier": { "target": "com.amazonaws.controltower#ControlIdentifier", "traits": { - "smithy.api#documentation": "

      The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier, see the overview page.

      ", + "smithy.api#documentation": "

      The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n landing zone Region deny control. For information on how to find the controlIdentifier, see the overview page.

      ", "smithy.api#required": {} } }, @@ -1301,12 +1308,12 @@ "driftStatus": { "target": "com.amazonaws.controltower#DriftStatus", "traits": { - "smithy.api#documentation": "

      The drift status of the enabled control.

      \n

      Valid values:

      \n
        \n
      • \n

        \n DRIFTED: The enabledControl deployed in this configuration\n doesn’t match the configuration that Amazon Web Services Control Tower expected.

        \n
        • \n
      • \n

        \n IN_SYNC: The enabledControl deployed in this configuration matches\n the configuration that Amazon Web Services Control Tower expected.

        \n
        • \n
      • \n

        \n NOT_CHECKING: Amazon Web Services Control Tower does not check drift for this enabled\n control. Drift is not supported for the control type.

        \n
        • \n
      • \n

        \n UNKNOWN: Amazon Web Services Control Tower is not able to check the drift status for the\n enabled control.

        \n
        • \n
      " + "smithy.api#documentation": "

      The drift status of the enabled control.

      \n

      Valid values:

      \n
        \n
      • \n

        \n DRIFTED: The enabledControl deployed in this configuration\n doesn’t match the configuration that Amazon Web Services Control Tower expected.

        \n
        • \n
      • \n

        \n IN_SYNC: The enabledControl deployed in this configuration matches\n the configuration that Amazon Web Services Control Tower expected.

        \n
        • \n
      • \n

        \n NOT_CHECKING: Amazon Web Services Control Tower does not check drift for this enabled\n control. Drift is not supported for the control type.

        \n
        • \n
      • \n

        \n UNKNOWN: Amazon Web Services Control Tower is not able to check the drift status for the\n enabled control.

        \n
        • \n
      " } } }, "traits": { - "smithy.api#documentation": "

      The drift summary of the enabled control.

      \n

      Amazon Web Services Control Tower expects the enabled control\n configuration to include all supported and governed Regions. If the enabled control differs\n from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.

      " + "smithy.api#documentation": "

      The drift summary of the enabled control.

      \n

      Amazon Web Services Control Tower expects the enabled control\n configuration to include all supported and governed Regions. If the enabled control differs\n from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.

      " } }, "com.amazonaws.controltower#EnableControl": { @@ -1355,7 +1362,7 @@ "controlIdentifier": { "target": "com.amazonaws.controltower#ControlIdentifier", "traits": { - "smithy.api#documentation": "

      The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n Region deny control. For information on how to find the controlIdentifier, see the overview page.

      ", + "smithy.api#documentation": "

      The ARN of the control. Only Strongly recommended and\n Elective controls are permitted, with the exception of the\n landing zone Region deny control. For information on how to find the controlIdentifier, see the overview page.

      ", "smithy.api#required": {} } }, @@ -1371,6 +1378,12 @@ "traits": { "smithy.api#documentation": "

      Tags to be applied to the EnabledControl resource.

      " } + }, + "parameters": { + "target": "com.amazonaws.controltower#EnabledControlParameters", + "traits": { + "smithy.api#documentation": "

      An array of EnabledControlParameter objects

      " + } } } }, @@ -1430,12 +1443,74 @@ "traits": { "smithy.api#documentation": "

      The drift status of the enabled control.

      " } + }, + "parameters": { + "target": "com.amazonaws.controltower#EnabledControlParameterSummaries", + "traits": { + "smithy.api#documentation": "

      Array of EnabledControlParameter objects.

      " + } } }, "traits": { "smithy.api#documentation": "

      Information about the enabled control.

      " } }, + "com.amazonaws.controltower#EnabledControlParameter": { + "type": "structure", + "members": { + "key": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

      The key of a key/value pair. It is of type string.

      ", + "smithy.api#required": {} + } + }, + "value": { + "target": "smithy.api#Document", + "traits": { + "smithy.api#documentation": "

      The value of a key/value pair. It can be of type array\n string, number, object, or boolean.

      ", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

      A set of parameters that configure the behavior of the enabled control. A key/value pair, where Key is of type String and Value is of type Document.

      " + } + }, + "com.amazonaws.controltower#EnabledControlParameterSummaries": { + "type": "list", + "member": { + "target": "com.amazonaws.controltower#EnabledControlParameterSummary" + } + }, + "com.amazonaws.controltower#EnabledControlParameterSummary": { + "type": "structure", + "members": { + "key": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "

      The key of a key/value pair.

