/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include namespace Aws { namespace ControlTower { /** *

These interfaces allow you to apply the AWS library of pre-defined * controls to your organizational units, programmatically. In this context, * controls are the same as AWS Control Tower guardrails.

To call these * APIs, you'll need to know:

the ControlARN for the * control--that is, the guardrail--you are targeting,
and the * ARN associated with the target organizational unit (OU).

* To get the ControlARN for your AWS Control Tower guardrail: *

The ControlARN contains the control name which is specified * in each guardrail. For a list of control names for Strongly recommended * and Elective guardrails, see Resource * identifiers for APIs and guardrails in the Automating * tasks section of the AWS Control Tower User Guide. Remember that * Mandatory guardrails cannot be added or removed.

ARN * format: arn:aws:controltower:{REGION}::control/{CONTROL_NAME} *

Example:

* arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED *

To get the ARN for an OU:

In the AWS * Organizations console, you can find the ARN for the OU on the Organizational * unit details page associated with that OU.

OU ARN * format:

* arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId} *

Details and examples

To * view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower *

Recording API Requests

AWS Control Tower supports AWS * CloudTrail, a service that records AWS API calls for your AWS account and * delivers log files to an Amazon S3 bucket. By using information collected by * CloudTrail, you can determine which requests the AWS Control Tower service * received, who made the request and when, and so on. For more about AWS Control * Tower and its support for CloudTrail, see Logging * AWS Control Tower Actions with AWS CloudTrail in the AWS Control Tower User * Guide. To learn more about CloudTrail, including how to turn it on and find your * log files, see the AWS CloudTrail User Guide.

*/ class AWS_CONTROLTOWER_API ControlTowerClient : public Aws::Client::AWSJsonClient, public Aws::Client::ClientWithAsyncTemplateMethods { public: typedef Aws::Client::AWSJsonClient BASECLASS; static const char* SERVICE_NAME; static const char* ALLOCATION_TAG; typedef ControlTowerClientConfiguration ClientConfigurationType; typedef ControlTowerEndpointProvider EndpointProviderType; /** * Initializes client to use DefaultCredentialProviderChain, with default http client factory, and optional client config. If client config * is not specified, it will be initialized to default values. */ ControlTowerClient(const Aws::ControlTower::ControlTowerClientConfiguration& clientConfiguration = Aws::ControlTower::ControlTowerClientConfiguration(), std::shared_ptr endpointProvider = Aws::MakeShared(ALLOCATION_TAG)); /** * Initializes client to use SimpleAWSCredentialsProvider, with default http client factory, and optional client config. If client config * is not specified, it will be initialized to default values. */ ControlTowerClient(const Aws::Auth::AWSCredentials& credentials, std::shared_ptr endpointProvider = Aws::MakeShared(ALLOCATION_TAG), const Aws::ControlTower::ControlTowerClientConfiguration& clientConfiguration = Aws::ControlTower::ControlTowerClientConfiguration()); /** * Initializes client to use specified credentials provider with specified client config. If http client factory is not supplied, * the default http client factory will be used */ ControlTowerClient(const std::shared_ptr& credentialsProvider, std::shared_ptr endpointProvider = Aws::MakeShared(ALLOCATION_TAG), const Aws::ControlTower::ControlTowerClientConfiguration& clientConfiguration = Aws::ControlTower::ControlTowerClientConfiguration()); /* Legacy constructors due deprecation */ /** * Initializes client to use DefaultCredentialProviderChain, with default http client factory, and optional client config. If client config * is not specified, it will be initialized to default values. */ ControlTowerClient(const Aws::Client::ClientConfiguration& clientConfiguration); /** * Initializes client to use SimpleAWSCredentialsProvider, with default http client factory, and optional client config. If client config * is not specified, it will be initialized to default values. */ ControlTowerClient(const Aws::Auth::AWSCredentials& credentials, const Aws::Client::ClientConfiguration& clientConfiguration); /** * Initializes client to use specified credentials provider with specified client config. If http client factory is not supplied, * the default http client factory will be used */ ControlTowerClient(const std::shared_ptr& credentialsProvider, const Aws::Client::ClientConfiguration& clientConfiguration); /* End of legacy constructors due deprecation */ virtual ~ControlTowerClient(); /** *

This API call turns off a control. It starts an asynchronous operation that * deletes AWS resources on the specified organizational unit and the accounts it * contains. The resources will vary according to the control that you * specify.

See Also:

See Also:

See Also:

See Also: