Decommissions a landing zone. This API call starts an asynchronous operation that deletes Amazon Web Services Control Tower resources deployed in accounts managed by Amazon Web Services Control Tower.
", "idempotent":true }, + "DisableBaseline":{ + "name":"DisableBaseline", + "http":{ + "method":"POST", + "requestUri":"/disable-baseline", + "responseCode":200 + }, + "input":{"shape":"DisableBaselineInput"}, + "output":{"shape":"DisableBaselineOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Disable an EnabledBaseline resource on the specified Target. This API starts an asynchronous operation to remove all resources deployed as part of the baseline enablement. The resource will vary depending on the enabled baseline.
This API call turns off a control. It starts an asynchronous operation that deletes Amazon Web Services resources on the specified organizational unit and the accounts it contains. The resources will vary according to the control that you specify. For usage examples, see the Amazon Web Services Control Tower User Guide .
" + "documentation":"This API call turns off a control. It starts an asynchronous operation that deletes AWS resources on the specified organizational unit and the accounts it contains. The resources will vary according to the control that you specify. For usage examples, see the Amazon Web Services Control Tower User Guide .
" + }, + "EnableBaseline":{ + "name":"EnableBaseline", + "http":{ + "method":"POST", + "requestUri":"/enable-baseline", + "responseCode":200 + }, + "input":{"shape":"EnableBaselineInput"}, + "output":{"shape":"EnableBaselineOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Enable (apply) a Baseline to a Target. This API starts an asynchronous operation to deploy resources specified by the Baseline to the specified Target.
This API call activates a control. It starts an asynchronous operation that creates Amazon Web Services resources on the specified organizational unit and the accounts it contains. The resources created will vary according to the control that you specify. For usage examples, see the Amazon Web Services Control Tower User Guide .
" }, + "GetBaseline":{ + "name":"GetBaseline", + "http":{ + "method":"POST", + "requestUri":"/get-baseline", + "responseCode":200 + }, + "input":{"shape":"GetBaselineInput"}, + "output":{"shape":"GetBaselineOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Retrieve details about an existing Baseline resource by specifying its identifier.
Returns the details of an asynchronous baseline operation, as initiated by any of these APIs: EnableBaseline, DisableBaseline, UpdateEnabledBaseline, ResetEnabledBaseline. A status message is displayed in case of operation failure.
Returns the status of a particular EnableControl or DisableControl operation. Displays a message in case of error. Details for an operation are available for 90 days. For usage examples, see the Amazon Web Services Control Tower User Guide .
Retrieve details of an EnabledBaseline resource by specifying its identifier.
Returns the status of the specified landing zone operation. Details for an operation are available for 60 days.
" }, + "ListBaselines":{ + "name":"ListBaselines", + "http":{ + "method":"POST", + "requestUri":"/list-baselines", + "responseCode":200 + }, + "input":{"shape":"ListBaselinesInput"}, + "output":{"shape":"ListBaselinesOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Returns a summary list of all available baselines.
" + }, + "ListEnabledBaselines":{ + "name":"ListEnabledBaselines", + "http":{ + "method":"POST", + "requestUri":"/list-enabled-baselines", + "responseCode":200 + }, + "input":{"shape":"ListEnabledBaselinesInput"}, + "output":{"shape":"ListEnabledBaselinesOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Returns a list of summaries describing EnabledBaseline resources. You can filter the list by the corresponding Baseline or Target of the EnabledBaseline resources.
Returns a list of tags associated with the resource. For usage examples, see the Amazon Web Services Control Tower User Guide .
" }, + "ResetEnabledBaseline":{ + "name":"ResetEnabledBaseline", + "http":{ + "method":"POST", + "requestUri":"/reset-enabled-baseline", + "responseCode":200 + }, + "input":{"shape":"ResetEnabledBaselineInput"}, + "output":{"shape":"ResetEnabledBaselineOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Re-enables an EnabledBaseline resource. For example, this API can re-apply the existing Baseline after a new member account is moved to the target OU.