      ", + "smithy.api#required": {} + } + }, + "value": { + "target": "smithy.api#Document", + "traits": { + "smithy.api#documentation": "

      The value of a key/value pair.

      ", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

      Returns a summary of information about the parameters of an enabled control.

      " + } + }, + "com.amazonaws.controltower#EnabledControlParameters": { + "type": "list", + "member": { + "target": "com.amazonaws.controltower#EnabledControlParameter" + } + }, "com.amazonaws.controltower#EnabledControlSummary": { "type": "structure", "members": { @@ -1454,7 +1529,7 @@ "targetIdentifier": { "target": "com.amazonaws.controltower#TargetIdentifier", "traits": { - "smithy.api#documentation": "

      \n The ARN of the organizational unit.\n

      " + "smithy.api#documentation": "

      The ARN of the organizational unit.

      " } }, "statusSummary": { @@ -1673,7 +1748,7 @@ } ], "traits": { - "smithy.api#documentation": "

      Returns details about the landing zone. Displays a message in case of error.

      ", + "smithy.api#documentation": "

      Returns details about the landing zone. Displays a message in case of error.

      ", "smithy.api#http": { "code": 200, "method": "POST", @@ -1688,7 +1763,7 @@ "landingZoneIdentifier": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "

      The unique identifier of the landing zone.

      ", + "smithy.api#documentation": "

      The unique identifier of the landing zone.

      ", "smithy.api#required": {} } } @@ -1723,7 +1798,7 @@ } ], "traits": { - "smithy.api#documentation": "

      Returns the status of the specified landing zone operation. Details for an operation are available for \n X days.

      ", + "smithy.api#documentation": "

      Returns the status of the specified landing zone operation. Details for an operation are available for \n 60 days.

      ", "smithy.api#http": { "code": 200, "method": "POST", @@ -1738,7 +1813,7 @@ "operationIdentifier": { "target": "com.amazonaws.controltower#OperationIdentifier", "traits": { - "smithy.api#documentation": "

      A unique identifier assigned to a landing zone operation.

      ", + "smithy.api#documentation": "

      A unique identifier assigned to a landing zone operation.

      ", "smithy.api#required": {} } } @@ -1753,7 +1828,7 @@ "operationDetails": { "target": "com.amazonaws.controltower#LandingZoneOperationDetail", "traits": { - "smithy.api#documentation": "

      The landing zone operation details.

      ", + "smithy.api#documentation": "

      Details about a landing zone operation.

      ", "smithy.api#required": {} } } @@ -1768,7 +1843,7 @@ "landingZone": { "target": "com.amazonaws.controltower#LandingZoneDetail", "traits": { - "smithy.api#documentation": "

      Information about the landing zone.

      ", + "smithy.api#documentation": "

      Information about the landing zone.

      ", "smithy.api#required": {} } } @@ -1788,7 +1863,7 @@ } }, "traits": { - "smithy.api#documentation": "

      Unexpected error during processing of request.

      ", + "smithy.api#documentation": "

      An unexpected error occurred during processing of a request.

      ", "smithy.api#error": "server", "smithy.api#httpError": 500, "smithy.api#retryable": {} @@ -1800,44 +1875,44 @@ "version": { "target": "com.amazonaws.controltower#LandingZoneVersion", "traits": { - "smithy.api#documentation": "

      The landing zone's current deployed version.

      ", + "smithy.api#documentation": "

      The landing zone's current deployed version.

      ", "smithy.api#required": {} } }, "manifest": { "target": "com.amazonaws.controltower#Manifest", "traits": { - "smithy.api#documentation": "

      The landing zone manifest.yaml text file that specifies the landing zone configurations.

      ", + "smithy.api#documentation": "

      The landing zone manifest.yaml text file that specifies the landing zone configurations.

      ", "smithy.api#required": {} } }, "arn": { "target": "com.amazonaws.controltower#Arn", "traits": { - "smithy.api#documentation": "

      The ARN of the landing zone.

      " + "smithy.api#documentation": "

      The ARN of the landing zone.

      " } }, "status": { "target": "com.amazonaws.controltower#LandingZoneStatus", "traits": { - "smithy.api#documentation": "

      The landing zone deployment status.

      \n

      Valid values:

      \n
        \n
      • \n

        \n ACTIVE: The landing zone is actively deployed.

        \n
        • \n
      • \n

        \n PROCESSING: The landing zone is processing deployment.

