dprevot/python-botocore
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
python-botocore/botocore/data/controltower/2018-05-10/service-2.json
Noah Meyerhans 1beaa08a7f New upstream version 1.29.27+repack
2022-12-12 08:14:19 -08:00

395 lines
16 KiB
JSON
Raw Permalink Blame History

{
"version":"2.0",
"metadata":{
"apiVersion":"2018-05-10",
"endpointPrefix":"controltower",
"jsonVersion":"1.1",
"protocol":"rest-json",
"serviceFullName":"AWS Control Tower",
"serviceId":"ControlTower",
"signatureVersion":"v4",
"signingName":"controltower",
"uid":"controltower-2018-05-10"
},
"operations":{
"DisableControl":{
"name":"DisableControl",
"http":{
"method":"POST",
"requestUri":"/disable-control",
"responseCode":200
},
"input":{"shape":"DisableControlInput"},
"output":{"shape":"DisableControlOutput"},
"errors":[
{"shape":"ValidationException"},
{"shape":"ConflictException"},
{"shape":"ServiceQuotaExceededException"},
{"shape":"InternalServerException"},
{"shape":"AccessDeniedException"},
{"shape":"ThrottlingException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>This API call turns off a control. It starts an asynchronous operation that deletes AWS resources on the specified organizational unit and the accounts it contains. The resources will vary according to the control that you specify.</p>"
},
"EnableControl":{
"name":"EnableControl",
"http":{
"method":"POST",
"requestUri":"/enable-control",
"responseCode":200
},
"input":{"shape":"EnableControlInput"},
"output":{"shape":"EnableControlOutput"},
"errors":[
{"shape":"ValidationException"},
{"shape":"ConflictException"},
{"shape":"ServiceQuotaExceededException"},
{"shape":"InternalServerException"},
{"shape":"AccessDeniedException"},
{"shape":"ThrottlingException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>This API call activates a control. It starts an asynchronous operation that creates AWS resources on the specified organizational unit and the accounts it contains. The resources created will vary according to the control that you specify.</p>"
},
"GetControlOperation":{
"name":"GetControlOperation",
"http":{
"method":"POST",
"requestUri":"/get-control-operation",
"responseCode":200
},
"input":{"shape":"GetControlOperationInput"},
"output":{"shape":"GetControlOperationOutput"},
"errors":[
{"shape":"ValidationException"},
{"shape":"InternalServerException"},
{"shape":"AccessDeniedException"},
{"shape":"ThrottlingException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Returns the status of a particular <code>EnableControl</code> or <code>DisableControl</code> operation. Displays a message in case of error. Details for an operation are available for 90 days.</p>"
},
"ListEnabledControls":{
"name":"ListEnabledControls",
"http":{
"method":"POST",
"requestUri":"/list-enabled-controls",
"responseCode":200
},
"input":{"shape":"ListEnabledControlsInput"},
"output":{"shape":"ListEnabledControlsOutput"},
"errors":[
{"shape":"ValidationException"},
{"shape":"InternalServerException"},
{"shape":"AccessDeniedException"},
{"shape":"ThrottlingException"},
{"shape":"ResourceNotFoundException"}
],
"documentation":"<p>Lists the controls enabled by AWS Control Tower on the specified organizational unit and the accounts it contains.</p>"
}
},
"shapes":{
"AccessDeniedException":{
"type":"structure",
"required":["message"],
"members":{
"message":{"shape":"String"}
},
"documentation":"<p>User does not have sufficient access to perform this action. </p>",
"error":{
"httpStatusCode":403,
"senderFault":true
},
"exception":true
},
"ConflictException":{
"type":"structure",
"required":["message"],
"members":{
"message":{"shape":"String"}
},
"documentation":"<p>Updating or deleting a resource can cause an inconsistent state.</p>",
"error":{
"httpStatusCode":409,
"senderFault":true
},
"exception":true
},
"ControlIdentifier":{
"type":"string",
"max":2048,
"min":20,
"pattern":"^arn:aws[0-9a-zA-Z_\\-:\\/]+$"
},
"ControlOperation":{
"type":"structure",
"members":{
"endTime":{
"shape":"SyntheticTimestamp_date_time",
"documentation":"<p>The time that the operation finished.</p>"
},
"operationType":{
"shape":"ControlOperationType",
"documentation":"<p>One of <code>ENABLE_CONTROL</code> or <code>DISABLE_CONTROL</code>.</p>"
},
"startTime":{
"shape":"SyntheticTimestamp_date_time",
"documentation":"<p>The time that the operation began.</p>"
},
"status":{
"shape":"ControlOperationStatus",
"documentation":"<p>One of <code>IN_PROGRESS</code>, <code>SUCEEDED</code>, or <code>FAILED</code>.</p>"
