*
* These interfaces allow you to apply the AWS library of pre-defined controls to your organizational units, * programmatically. In this context, controls are the same as AWS Control Tower guardrails. *
** To call these APIs, you'll need to know: *
*
* the ControlARN for the control--that is, the guardrail--you are targeting,
*
* and the ARN associated with the target organizational unit (OU). *
*
* To get the ControlARN for your AWS Control Tower guardrail:
*
* The ControlARN contains the control name which is specified in each guardrail. For a list of control
* names for Strongly recommended and Elective guardrails, see Resource identifiers
* for APIs and guardrails in the Automating tasks section
* of the AWS Control Tower User Guide. Remember that Mandatory guardrails cannot be added or removed.
*
* ARN format: arn:aws:controltower:{REGION}::control/{CONTROL_NAME}
*
* Example: *
*
* arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED
*
* To get the ARN for an OU: *
** In the AWS Organizations console, you can find the ARN for the OU on the Organizational unit details page * associated with that OU. *
** OU ARN format: *
*
* arn:${Partition}:organizations::${MasterAccountId}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}
*
* Details and examples *
** * Creating AWS Control Tower resources with AWS CloudFormation *
** To view the open source resource repository on GitHub, see aws-cloudformation/aws-cloudformation-resource-providers-controltower *
** Recording API Requests *
** AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your AWS account and delivers log * files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the AWS * Control Tower service received, who made the request and when, and so on. For more about AWS Control Tower and its * support for CloudTrail, see Logging AWS Control * Tower Actions with AWS CloudTrail in the AWS Control Tower User Guide. To learn more about CloudTrail, including * how to turn it on and find your log files, see the AWS CloudTrail User Guide. *
*/ @ThreadSafe @Generated("com.amazonaws:aws-java-sdk-code-generator") public class AWSControlTowerClient extends AmazonWebServiceClient implements AWSControlTower { /** Provider for AWS credentials. */ private final AWSCredentialsProvider awsCredentialsProvider; private static final Log log = LogFactory.getLog(AWSControlTower.class); /** Default signing name for the service. */ private static final String DEFAULT_SIGNING_NAME = "controltower"; /** Client configuration factory providing ClientConfigurations tailored to this client */ protected static final ClientConfigurationFactory configFactory = new ClientConfigurationFactory(); private final AdvancedConfig advancedConfig; private static final com.amazonaws.protocol.json.SdkJsonProtocolFactory protocolFactory = new com.amazonaws.protocol.json.SdkJsonProtocolFactory( new JsonClientMetadata() .withProtocolVersion("1.1") .withSupportsCbor(false) .withSupportsIon(false) .withContentTypeOverride("application/json") .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("AccessDeniedException").withExceptionUnmarshaller( com.amazonaws.services.controltower.model.transform.AccessDeniedExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("ValidationException").withExceptionUnmarshaller( com.amazonaws.services.controltower.model.transform.ValidationExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("ConflictException").withExceptionUnmarshaller( com.amazonaws.services.controltower.model.transform.ConflictExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("InternalServerException").withExceptionUnmarshaller( com.amazonaws.services.controltower.model.transform.InternalServerExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("ThrottlingException").withExceptionUnmarshaller( com.amazonaws.services.controltower.model.transform.ThrottlingExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("ServiceQuotaExceededException").withExceptionUnmarshaller( com.amazonaws.services.controltower.model.transform.ServiceQuotaExceededExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("ResourceNotFoundException").withExceptionUnmarshaller( com.amazonaws.services.controltower.model.transform.ResourceNotFoundExceptionUnmarshaller.getInstance())) .withBaseServiceExceptionClass(com.amazonaws.services.controltower.model.AWSControlTowerException.class)); public static AWSControlTowerClientBuilder builder() { return AWSControlTowerClientBuilder.standard(); } /** * Constructs a new client to invoke service methods on AWS Control Tower using the specified parameters. * ** All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @param clientParams * Object providing client parameters. */ AWSControlTowerClient(AwsSyncClientParams clientParams) { this(clientParams, false); } /** * Constructs a new client to invoke service methods on AWS Control Tower using the specified parameters. * *
* All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @param clientParams * Object providing client parameters. */ AWSControlTowerClient(AwsSyncClientParams clientParams, boolean endpointDiscoveryEnabled) { super(clientParams); this.awsCredentialsProvider = clientParams.getCredentialsProvider(); this.advancedConfig = clientParams.getAdvancedConfig(); init(); } private void init() { setServiceNameIntern(DEFAULT_SIGNING_NAME); setEndpointPrefix(ENDPOINT_PREFIX); // calling this.setEndPoint(...) will also modify the signer accordingly setEndpoint("controltower.us-east-1.amazonaws.com"); HandlerChainFactory chainFactory = new HandlerChainFactory(); requestHandler2s.addAll(chainFactory.newRequestHandlerChain("/com/amazonaws/services/controltower/request.handlers")); requestHandler2s.addAll(chainFactory.newRequestHandler2Chain("/com/amazonaws/services/controltower/request.handler2s")); requestHandler2s.addAll(chainFactory.getGlobalHandlers()); } /** *