Removes tags from a resource. For usage examples, see the Amazon Web Services Control Tower User Guide .
" }, + "UpdateEnabledBaseline":{ + "name":"UpdateEnabledBaseline", + "http":{ + "method":"POST", + "requestUri":"/update-enabled-baseline", + "responseCode":200 + }, + "input":{"shape":"UpdateEnabledBaselineInput"}, + "output":{"shape":"UpdateEnabledBaselineOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Updates an EnabledBaseline resource's applied parameters or version.
The end time of the operation (if applicable), in ISO 8601 format.
" + }, + "operationIdentifier":{ + "shape":"OperationIdentifier", + "documentation":"The identifier of the specified operation.
" + }, + "operationType":{ + "shape":"BaselineOperationType", + "documentation":"An enumerated type (enum) with possible values of ENABLE_BASELINE, DISABLE_BASELINE, UPDATE_ENABLED_BASELINE, or RESET_ENABLED_BASELINE.
The start time of the operation, in ISO 8601 format.
" + }, + "status":{ + "shape":"BaselineOperationStatus", + "documentation":"An enumerated type (enum) with possible values of SUCCEEDED, FAILED, or IN_PROGRESS.
A status message that gives more information about the operation's status, if applicable.
" + } + }, + "documentation":"An object of shape BaselineOperation, returning details about the specified Baseline operation ID.
The full ARN of a Baseline.
" + }, + "description":{ + "shape":"String", + "documentation":"A summary description of a Baseline.
" + }, + "name":{ + "shape":"String", + "documentation":"The human-readable name of a Baseline.
" + } + }, + "documentation":"Returns a summary of information about a Baseline object.
The manifest JSON file is a text file that describes your Amazon Web Services resources. For examples, review Launch your landing zone.
" + "documentation":"The manifest.yaml file is a text file that describes your Amazon Web Services resources. For examples, review The manifest file.
" }, "tags":{ "shape":"TagMap", @@ -443,6 +695,26 @@ } } }, + "DisableBaselineInput":{ + "type":"structure", + "required":["enabledBaselineIdentifier"], + "members":{ + "enabledBaselineIdentifier":{ + "shape":"Arn", + "documentation":"Identifier of the EnabledBaseline resource to be deactivated, in ARN format.
The ID (in UUID format) of the asynchronous DisableBaseline operation. This operationIdentifier is used to track status through calls to the GetBaselineOperation API.
The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the landing zone Region deny control. For information on how to find the controlIdentifier, see the overview page.
The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny control. For information on how to find the controlIdentifier, see the overview page.
The drift summary of the enabled control.
Amazon Web Services Control Tower expects the enabled control configuration to include all supported and governed Regions. If the enabled control differs from the expected configuration, it is defined to be in a state of drift. You can repair this drift by resetting the enabled control.
" }, + "EnableBaselineInput":{ + "type":"structure", + "required":[ + "baselineIdentifier", + "baselineVersion", + "targetIdentifier" + ], + "members":{ + "baselineIdentifier":{ + "shape":"Arn", + "documentation":"The ARN of the baseline to be enabled.
" + }, + "baselineVersion":{ + "shape":"BaselineVersion", + "documentation":"The specific version to be enabled of the specified baseline.
" + }, + "parameters":{ + "shape":"EnabledBaselineParameters", + "documentation":"A list of key-value objects that specify enablement parameters, where key is a string and value is a document of any type.
Tags associated with input to EnableBaseline.
The ARN of the target on which the baseline will be enabled. Only OUs are supported as targets.
" + } + } + }, + "EnableBaselineOutput":{ + "type":"structure", + "required":[ + "arn", + "operationIdentifier" + ], + "members":{ + "arn":{ + "shape":"Arn", + "documentation":"The ARN of the EnabledBaseline resource.
