2024/02/14 - AWS Control Tower - 9 new api methods
Changes Adds support for new Baseline and EnabledBaseline APIs for automating multi-account governance.
Returns the details of an asynchronous baseline operation, as initiated by any of these APIs: EnableBaseline , DisableBaseline , UpdateEnabledBaseline , ResetEnabledBaseline . A status message is displayed in case of operation failure.
See also: AWS API Documentation
Request Syntax
client.get_baseline_operation(
operationIdentifier='string'
)
string
[REQUIRED]
The operation ID returned from mutating asynchronous APIs (Enable, Disable, Update, Reset).
dict
Response Syntax
{
'baselineOperation': {
'endTime': datetime(2015, 1, 1),
'operationIdentifier': 'string',
'operationType': 'ENABLE_BASELINE'|'DISABLE_BASELINE'|'UPDATE_ENABLED_BASELINE'|'RESET_ENABLED_BASELINE',
'startTime': datetime(2015, 1, 1),
'status': 'SUCCEEDED'|'FAILED'|'IN_PROGRESS',
'statusMessage': 'string'
}
}
Response Structure
(dict) --
baselineOperation (dict) --
A baselineOperation object that shows information about the specified operation ID.
endTime (datetime) --
The end time of the operation (if applicable), in ISO 8601 format.
operationIdentifier (string) --
The identifier of the specified operation.
operationType (string) --
An enumerated type ( enum ) with possible values of ENABLE_BASELINE , DISABLE_BASELINE , UPDATE_ENABLED_BASELINE , or RESET_ENABLED_BASELINE .
startTime (datetime) --
The start time of the operation, in ISO 8601 format.
status (string) --
An enumerated type ( enum ) with possible values of SUCCEEDED , FAILED , or IN_PROGRESS .
statusMessage (string) --
A status message that gives more information about the operation's status, if applicable.
Retrieve details of an EnabledBaseline resource by specifying its identifier.
See also: AWS API Documentation
Request Syntax
client.get_enabled_baseline(
enabledBaselineIdentifier='string'
)
string
[REQUIRED]
Identifier of the EnabledBaseline resource to be retrieved, in ARN format.
dict
Response Syntax
{
'enabledBaselineDetails': {
'arn': 'string',
'baselineIdentifier': 'string',
'baselineVersion': 'string',
'parameters': [
{
'key': 'string',
'value': {...}|[...]|123|123.4|'string'|True|None
},
],
'statusSummary': {
'lastOperationIdentifier': 'string',
'status': 'SUCCEEDED'|'FAILED'|'UNDER_CHANGE'
},
'targetIdentifier': 'string'
}
}
Response Structure
(dict) --
enabledBaselineDetails (dict) --
Details of the EnabledBaseline resource.
arn (string) --
The ARN of the EnabledBaseline resource.
baselineIdentifier (string) --
The specific Baseline enabled as part of the EnabledBaseline resource.
baselineVersion (string) --
The enabled version of the Baseline .
parameters (list) --
Shows the parameters that are applied when enabling this Baseline .
(dict) --
Summary of an applied parameter to an EnabledBaseline resource.
key (string) --
A string denoting the parameter key.
value (:ref:`document<document>`) --
A low-level document object of any type (for example, a Java Object).
statusSummary (dict) --
The deployment summary of the enabled control.
lastOperationIdentifier (string) --
The last operation identifier for the enabled control.
status (string) --
The deployment status of the enabled control.
Valid values:
SUCCEEDED : The enabledControl configuration was deployed successfully.
UNDER_CHANGE : The enabledControl configuration is changing.
FAILED : The enabledControl configuration failed to deploy.
targetIdentifier (string) --
The target on which to enable the Baseline .
Disable an EnabledBaseline resource on the specified Target. This API starts an asynchronous operation to remove all resources deployed as part of the baseline enablement. The resource will vary depending on the enabled baseline.
See also: AWS API Documentation
Request Syntax
client.disable_baseline(
enabledBaselineIdentifier='string'
)
string
[REQUIRED]
Identifier of the EnabledBaseline resource to be deactivated, in ARN format.
dict
Response Syntax
{
'operationIdentifier': 'string'
}
Response Structure
(dict) --
operationIdentifier (string) --
The ID (in UUID format) of the asynchronous DisableBaseline operation. This operationIdentifier is used to track status through calls to the GetBaselineOperation API.
Returns a list of summaries describing EnabledBaseline resources. You can filter the list by the corresponding Baseline or Target of the EnabledBaseline resources.
See also: AWS API Documentation
Request Syntax
client.list_enabled_baselines(
filter={
'baselineIdentifiers': [
'string',
],
'targetIdentifiers': [
'string',
]
},
maxResults=123,
nextToken='string'
)
dict
A filter applied on the ListEnabledBaseline operation. Allowed filters are baselineIdentifiers and targetIdentifiers . The filter can be applied for either, or both.
baselineIdentifiers (list) --
Identifiers for the Baseline objects returned as part of the filter operation.
(string) --
targetIdentifiers (list) --
Identifiers for the targets of the Baseline filter operation.