},
"statusMessage":{
"shape":"String",
"documentation":"<p>If the operation result is <code>FAILED</code>, this string contains a message explaining why the operation failed.</p>"
}
},
"documentation":"<p>An operation performed by the control.</p>"
},
"ControlOperationStatus":{
"type":"string",
"enum":[
"SUCCEEDED",
"FAILED",
"IN_PROGRESS"
]
},
"ControlOperationType":{
"type":"string",
"enum":[
"ENABLE_CONTROL",
"DISABLE_CONTROL"
]
},
"DisableControlInput":{
"type":"structure",
"required":[
"controlIdentifier",
"targetIdentifier"
],
"members":{
"controlIdentifier":{
"shape":"ControlIdentifier",
"documentation":"<p>The ARN of the control. Only <b>Strongly recommended</b> and <b>Elective</b> controls are permitted, with the exception of the <b>Region deny</b> guardrail.</p>"
},
"targetIdentifier":{
"shape":"TargetIdentifier",
"documentation":"<p>The ARN of the organizational unit.</p>"
}
}
},
"DisableControlOutput":{
"type":"structure",
"required":["operationIdentifier"],
"members":{
"operationIdentifier":{
"shape":"OperationIdentifier",
"documentation":"<p>The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.</p>"
}
}
},
"EnableControlInput":{
"type":"structure",
"required":[
"controlIdentifier",
"targetIdentifier"
],
"members":{
"controlIdentifier":{
"shape":"ControlIdentifier",
"documentation":"<p>The ARN of the control. Only <b>Strongly recommended</b> and <b>Elective</b> controls are permitted, with the exception of the <b>Region deny</b> guardrail.</p>"
},
"targetIdentifier":{
"shape":"TargetIdentifier",
"documentation":"<p>The ARN of the organizational unit.</p>"
}
}
},
"EnableControlOutput":{
"type":"structure",
"required":["operationIdentifier"],
"members":{
"operationIdentifier":{
"shape":"OperationIdentifier",
"documentation":"<p>The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.</p>"
}
}
},
"EnabledControlSummary":{
"type":"structure",
"members":{
"controlIdentifier":{
"shape":"ControlIdentifier",
"documentation":"<p>The ARN of the control. Only <b>Strongly recommended</b> and <b>Elective</b> controls are permitted, with the exception of the <b>Region deny</b> guardrail.</p>"
}
},
"documentation":"<p>A summary of enabled controls.</p>"
},
"EnabledControls":{
"type":"list",
"member":{"shape":"EnabledControlSummary"}
},
"GetControlOperationInput":{
"type":"structure",
"required":["operationIdentifier"],
"members":{
"operationIdentifier":{
"shape":"OperationIdentifier",
"documentation":"<p>The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.</p>"
}
}
},
"GetControlOperationOutput":{
"type":"structure",
"required":["controlOperation"],
"members":{
"controlOperation":{
"shape":"ControlOperation",
"documentation":"<p/>"
}
}
},
"Integer":{
"type":"integer",
"box":true
},
"InternalServerException":{
"type":"structure",
"required":["message"],
"members":{
"message":{"shape":"String"}
},
"documentation":"<p>Unexpected error during processing of request.</p>",
"error":{"httpStatusCode":500},
"exception":true,
"fault":true,
"retryable":{"throttling":false}
},
"ListEnabledControlsInput":{
"type":"structure",
"required":["targetIdentifier"],
"members":{
"maxResults":{
"shape":"MaxResults",
"documentation":"<p>How many results to return per API call.</p>"
},
"nextToken":{
"shape":"String",
"documentation":"<p>The token to continue the list from a previous API call with the same parameters.</p>"
},
"targetIdentifier":{
"shape":"TargetIdentifier",
"documentation":"<p>The ARN of the organizational unit.</p>"
}
}
},
"ListEnabledControlsOutput":{
"type":"structure",
"required":["enabledControls"],
"members":{
"enabledControls":{
"shape":"EnabledControls",
"documentation":"<p>Lists the controls enabled by AWS Control Tower on the specified organizational unit and the accounts it contains.</p>"
},
"nextToken":{
"shape":"String",
"documentation":"<p>Retrieves the next page of results. If the string is empty, the current response is the end of the results.</p>"
}
}
},
"MaxResults":{
"type":"integer",
"box":true,
"max":100,
"min":1
},
"OperationIdentifier":{
"type":"string",
"max":36,
"min":36,
"pattern":"^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$"
},
"ResourceNotFoundException":{
"type":"structure",
"required":["message"],
"members":{
"message":{"shape":"String"}
},
"documentation":"<p>Request references a resource which does not exist.</p>",
"error":{
"httpStatusCode":404,
"senderFault":true
},
"exception":true
},
"ServiceQuotaExceededException":{
