ctower is a CLI application for managing GuardRail Controls across Organizational Units on AWS Control Tower.
pip3 install ctower# export your aws cli profile and region
export AWS_REGION=eu-west-1
export AWS_PROFILE=default
# list organizational units in your AWS Organization
ctower ls organizational-units
# List all available GuardRail Controls
ctower ls controls all
# List enabled controls for an organizational unit
ctower ls enabled-controls -ou <organizational-unit-name>
# Apply a singular GuardRail Control to an organizational unit
ctower apply control --to-organizational-unit <ou-name> --control-id <control-id>
# Apply `Strongly Recommended` GuardRail Controls to specified Organizational Unit
ctower apply strongly-recommended -ou <organizational-unit-name>
# Remove a GuardRail Control from an organizational unit
ctower remove control --to-organizational-unit <ou-name> --control-id <control-id>
# Sync(mirror) `--from-organizational-unit` controls to `--to-organizational-unit`
ctower sync --from-organizational-unit <ou-from> --to-organizational-unit <ou-to># get and set the PYPI_USERNAME, PYPI_PASSWORD
poetry publish --build --username $PYPI_USERNAME --password $PYPI_PASSWORD# generate CLI application documentation
poetry shell
typer ctower.main utils docs --name ctower --output CLI-README.mdUsage:
$ ctower [OPTIONS] COMMAND [ARGS]...Options:
--install-completion: Install completion for the current shell.--show-completion: Show completion for the current shell, to copy it or customize the installation.--help: Show this message and exit.
Commands:
applylsremovesync
Usage:
$ ctower apply [OPTIONS] COMMAND [ARGS]...Options:
--help: Show this message and exit.
Commands:
controlstrongly-recommended
Usage:
$ ctower apply control [OPTIONS]Options:
-ou, --organizational-unit TEXT: ID or Name of Organizational Unit to get the controls from. [required]-cid, --control-id TEXT: Control Identifier. Try:ls controls allcommand [required]--help: Show this message and exit.
Usage:
$ ctower apply strongly-recommended [OPTIONS]Options:
-ou, --organizational-unit TEXT: ID or Name of Organizational Unit to apply GuardRail controls. Try:ls organizational-unitscommand [required]--help: Show this message and exit.
Usage:
$ ctower ls [OPTIONS] COMMAND [ARGS]...Options:
--help: Show this message and exit.
Commands:
controlsenabled-controlsorganizational-units
Usage:
$ ctower ls controls [OPTIONS] COMMAND [ARGS]...Options:
--help: Show this message and exit.
Commands:
alldata-residencyelectivestrongly-recommended
Usage:
$ ctower ls controls all [OPTIONS]Options:
--help: Show this message and exit.
Usage:
$ ctower ls controls data-residency [OPTIONS]Options:
--help: Show this message and exit.
Usage:
$ ctower ls controls elective [OPTIONS]Options:
--help: Show this message and exit.
Usage:
$ ctower ls controls strongly-recommended [OPTIONS]Options:
--help: Show this message and exit.
Usage:
$ ctower ls enabled-controls [OPTIONS]Options:
-ou, --organizational-unit TEXT: ID or Name of Organizational Unit to list its enabled controls. Try:ls organizational-unitscommand [required]--help: Show this message and exit.
Usage:
$ ctower ls organizational-units [OPTIONS]Options:
--help: Show this message and exit.
Usage:
$ ctower remove [OPTIONS] COMMAND [ARGS]...Options:
--help: Show this message and exit.
Usage:
$ ctower sync [OPTIONS]Options:
-fou, --from-organizational-unit TEXT: ID or Name of Organizational Unit to get the controls from. [required]-tou, --to-organizational-unit TEXT: ID or Name of Organizational Unit to apply GuardRail controls to. [required]--help: Show this message and exit.
Screenshots:
- List Organizational Units for current Organization
