Module types 

Data structures used by operation inputs/outputs.

Modules

builders

Builders

error

Error types that AWS Control Tower can respond with.

Structs

BaselineOperation

An object of shape BaselineOperation, returning details about the specified Baseline operation ID.

BaselineSummary

Returns a summary of information about a Baseline object.

ControlOperation

An operation performed by the control.

ControlOperationFilter

A filter object that lets you call ListControlOperations with a specific filter.

ControlOperationSummary

A summary of information about the specified control operation.

DriftStatusSummary

The drift summary of the enabled control.

Amazon Web Services Control Tower expects the enabled control configuration to include all supported and governed Regions. If the enabled control differs from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.

EnabledBaselineDetails

Details of the EnabledBaseline resource.

EnabledBaselineDriftStatusSummary

The drift summary of the enabled baseline. Amazon Web Services Control Tower reports inheritance drift when an enabled baseline configuration of a member account is different than the configuration that applies to the OU. Amazon Web Services Control Tower reports this type of drift for a parent or child enabled baseline. One way to repair this drift by resetting the parent enabled baseline, on the OU.

For example, you may see this type of drift if you move accounts between OUs, but the accounts are not yet (re-)enrolled.

EnabledBaselineDriftTypes

The types of drift that can be detected for an enabled baseline.

• Amazon Web Services Control Tower detects inheritance drift on the enabled baselines that target OUs: AWSControlTowerBaseline and BackupBaseline.

• Amazon Web Services Control Tower does not detect drift on the baselines that apply to your landing zone: IdentityCenterBaseline, AuditBaseline, LogArchiveBaseline, BackupCentralVaultBaseline, or BackupAdminBaseline. For more information, see Types of baselines.

Baselines enabled on an OU are inherited by its member accounts as child EnabledBaseline resources. The baseline on the OU serves as the parent EnabledBaseline, which governs the configuration of each child EnabledBaseline.

If the baseline configuration of a member account in an OU does not match the configuration of the parent OU, the parent and child baseline is in a state of inheritance drift. This drift could occur in the AWSControlTowerBaseline or the BackupBaseline related to that account.

EnabledBaselineFilter

A filter applied on the ListEnabledBaseline operation. Allowed filters are baselineIdentifiers and targetIdentifiers. The filter can be applied for either, or both.

EnabledBaselineInheritanceDrift

The inheritance drift summary for the enabled baseline. Inheritance drift occurs when any accounts in the target OU do not match the baseline configuration defined on that OU.

EnabledBaselineParameter

A key-value parameter to an EnabledBaseline resource.

EnabledBaselineParameterSummary

Summary of an applied parameter to an EnabledBaseline resource.

EnabledBaselineSummary

Returns a summary of information about an EnabledBaseline object.

EnabledControlDetails

Information about the enabled control.

EnabledControlDriftTypes

Defines the various categories of drift that can occur for an enabled control resource.

EnabledControlFilter

A structure that returns a set of control identifiers, the control status for each control in the set, and the drift status for each control in the set.

EnabledControlInheritanceDrift

Represents drift information related to control inheritance between organizational units.

EnabledControlParameter

A key/value pair, where Key is of type String and Value is of type Document.

EnabledControlParameterSummary

Returns a summary of information about the parameters of an enabled control.

EnabledControlResourceDrift

Represents drift information related to the underlying Amazon Web Services resources managed by the control.

EnabledControlSummary

Returns a summary of information about an enabled control.

EnablementStatusSummary

The deployment summary of an EnabledControl or EnabledBaseline resource.

LandingZoneDetail

Information about the landing zone.

LandingZoneDriftStatusSummary

The drift status summary of the landing zone.

If the landing zone differs from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the landing zone.

LandingZoneOperationDetail

Information about a landing zone operation.

LandingZoneOperationFilter

A filter object that lets you call ListLandingZoneOperations with a specific filter.

LandingZoneOperationSummary

Returns a summary of information about a landing zone operation.

LandingZoneSummary

Returns a summary of information about a landing zone.

Region

An Amazon Web Services Region in which Amazon Web Services Control Tower expects to find the control deployed.

The expected Regions are based on the Regions that are governed by the landing zone. In certain cases, a control is not actually enabled in the Region as expected, such as during drift, or mixed governance.

Enums

BaselineOperationStatus

When writing a match expression against BaselineOperationStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

BaselineOperationType

When writing a match expression against BaselineOperationType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ControlOperationStatus

When writing a match expression against ControlOperationStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ControlOperationType

When writing a match expression against ControlOperationType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

DriftStatus

When writing a match expression against DriftStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

EnabledBaselineDriftStatus

When writing a match expression against EnabledBaselineDriftStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

EnablementStatus

When writing a match expression against EnablementStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

LandingZoneDriftStatus

When writing a match expression against LandingZoneDriftStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

LandingZoneOperationStatus

When writing a match expression against LandingZoneOperationStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

LandingZoneOperationType

When writing a match expression against LandingZoneOperationType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

LandingZoneStatus

When writing a match expression against LandingZoneStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

RemediationType

When writing a match expression against RemediationType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.