The ID (in UUID format) of the asynchronous EnableBaseline operation. This operationIdentifier is used to track status through calls to the GetBaselineOperation API.
The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the landing zone Region deny control. For information on how to find the controlIdentifier, see the overview page.
The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny control. For information on how to find the controlIdentifier, see the overview page.
An array of EnabledControlParameter objects
A list of input parameter values, which are specified to configure the control when you enable it.
" }, "tags":{ "shape":"TagMap", @@ -534,6 +853,148 @@ } } }, + "EnabledBaselineBaselineIdentifiers":{ + "type":"list", + "member":{"shape":"Arn"}, + "max":5, + "min":1 + }, + "EnabledBaselineDetails":{ + "type":"structure", + "required":[ + "arn", + "baselineIdentifier", + "statusSummary", + "targetIdentifier" + ], + "members":{ + "arn":{ + "shape":"Arn", + "documentation":"The ARN of the EnabledBaseline resource.
The specific Baseline enabled as part of the EnabledBaseline resource.
The enabled version of the Baseline.
Shows the parameters that are applied when enabling this Baseline.
The target on which to enable the Baseline.
Details of the EnabledBaseline resource.
Identifiers for the Baseline objects returned as part of the filter operation.
Identifiers for the targets of the Baseline filter operation.
A filter applied on the ListEnabledBaseline operation. Allowed filters are baselineIdentifiers and targetIdentifiers. The filter can be applied for either, or both.
A string denoting the parameter key.
" + }, + "value":{ + "shape":"EnabledBaselineParameterDocument", + "documentation":"A low-level Document object of any type (for example, a Java Object).
A key-value parameter to an EnabledBaseline resource.
A string denoting the parameter key.
" + }, + "value":{ + "shape":"EnabledBaselineParameterDocument", + "documentation":"A low-level document object of any type (for example, a Java Object).
" + } + }, + "documentation":"Summary of an applied parameter to an EnabledBaseline resource.
The ARN of the EnabledBaseline resource
The specific baseline that is enabled as part of the EnabledBaseline resource.
The enabled version of the baseline.
" + }, + "statusSummary":{"shape":"EnablementStatusSummary"}, + "targetIdentifier":{ + "shape":"String", + "documentation":"The target upon which the baseline is enabled.
" + } + }, + "documentation":"Returns a summary of information about an EnabledBaseline object.
The key of a key/value pair. It is of type string.
The key of a key/value pair.
" }, "value":{ "shape":"Document", - "documentation":"The value of a key/value pair. It can be of type array string, number, object, or boolean.
The value of a key/value pair.
" } }, - "documentation":" A set of parameters that configure the behavior of the enabled control. A key/value pair, where Key is of type String and Value is of type Document.
A key/value pair, where Key is of type String and Value is of type Document.
The deployment summary of the enabled control.
" }, + "GetBaselineInput":{ + "type":"structure", + "required":["baselineIdentifier"], + "members":{ + "baselineIdentifier":{ + "shape":"BaselineArn", + "documentation":"The ARN of the Baseline resource to be retrieved.
The operation ID returned from mutating asynchronous APIs (Enable, Disable, Update, Reset).
" + } + } + }, + "GetBaselineOperationOutput":{ + "type":"structure", + "required":["baselineOperation"], + "members":{ + "baselineOperation":{ + "shape":"BaselineOperation", + "documentation":"A baselineOperation object that shows information about the specified operation ID.
The baseline ARN.
" + }, + "description":{ + "shape":"String", + "documentation":"A description of the baseline.
" + }, + "name":{ + "shape":"String", + "documentation":"A user-friendly name for the baseline.
" + } + } + }, "GetControlOperationInput":{ "type":"structure", "required":["operationIdentifier"], @@ -684,6 +1196,25 @@ } } }, + "GetEnabledBaselineInput":{ + "type":"structure", + "required":["enabledBaselineIdentifier"], + "members":{ + "enabledBaselineIdentifier":{ + "shape":"Arn", + "documentation":"Identifier of the EnabledBaseline resource to be retrieved, in ARN format.