        \n
        • \n
      • \n

        \n FAILED: The landing zone failed deployment.

        \n
        • \n
      " + "smithy.api#documentation": "

      The landing zone deployment status.

      " } }, "latestAvailableVersion": { "target": "com.amazonaws.controltower#LandingZoneVersion", "traits": { - "smithy.api#documentation": "

      The latest available version of the landing zone.

      " + "smithy.api#documentation": "

      The latest available version of the landing zone.

      " } }, "driftStatus": { "target": "com.amazonaws.controltower#LandingZoneDriftStatusSummary", "traits": { - "smithy.api#documentation": "

      The drift status of the landing zone.

      " + "smithy.api#documentation": "

      The drift status of the landing zone.

      " } } }, "traits": { - "smithy.api#documentation": "

      Information about the landing zone.

      " + "smithy.api#documentation": "

      Information about the landing zone.

      " } }, "com.amazonaws.controltower#LandingZoneDriftStatus": { @@ -1868,7 +1943,7 @@ } }, "traits": { - "smithy.api#documentation": "

      The drift status summary of the landing zone.

      \n

      If the landing zone differs from the expected configuration, it is defined to be in a state of \n drift. You can repair this drift by resetting the landing zone.

      " + "smithy.api#documentation": "

      The drift status summary of the landing zone.

      \n

      If the landing zone differs from the expected configuration, it is defined to be in a state of \n drift. You can repair this drift by resetting the landing zone.

      " } }, "com.amazonaws.controltower#LandingZoneOperationDetail": { @@ -1883,30 +1958,30 @@ "startTime": { "target": "com.amazonaws.controltower#Timestamp", "traits": { - "smithy.api#documentation": "

      The landing zone operation start time.

      " + "smithy.api#documentation": "

      The landing zone operation start time.

      " } }, "endTime": { "target": "com.amazonaws.controltower#Timestamp", "traits": { - "smithy.api#documentation": "

      The landing zone operation end time.

      " + "smithy.api#documentation": "

      The landing zone operation end time.

      " } }, "status": { "target": "com.amazonaws.controltower#LandingZoneOperationStatus", "traits": { - "smithy.api#documentation": "

      The landing zone operation status.

      \n

      Valid values:

      \n
        \n
      • \n

        \n SUCCEEDED: The landing zone operation succeeded.

        \n
        • \n
      • \n

        \n IN_PROGRESS: The landing zone operation is in progress.

        \n
        • \n
      • \n

        \n FAILED: The landing zone operation failed.

        \n
        • \n
      " + "smithy.api#documentation": "

      Valid values:

      \n
        \n
      • \n

        \n SUCCEEDED: The landing zone operation succeeded.

        \n
        • \n
      • \n

        \n IN_PROGRESS: The landing zone operation is in progress.

        \n
        • \n
      • \n

        \n FAILED: The landing zone operation failed.

        \n
        • \n
      " } }, "statusMessage": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "

      If the operation result is FAILED, this string contains a message explaining why the operation failed.

      " + "smithy.api#documentation": "

      If the operation result is FAILED, this string contains a message explaining why the operation failed.

      " } } }, "traits": { - "smithy.api#documentation": "

      Information about a landing zone operation.

      " + "smithy.api#documentation": "

      Information about a landing zone operation.

      " } }, "com.amazonaws.controltower#LandingZoneOperationStatus": { @@ -2034,12 +2109,12 @@ "arn": { "target": "com.amazonaws.controltower#Arn", "traits": { - "smithy.api#documentation": "

      The ARN of the landing zone.

      " + "smithy.api#documentation": "

      The ARN of the landing zone.

      " } } }, "traits": { - "smithy.api#documentation": "

      Returns a summary of information about a landing zone.

      " + "smithy.api#documentation": "

      Returns a summary of information about a landing zone.

      " } }, "com.amazonaws.controltower#LandingZoneVersion": { @@ -2130,7 +2205,7 @@ "nextToken": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "

      Retrieves the next page of results. If the string is empty, the current response is the\n end of the results.

      " + "smithy.api#documentation": "

      Retrieves the next page of results. If the string is empty, the response is the\n end of the results.

      " } } } @@ -2158,7 +2233,7 @@ } ], "traits": { - "smithy.api#documentation": "

      Returns the landing zone ARN for the landing zone deployed in your managed account. This API also \n creates an ARN for existing accounts that do not yet have a landing zone ARN.

      \n

      The return limit is one landing zone ARN.

      ", + "smithy.api#documentation": "

      Returns the landing zone ARN for the landing zone deployed in your managed account. This API also \n creates an ARN for existing accounts that do not yet have a landing zone ARN.

