* Note: Do not directly implement this interface, new methods are added to it regularly. Extend from * {@link com.amazonaws.services.controltower.AbstractAWSControlTower} instead. *
**
* These interfaces allow you to apply the AWS library of pre-defined controls to your organizational units, * programmatically. In this context, controls are the same as AWS Control Tower guardrails. *
** To call these APIs, you'll need to know: *
*
* the ControlARN for the control--that is, the guardrail--you are targeting,
*
* and the ARN associated with the target organizational unit (OU). *
*
* To get the ControlARN for your AWS Control Tower guardrail:
*
* The ControlARN contains the control name which is specified in each guardrail. For a list of control
* names for Strongly recommended and Elective guardrails, see Resource identifiers
* for APIs and guardrails in the Automating tasks section
* of the AWS Control Tower User Guide. Remember that Mandatory guardrails cannot be added or removed.
*
* ARN format: arn:aws:controltower:{REGION}::control/{CONTROL_NAME}
*
* Example: *
*
* arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED
*
* To get the ARN for an OU: *
** In the AWS Organizations console, you can find the ARN for the OU on the Organizational unit details page * associated with that OU. *
** OU ARN format: *
*
* arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}
*
* Details and examples *
** * Creating AWS Control Tower resources with AWS CloudFormation *
** To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower *
** Recording API Requests *
** AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your AWS account and delivers log * files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the AWS * Control Tower service received, who made the request and when, and so on. For more about AWS Control Tower and its * support for CloudTrail, see Logging AWS Control * Tower Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about CloudTrail, including * how to turn it on and find your log files, see the AWS CloudTrail User Guide. *
*/ @Generated("com.amazonaws:aws-java-sdk-code-generator") public interface AWSControlTower { /** * The region metadata service name for computing region endpoints. You can use this value to retrieve metadata * (such as supported regions) of the service. * * @see RegionUtils#getRegionsForService(String) */ String ENDPOINT_PREFIX = "controltower"; /** ** This API call turns off a control. It starts an asynchronous operation that deletes AWS resources on the * specified organizational unit and the accounts it contains. The resources will vary according to the control that * you specify. *
* * @param disableControlRequest * @return Result of the DisableControl operation returned by the service. * @throws ValidationException * The input fails to satisfy the constraints specified by an AWS service. * @throws ConflictException * Updating or deleting a resource can cause an inconsistent state. * @throws ServiceQuotaExceededException * Request would cause a service quota to be exceeded. The limit is 10 concurrent operations. * @throws InternalServerException * Unexpected error during processing of request. * @throws AccessDeniedException * User does not have sufficient access to perform this action. * @throws ThrottlingException * Request was denied due to request throttling. * @throws ResourceNotFoundException * Request references a resource which does not exist. * @sample AWSControlTower.DisableControl * @see AWS * API Documentation */ DisableControlResult disableControl(DisableControlRequest disableControlRequest); /** ** This API call activates a control. It starts an asynchronous operation that creates AWS resources on the * specified organizational unit and the accounts it contains. The resources created will vary according to the * control that you specify. *
* * @param enableControlRequest * @return Result of the EnableControl operation returned by the service. * @throws ValidationException * The input fails to satisfy the constraints specified by an AWS service. * @throws ConflictException * Updating or deleting a resource can cause an inconsistent state. * @throws ServiceQuotaExceededException * Request would cause a service quota to be exceeded. The limit is 10 concurrent operations. * @throws InternalServerException * Unexpected error during processing of request. * @throws AccessDeniedException * User does not have sufficient access to perform this action. * @throws ThrottlingException * Request was denied due to request throttling. * @throws ResourceNotFoundException * Request references a resource which does not exist. * @sample AWSControlTower.EnableControl * @see AWS API * Documentation */ EnableControlResult enableControl(EnableControlRequest enableControlRequest); /** *
* Returns the status of a particular EnableControl or DisableControl operation. Displays
* a message in case of error. Details for an operation are available for 90 days.
*
* Lists the controls enabled by AWS Control Tower on the specified organizational unit and the accounts it * contains. *
* * @param listEnabledControlsRequest * @return Result of the ListEnabledControls operation returned by the service. * @throws ValidationException * The input fails to satisfy the constraints specified by an AWS service. * @throws InternalServerException * Unexpected error during processing of request. * @throws AccessDeniedException * User does not have sufficient access to perform this action. * @throws ThrottlingException * Request was denied due to request throttling. * @throws ResourceNotFoundException * Request references a resource which does not exist. * @sample AWSControlTower.ListEnabledControls * @see AWS API Documentation */ ListEnabledControlsResult listEnabledControls(ListEnabledControlsRequest listEnabledControlsRequest); /** * Shuts down this client object, releasing any resources that might be held open. This is an optional method, and * callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client * has been shutdown, it should not be used to make any more requests. */ void shutdown(); /** * Returns additional metadata for a previously executed successful request, typically used for debugging issues * where a service isn't acting as expected. This data isn't considered part of the result data returned by an * operation, so it's available through this separate, diagnostic interface. ** Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic * information for an executed request, you should use this method to retrieve it as soon as possible after * executing a request. * * @param request * The originally executed request. * * @return The response metadata for the specified request, or null if none is available. */ ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request); }