(string) --
integer
The maximum number of results to be shown.
string
A pagination token.
dict
Response Syntax
{
'enabledBaselines': [
{
'arn': 'string',
'baselineIdentifier': 'string',
'baselineVersion': 'string',
'statusSummary': {
'lastOperationIdentifier': 'string',
'status': 'SUCCEEDED'|'FAILED'|'UNDER_CHANGE'
},
'targetIdentifier': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
enabledBaselines (list) --
Retuens a list of summaries of EnabledBaseline resources.
(dict) --
Returns a summary of information about an EnabledBaseline object.
arn (string) --
The ARN of the EnabledBaseline resource
baselineIdentifier (string) --
The specific baseline that is enabled as part of the EnabledBaseline resource.
baselineVersion (string) --
The enabled version of the baseline.
statusSummary (dict) --
The deployment summary of the enabled control.
lastOperationIdentifier (string) --
The last operation identifier for the enabled control.
status (string) --
The deployment status of the enabled control.
Valid values:
SUCCEEDED : The enabledControl configuration was deployed successfully.
UNDER_CHANGE : The enabledControl configuration is changing.
FAILED : The enabledControl configuration failed to deploy.
targetIdentifier (string) --
The target upon which the baseline is enabled.
nextToken (string) --
A pagination token.
Retrieve details about an existing Baseline resource by specifying its identifier.
See also: AWS API Documentation
Request Syntax
client.get_baseline(
baselineIdentifier='string'
)
string
[REQUIRED]
The ARN of the Baseline resource to be retrieved.
dict
Response Syntax
{
'arn': 'string',
'description': 'string',
'name': 'string'
}
Response Structure
(dict) --
arn (string) --
The baseline ARN.
description (string) --
A description of the baseline.
name (string) --
A user-friendly name for the baseline.
Updates an EnabledBaseline resource's applied parameters or version.
See also: AWS API Documentation
Request Syntax
client.update_enabled_baseline(
baselineVersion='string',
enabledBaselineIdentifier='string',
parameters=[
{
'key': 'string',
'value': {...}|[...]|123|123.4|'string'|True|None
},
]
)
string
[REQUIRED]
Specifies the new Baseline version, to which the EnabledBaseline should be updated.
string
[REQUIRED]
Specifies the EnabledBaseline resource to be updated.
list
Parameters to apply when making an update.
(dict) --
A key-value parameter to an EnabledBaseline resource.
key (string) -- [REQUIRED]
A string denoting the parameter key.
value (:ref:`document<document>`) -- [REQUIRED]
A low-level Document object of any type (for example, a Java Object).
dict
Response Syntax
{
'operationIdentifier': 'string'
}
Response Structure
(dict) --
operationIdentifier (string) --
The ID (in UUID format) of the asynchronous UpdateEnabledBaseline operation. This operationIdentifier is used to track status through calls to the GetBaselineOperation API.
Enable (apply) a Baseline to a Target. This API starts an asynchronous operation to deploy resources specified by the Baseline to the specified Target.
See also: AWS API Documentation
Request Syntax
client.enable_baseline(
baselineIdentifier='string',
baselineVersion='string',
parameters=[
{
'key': 'string',
'value': {...}|[...]|123|123.4|'string'|True|None
},
],
tags={
'string': 'string'
},
targetIdentifier='string'
)
string
[REQUIRED]
The ARN of the baseline to be enabled.
string
[REQUIRED]
The specific version to be enabled of the specified baseline.
list
A list of key-value objects that specify enablement parameters, where key is a string and value is a document of any type.
(dict) --
A key-value parameter to an EnabledBaseline resource.
key (string) -- [REQUIRED]
A string denoting the parameter key.
value (:ref:`document<document>`) -- [REQUIRED]
A low-level Document object of any type (for example, a Java Object).
dict
Tags associated with input to EnableBaseline .
(string) --
(string) --
string
[REQUIRED]
The ARN of the target on which the baseline will be enabled. Only OUs are supported as targets.
dict
Response Syntax
{
'arn': 'string',
'operationIdentifier': 'string'
}
Response Structure
(dict) --
arn (string) --
The ARN of the EnabledBaseline resource.
operationIdentifier (string) --
The ID (in UUID format) of the asynchronous EnableBaseline operation. This operationIdentifier is used to track status through calls to the GetBaselineOperation API.
Re-enables an EnabledBaseline resource. For example, this API can re-apply the existing Baseline after a new member account is moved to the target OU.
See also: AWS API Documentation
Request Syntax
client.reset_enabled_baseline(
enabledBaselineIdentifier='string'
)
string
[REQUIRED]
Specifies the ID of the EnabledBaseline resource to be re-enabled, in ARN format.
dict
Response Syntax
{
'operationIdentifier': 'string'
}
Response Structure
(dict) --
operationIdentifier (string) --
The ID (in UUID format) of the asynchronous ResetEnabledBaseline operation. This operationIdentifier is used to track status through calls to the GetBaselineOperation API.
Returns a summary list of all available baselines.
See also: AWS API Documentation
Request Syntax
client.list_baselines(
maxResults=123,
nextToken='string'
)
integer
The maximum number of results to be shown.
string
A pagination token.
dict
Response Syntax
{
'baselines': [
{
'arn': 'string',
'description': 'string',
'name': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
baselines (list) --
A list of Baseline object details.
(dict) --
Returns a summary of information about a Baseline object.
arn (string) --
The full ARN of a Baseline.
description (string) --
A summary description of a Baseline.
name (string) --
The human-readable name of a Baseline.
nextToken (string) --
A pagination token.