AWS API Changes

2023/11/10 - AWS Control Tower - 3 new1 updated api methods

Changes AWS Control Tower supports tagging for enabled controls. This release introduces TagResource, UntagResource and ListTagsForResource APIs to manage tags in existing enabled controls. It updates EnabledControl API to tag resources at creation time.

TagResource (new)

Link ¶

Applies tags to a resource. For usage examples, see the AWS Control Tower User Guide.

See also: AWS API Documentation

Request Syntax

client.tag_resource(
    resourceArn='string',
    tags={
        'string': 'string'
    }
)

type resourceArn:

string

param resourceArn:

[REQUIRED]

The ARN of the resource to be tagged.

type tags:

dict

param tags:

[REQUIRED]

Tags to be applied to the resource.

(string) --
- (string) --

rtype:

dict

returns:

Response Syntax

{}

Response Structure

(dict) --

UntagResource (new)

Link ¶

Removes tags from a resource. For usage examples, see the AWS Control Tower User Guide.

See also: AWS API Documentation

Request Syntax

client.untag_resource(
    resourceArn='string',
    tagKeys=[
        'string',
    ]
)

type resourceArn:

string

param resourceArn:

[REQUIRED]

The ARN of the resource.

type tagKeys:

list

param tagKeys:

[REQUIRED]

Tag keys to be removed from the resource.

(string) --

rtype:

dict

returns:

Response Syntax

{}

Response Structure

(dict) --

ListTagsForResource (new)

Link ¶

Returns a list of tags associated with the resource. For usage examples, see the AWS Control Tower User Guide.

See also: AWS API Documentation

Request Syntax

client.list_tags_for_resource(
    resourceArn='string'
)

type resourceArn:

string

param resourceArn:

[REQUIRED]

The ARN of the resource.

rtype:

dict

returns:

Response Syntax

{
    'tags': {
        'string': 'string'
    }
}

Response Structure

(dict) --
- tags (dict) --
  
  A list of tags, as key:value strings.
  - (string) --
    - (string) --

EnableControl (updated)

Link ¶
Changes (request, response)
Request

{'tags': {'string': 'string'}}

Response

{'arn': 'string'}

This API call activates a control. It starts an asynchronous operation that creates AWS resources on the specified organizational unit and the accounts it contains. The resources created will vary according to the control that you specify. For usage examples, see the AWS Control Tower User Guide.

See also: AWS API Documentation

Request Syntax

client.enable_control(
    controlIdentifier='string',
    tags={
        'string': 'string'
    },
    targetIdentifier='string'
)

type controlIdentifier:

string

param controlIdentifier:

[REQUIRED]

The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny control. For information on how to find the controlIdentifier, see the overview page.

type tags:

dict

param tags:

Tags to be applied to the EnabledControl resource.

(string) --
- (string) --

type targetIdentifier:

string

param targetIdentifier:

[REQUIRED]

The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

rtype:

dict

returns:

Response Syntax

{
    'arn': 'string',
    'operationIdentifier': 'string'
}

Response Structure

(dict) --
- arn (string) --
  
  The ARN of the EnabledControl resource.
- operationIdentifier (string) --
  
  The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.