      \n

      Returns one landing zone ARN.

      ", "smithy.api#http": { "code": 200, "method": "POST", @@ -2179,13 +2254,13 @@ "nextToken": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "

      The token to continue the list from a previous API call with the same parameters.

      " + "smithy.api#documentation": "

      The token to continue the list from a previous API call with the same parameters.

      " } }, "maxResults": { "target": "com.amazonaws.controltower#ListLandingZonesMaxResults", "traits": { - "smithy.api#documentation": "

      The maximum number of returned landing zone ARNs.

      " + "smithy.api#documentation": "

      The maximum number of returned landing zone ARNs, which is one.

      " } } }, @@ -2208,7 +2283,7 @@ "landingZones": { "target": "com.amazonaws.controltower#LandingZoneSummaries", "traits": { - "smithy.api#documentation": "

      The ARN of the landing zone.

      ", + "smithy.api#documentation": "

      The ARN of the landing zone.

      ", "smithy.api#length": { "min": 0, "max": 1 @@ -2219,7 +2294,7 @@ "nextToken": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "

      Retrieves the next page of results. If the string is empty, the current response is the end of the results.

      " + "smithy.api#documentation": "

      Retrieves the next page of results. If the string is empty, the response is the end of the results.

      " } } }, @@ -2320,7 +2395,7 @@ } }, "traits": { - "smithy.api#documentation": "

      An Amazon Web Services Region in which Amazon Web Services Control Tower expects to find the control deployed.

      \n

      The expected Regions are based on the Regions that are governed by the landing zone. In\n certain cases, a control is not actually enabled in the Region as expected, such as during\n drift, or mixed governance.

      " + "smithy.api#documentation": "

      An Amazon Web Services Region in which Amazon Web Services Control Tower expects to find the control deployed.

      \n

      The expected Regions are based on the Regions that are governed by the landing zone. In\n certain cases, a control is not actually enabled in the Region as expected, such as during\n drift, or mixed governance.

      " } }, "com.amazonaws.controltower#RegionName": { @@ -2361,7 +2436,7 @@ } ], "traits": { - "smithy.api#documentation": "

      This API call resets a landing zone. It starts an asynchronous operation that resets the \n landing zone to the parameters specified in its original configuration.

      ", + "smithy.api#documentation": "

      This API call resets a landing zone. It starts an asynchronous operation that resets the \n landing zone to the parameters specified in its original configuration.

      ", "smithy.api#http": { "code": 200, "method": "POST", @@ -2375,7 +2450,7 @@ "landingZoneIdentifier": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "

      The unique identifier of the landing zone.

      ", + "smithy.api#documentation": "

      The unique identifier of the landing zone.

      ", "smithy.api#required": {} } } @@ -2390,7 +2465,7 @@ "operationIdentifier": { "target": "com.amazonaws.controltower#OperationIdentifier", "traits": { - "smithy.api#documentation": "

      A unique identifier assigned to a ResetLandingZone operation. You can use this \n identifier as an input of GetLandingZoneOperation to check the operation's status.

      ", + "smithy.api#documentation": "

      A unique identifier assigned to a ResetLandingZone operation. You can use this \n identifier as an input parameter of GetLandingZoneOperation to check the operation's status.

      ", "smithy.api#required": {} } } @@ -2410,7 +2485,7 @@ } }, "traits": { - "smithy.api#documentation": "

      Request references a resource which does not exist.

      ", + "smithy.api#documentation": "

      The request references a resource that does not exist.

      ", "smithy.api#error": "client", "smithy.api#httpError": 404 } @@ -2426,7 +2501,7 @@ } }, "traits": { - "smithy.api#documentation": "

      Request would cause a service quota to be exceeded. The limit is 10 concurrent operations.

      ", + "smithy.api#documentation": "

      The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.

      ", "smithy.api#error": "client", "smithy.api#httpError": 402 } @@ -2562,7 +2637,7 @@ "serviceCode": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "

      The ID of the service that is associated with the error.

      " + "smithy.api#documentation": "

      The ID of the service that is associated with the error.\n

      " } }, "quotaCode": { @@ -2574,13 +2649,13 @@ "retryAfterSeconds": { "target": "smithy.api#Integer", "traits": { - "smithy.api#documentation": "

      The number of seconds the caller should wait before retrying.

      ", + "smithy.api#documentation": "

      The number of seconds to wait before retrying.

      ", "smithy.api#httpHeader": "Retry-After" } } }, "traits": { - "smithy.api#documentation": "

      Request was denied due to request throttling.