Details of the EnabledBaseline resource.
The landing zone manifest JSON text file that specifies the landing zone configurations.
" + "documentation":"The landing zone manifest.yaml text file that specifies the landing zone configurations.
The landing zone deployment status.
" + "documentation":"The landing zone deployment status. One of ACTIVE, PROCESSING, FAILED.
The maximum number of results to be shown.
" + }, + "nextToken":{ + "shape":"String", + "documentation":"A pagination token.
" + } + } + }, + "ListBaselinesMaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":4 + }, + "ListBaselinesOutput":{ + "type":"structure", + "required":["baselines"], + "members":{ + "baselines":{ + "shape":"Baselines", + "documentation":"A list of Baseline object details.
A pagination token.
" + } + } + }, + "ListEnabledBaselinesInput":{ + "type":"structure", + "members":{ + "filter":{ + "shape":"EnabledBaselineFilter", + "documentation":"A filter applied on the ListEnabledBaseline operation. Allowed filters are baselineIdentifiers and targetIdentifiers. The filter can be applied for either, or both.
The maximum number of results to be shown.
" + }, + "nextToken":{ + "shape":"ListEnabledBaselinesNextToken", + "documentation":"A pagination token.
" + } + } + }, + "ListEnabledBaselinesMaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":5 + }, + "ListEnabledBaselinesNextToken":{ + "type":"string", + "pattern":"\\S+" + }, + "ListEnabledBaselinesOutput":{ + "type":"structure", + "required":["enabledBaselines"], + "members":{ + "enabledBaselines":{ + "shape":"EnabledBaselines", + "documentation":"Retuens a list of summaries of EnabledBaseline resources.
A pagination token.
" + } + } + }, "ListEnabledControlsInput":{ "type":"structure", "required":["targetIdentifier"], @@ -1004,6 +1609,26 @@ "max":50, "min":1 }, + "ResetEnabledBaselineInput":{ + "type":"structure", + "required":["enabledBaselineIdentifier"], + "members":{ + "enabledBaselineIdentifier":{ + "shape":"Arn", + "documentation":"Specifies the ID of the EnabledBaseline resource to be re-enabled, in ARN format.
The ID (in UUID format) of the asynchronous ResetEnabledBaseline operation. This operationIdentifier is used to track status through calls to the GetBaselineOperation API.
The number of seconds to wait before retrying.
", + "documentation":"The number of seconds the caller should wait before retrying.
", "location":"header", "locationName":"Retry-After" }, "serviceCode":{ "shape":"String", - "documentation":"The ID of the service that is associated with the error.
" + "documentation":"The ID of the service that is associated with the error.
" } }, "documentation":"The request was denied due to request throttling.
", @@ -1170,6 +1795,37 @@ "members":{ } }, + "UpdateEnabledBaselineInput":{ + "type":"structure", + "required":[ + "baselineVersion", + "enabledBaselineIdentifier" + ], + "members":{ + "baselineVersion":{ + "shape":"BaselineVersion", + "documentation":"Specifies the new Baseline version, to which the EnabledBaseline should be updated.
Specifies the EnabledBaseline resource to be updated.
Parameters to apply when making an update.
" + } + } + }, + "UpdateEnabledBaselineOutput":{ + "type":"structure", + "required":["operationIdentifier"], + "members":{ + "operationIdentifier":{ + "shape":"OperationIdentifier", + "documentation":"The ID (in UUID format) of the asynchronous UpdateEnabledBaseline operation. This operationIdentifier is used to track status through calls to the GetBaselineOperation API.
The manifest JSON file is a text file that describes your Amazon Web Services resources. For examples, review Launch your landing zone.
" + "documentation":"The manifest.yaml file is a text file that describes your Amazon Web Services resources. For examples, review The manifest file.