* This API call turns off a control. It starts an asynchronous operation that deletes AWS resources on the * specified organizational unit and the accounts it contains. The resources will vary according to the control that * you specify. *
* * @param disableControlRequest * @return Result of the DisableControl operation returned by the service. * @throws ValidationException * The input fails to satisfy the constraints specified by an AWS service. * @throws ConflictException * Updating or deleting a resource can cause an inconsistent state. * @throws ServiceQuotaExceededException * Request would cause a service quota to be exceeded. The limit is 10 concurrent operations. * @throws InternalServerException * Unexpected error during processing of request. * @throws AccessDeniedException * User does not have sufficient access to perform this action. * @throws ThrottlingException * Request was denied due to request throttling. * @throws ResourceNotFoundException * Request references a resource which does not exist. * @sample AWSControlTower.DisableControl * @see AWS * API Documentation */ @Override public DisableControlResult disableControl(DisableControlRequest request) { request = beforeClientExecution(request); return executeDisableControl(request); } @SdkInternalApi final DisableControlResult executeDisableControl(DisableControlRequest disableControlRequest) { ExecutionContext executionContext = createExecutionContext(disableControlRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request* This API call activates a control. It starts an asynchronous operation that creates AWS resources on the * specified organizational unit and the accounts it contains. The resources created will vary according to the * control that you specify. *
* * @param enableControlRequest * @return Result of the EnableControl operation returned by the service. * @throws ValidationException * The input fails to satisfy the constraints specified by an AWS service. * @throws ConflictException * Updating or deleting a resource can cause an inconsistent state. * @throws ServiceQuotaExceededException * Request would cause a service quota to be exceeded. The limit is 10 concurrent operations. * @throws InternalServerException * Unexpected error during processing of request. * @throws AccessDeniedException * User does not have sufficient access to perform this action. * @throws ThrottlingException * Request was denied due to request throttling. * @throws ResourceNotFoundException * Request references a resource which does not exist. * @sample AWSControlTower.EnableControl * @see AWS API * Documentation */ @Override public EnableControlResult enableControl(EnableControlRequest request) { request = beforeClientExecution(request); return executeEnableControl(request); } @SdkInternalApi final EnableControlResult executeEnableControl(EnableControlRequest enableControlRequest) { ExecutionContext executionContext = createExecutionContext(enableControlRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request
* Returns the status of a particular EnableControl or DisableControl operation. Displays
* a message in case of error. Details for an operation are available for 90 days.
*
* Lists the controls enabled by AWS Control Tower on the specified organizational unit and the accounts it * contains. *
* * @param listEnabledControlsRequest * @return Result of the ListEnabledControls operation returned by the service. * @throws ValidationException * The input fails to satisfy the constraints specified by an AWS service. * @throws InternalServerException * Unexpected error during processing of request. * @throws AccessDeniedException * User does not have sufficient access to perform this action. * @throws ThrottlingException * Request was denied due to request throttling. * @throws ResourceNotFoundException * Request references a resource which does not exist. * @sample AWSControlTower.ListEnabledControls * @see AWS API Documentation */ @Override public ListEnabledControlsResult listEnabledControls(ListEnabledControlsRequest request) { request = beforeClientExecution(request); return executeListEnabledControls(request); } @SdkInternalApi final ListEnabledControlsResult executeListEnabledControls(ListEnabledControlsRequest listEnabledControlsRequest) { ExecutionContext executionContext = createExecutionContext(listEnabledControlsRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request
* Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic
* information for an executed request, you should use this method to retrieve it as soon as possible after
* executing the request.
*
* @param request
* The originally executed request
*
* @return The response metadata for the specified request, or null if none is available.
*/
public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request) {
return client.getResponseMetadataForRequest(request);
}
/**
* Normal invoke with authentication. Credentials are required and may be overriden at the request level.
**/
private