      ", + "smithy.api#documentation": "

      The request was denied due to request throttling.

      ", "smithy.api#error": "client", "smithy.api#httpError": 429, "smithy.api#retryable": { @@ -2653,6 +2728,83 @@ "smithy.api#output": {} } }, + "com.amazonaws.controltower#UpdateEnabledControl": { + "type": "operation", + "input": { + "target": "com.amazonaws.controltower#UpdateEnabledControlInput" + }, + "output": { + "target": "com.amazonaws.controltower#UpdateEnabledControlOutput" + }, + "errors": [ + { + "target": "com.amazonaws.controltower#AccessDeniedException" + }, + { + "target": "com.amazonaws.controltower#ConflictException" + }, + { + "target": "com.amazonaws.controltower#InternalServerException" + }, + { + "target": "com.amazonaws.controltower#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.controltower#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.controltower#ThrottlingException" + }, + { + "target": "com.amazonaws.controltower#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "

      \n Updates the configuration of an already enabled control.

      \n

      If the enabled control shows an EnablementStatus of SUCCEEDED, supply parameters that are different from the currently configured parameters. Otherwise, Amazon Web Services Control Tower will not accept the request.

      \n

      If the enabled control shows an EnablementStatus of FAILED, Amazon Web Services Control Tower will update the control to match any valid parameters that you supply.

      \n

      If the DriftSummary status for the control shows as DRIFTED, you cannot call this API. Instead, you can update the control by calling DisableControl and again calling EnableControl, or you can run an extending governance operation. For usage examples, see \n the Amazon Web Services Control Tower User Guide\n \n

      ", + "smithy.api#http": { + "code": 200, + "method": "POST", + "uri": "/update-enabled-control" + } + } + }, + "com.amazonaws.controltower#UpdateEnabledControlInput": { + "type": "structure", + "members": { + "parameters": { + "target": "com.amazonaws.controltower#EnabledControlParameters", + "traits": { + "smithy.api#documentation": "

      A key/value pair, where Key is of type String and Value is of type Document.

      ", + "smithy.api#required": {} + } + }, + "enabledControlIdentifier": { + "target": "com.amazonaws.controltower#Arn", + "traits": { + "smithy.api#documentation": "

      \n The ARN of the enabled control that will be updated.\n

      ", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.controltower#UpdateEnabledControlOutput": { + "type": "structure", + "members": { + "operationIdentifier": { + "target": "com.amazonaws.controltower#OperationIdentifier", + "traits": { + "smithy.api#documentation": "

      \n The operation identifier for this UpdateEnabledControl operation.\n

      ", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.controltower#UpdateLandingZone": { "type": "operation", "input": { @@ -2682,7 +2834,7 @@ } ], "traits": { - "smithy.api#documentation": "

      This API call updates the landing zone. It starts an asynchronous operation that updates the \n landing zone based on the new landing zone version or the updated parameters specified in the \n updated manifest file.

      ", + "smithy.api#documentation": "

      This API call updates the landing zone. It starts an asynchronous operation that updates the \n landing zone based on the new landing zone version, or on the changed parameters specified in the \n updated manifest file.

      ", "smithy.api#http": { "code": 200, "method": "POST", @@ -2696,21 +2848,21 @@ "version": { "target": "com.amazonaws.controltower#LandingZoneVersion", "traits": { - "smithy.api#documentation": "

      The landing zone version.

      ", + "smithy.api#documentation": "

      The landing zone version, for example, 3.2.

      ", "smithy.api#required": {} } }, "manifest": { "target": "com.amazonaws.controltower#Manifest", "traits": { - "smithy.api#documentation": "

      The manifest.yaml file is a text file that describes your Amazon Web Services resources. For examples, review \n The manifest file\n

      ", + "smithy.api#documentation": "

      The manifest.yaml file is a text file that describes your Amazon Web Services resources. For examples, review \n The manifest file.

      ", "smithy.api#required": {} } }, "landingZoneIdentifier": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "

      The unique identifier of the landing zone.

      ", + "smithy.api#documentation": "

      The unique identifier of the landing zone.

      ", "smithy.api#required": {} } } @@ -2745,7 +2897,7 @@ } }, "traits": { - "smithy.api#documentation": "

      The input fails to satisfy the constraints specified by an Amazon Web Services service.

      ", + "smithy.api#documentation": "

      The input does not satisfy the constraints specified by an Amazon Web Services service.

      ", "smithy.api#error": "client", "smithy.api#httpError": 400 }