"type":"structure",
"required":["message"],
"members":{
"message":{"shape":"String"}
},
"documentation":"<p>Request would cause a service quota to be exceeded. The limit is 10 concurrent operations. </p>",
"error":{
"httpStatusCode":402,
"senderFault":true
},
"exception":true
},
"String":{"type":"string"},
"SyntheticTimestamp_date_time":{
"type":"timestamp",
"timestampFormat":"iso8601"
},
"TargetIdentifier":{
"type":"string",
"max":2048,
"min":20,
"pattern":"^arn:aws[0-9a-zA-Z_\\-:\\/]+$"
},
"ThrottlingException":{
"type":"structure",
"required":["message"],
"members":{
"message":{"shape":"String"},
"quotaCode":{
"shape":"String",
"documentation":"<p>The ID of the service quota that was exceeded.</p>"
},
"retryAfterSeconds":{
"shape":"Integer",
"documentation":"<p>The number of seconds the caller should wait before retrying.</p>",
"location":"header",
"locationName":"Retry-After"
},
"serviceCode":{
"shape":"String",
"documentation":"<p>The ID of the service that is associated with the error.</p>"
}
},
"documentation":"<p> Request was denied due to request throttling.</p>",
"error":{
"httpStatusCode":429,
"senderFault":true
},
"exception":true,
"retryable":{"throttling":true}
},
"ValidationException":{
"type":"structure",
"required":["message"],
"members":{
"message":{"shape":"String"}
},
"documentation":"<p>The input fails to satisfy the constraints specified by an AWS service.</p>",
"error":{
"httpStatusCode":400,
"senderFault":true
},
"exception":true
}
},
"documentation":"<p>These interfaces allow you to apply the AWS library of pre-defined <i>controls</i> to your organizational units, programmatically. In this context, controls are the same as AWS Control Tower guardrails.</p> <p>To call these APIs, you'll need to know:</p> <ul> <li> <p>the <code>ControlARN</code> for the control--that is, the guardrail--you are targeting,</p> </li> <li> <p>and the ARN associated with the target organizational unit (OU).</p> </li> </ul> <p> <b>To get the <code>ControlARN</code> for your AWS Control Tower guardrail:</b> </p> <p>The <code>ControlARN</code> contains the control name which is specified in each guardrail. For a list of control names for <i>Strongly recommended</i> and <i>Elective</i> guardrails, see <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html.html\">Resource identifiers for APIs and guardrails</a> in the <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/automating-tasks.html\">Automating tasks section</a> of the AWS Control Tower User Guide. Remember that <i>Mandatory</i> guardrails cannot be added or removed.</p> <note> <p> <b>ARN format:</b> <code>arn:aws:controltower:{REGION}::control/{CONTROL_NAME}</code> </p> <p> <b>Example:</b> </p> <p> <code>arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED</code> </p> </note> <p> <b>To get the ARN for an OU:</b> </p> <p>In the AWS Organizations console, you can find the ARN for the OU on the <b>Organizational unit details</b> page associated with that OU.</p> <note> <p> <b>OU ARN format:</b> </p> <p> <code>arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}</code> </p> </note> <p class=\"title\"> <b>Details and examples</b> </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html\">List of resource identifiers for APIs and guardrails</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/guardrail-api-examples-short.html\">Guardrail API examples (CLI)</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/enable-controls.html\">Enable controls with AWS CloudFormation</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/creating-resources-with-cloudformation.html\">Creating AWS Control Tower resources with AWS CloudFormation</a> </p> </li> </ul> <p>To view the open source resource repository on GitHub, see <a href=\"https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-controltower\">aws-cloudformation/aws-cloudformation-resource-providers-controltower</a> </p> <p> <b>Recording API Requests</b> </p> <p>AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the AWS Control Tower service received, who made the request and when, and so on. For more about AWS Control Tower and its support for CloudTrail, see <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/logging-using-cloudtrail.html\">Logging AWS Control Tower Actions with AWS CloudTrail</a> in the AWS Control Tower User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.</p>"
}
Reference in a new issue View git blame Copy permalink