AWS API Changes

2023/11/10 - AWS Control Tower - 3 new 1 updated api methods

Changes AWS Control Tower supports tagging for enabled controls. This release introduces TagResource, UntagResource and ListTagsForResource APIs to manage tags in existing enabled controls. It updates EnabledControl API to tag resources at creation time.

TagResource (new)

Link ¶

Applies tags to a resource. For usage examples, see the AWS Control Tower User Guide.

See also: AWS API Documentation

Request Syntax

client.tag_resource(
    resourceArn='string',
    tags={
        'string': 'string'
    }
)

type resourceArn

string

param resourceArn

[REQUIRED]

The ARN of the resource to be tagged.

type tags

dict

param tags

[REQUIRED]

Tags to be applied to the resource.

(string) --
- (string) --

rtype

dict

returns

Response Syntax

{}

Response Structure

(dict) --

UntagResource (new)

Link ¶

Removes tags from a resource. For usage examples, see the AWS Control Tower User Guide.

See also: AWS API Documentation

Request Syntax

client.untag_resource(
    resourceArn='string',
    tagKeys=[
        'string',
    ]
)

type resourceArn

string

param resourceArn

[REQUIRED]

The ARN of the resource.

type tagKeys

list

param tagKeys

[REQUIRED]

Tag keys to be removed from the resource.

(string) --

rtype

dict

returns

Response Syntax

{}

Response Structure

(dict) --

ListTagsForResource (new)

Link ¶

Returns a list of tags associated with the resource. For usage examples, see the AWS Control Tower User Guide.

See also: AWS API Documentation

Request Syntax

client.list_tags_for_resource(
    resourceArn='string'
)

type resourceArn

string

param resourceArn

[REQUIRED]

The ARN of the resource.

rtype

dict

returns

Response Syntax

{
    'tags': {
        'string': 'string'
    }
}

Response Structure

(dict) --
- tags (dict) --
  
  A list of tags, as key:value strings.
  - (string) --
    - (string) --

EnableControl (updated)

Link ¶
Changes (request, response)
Request

{'tags': {'string': 'string'}}

Response

{'arn': 'string'}

This API call activates a control. It starts an asynchronous operation that creates AWS resources on the specified organizational unit and the accounts it contains. The resources created will vary according to the control that you specify. For usage examples, see the AWS Control Tower User Guide.

See also: AWS API Documentation

Request Syntax

client.enable_control(
    controlIdentifier='string',
    tags={
        'string': 'string'
    },
    targetIdentifier='string'
)

type controlIdentifier

string

param controlIdentifier

[REQUIRED]

The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny control. For information on how to find the controlIdentifier , see the overview page.

type tags

dict

param tags

Tags to be applied to the EnabledControl resource.

(string) --
- (string) --

type targetIdentifier

string

param targetIdentifier

[REQUIRED]

The ARN of the organizational unit. For information on how to find the targetIdentifier , see the overview page.

rtype

dict

returns

Response Syntax

{
    'arn': 'string',
    'operationIdentifier': 'string'
}

Response Structure

(dict) --
- arn (string) --
  
  The ARN of the EnabledControl resource.
- operationIdentifier (string) --
  
  The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.