:doc:`ControlTower <../../controltower>` / Client / list_enabled_controls

*********************
list_enabled_controls
*********************



.. py:method:: ControlTower.Client.list_enabled_controls(**kwargs)

  

  Lists the controls enabled by Amazon Web Services Control Tower on the specified organizational unit and the accounts it contains. For usage examples, see the `Controls Reference Guide <https://docs.aws.amazon.com/controltower/latest/controlreference/control-api-examples-short.html>`__.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/ListEnabledControls>`_  


  **Request Syntax**
  ::

    response = client.list_enabled_controls(
        targetIdentifier='string',
        nextToken='string',
        maxResults=123,
        filter={
            'controlIdentifiers': [
                'string',
            ],
            'statuses': [
                'SUCCEEDED'|'FAILED'|'UNDER_CHANGE',
            ],
            'driftStatuses': [
                'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN',
            ],
            'parentIdentifiers': [
                'string',
            ],
            'inheritanceDriftStatuses': [
                'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN',
            ],
            'resourceDriftStatuses': [
                'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN',
            ]
        },
        includeChildren=True|False
    )
    
  :type targetIdentifier: string
  :param targetIdentifier: 

    The ARN of the organizational unit. For information on how to find the ``targetIdentifier``, see `the overview page <https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html>`__.

    

  
  :type nextToken: string
  :param nextToken: 

    The token to continue the list from a previous API call with the same parameters.

    

  
  :type maxResults: integer
  :param maxResults: 

    How many results to return per API call.

    

  
  :type filter: dict
  :param filter: 

    An input filter for the ``ListEnabledControls`` API that lets you select the types of control operations to view.

    

  
    - **controlIdentifiers** *(list) --* 

      The set of ``controlIdentifier`` returned by the filter.

      

    
      - *(string) --* 

      
  
    - **statuses** *(list) --* 

      A list of ``EnablementStatus`` items.

      

    
      - *(string) --* 

      
  
    - **driftStatuses** *(list) --* 

      A list of ``DriftStatus`` items.

      

    
      - *(string) --* 

      
  
    - **parentIdentifiers** *(list) --* 

      Filters enabled controls by their parent control identifiers, allowing you to find child controls of specific parent controls.

      

    
      - *(string) --* 

      
  
    - **inheritanceDriftStatuses** *(list) --* 

      Filters enabled controls by their inheritance drift status, allowing you to find controls with specific inheritance-related drift conditions.

      

    
      - *(string) --* 

      
  
    - **resourceDriftStatuses** *(list) --* 

      Filters enabled controls by their resource drift status, allowing you to find controls with specific resource-related drift conditions.

      

    
      - *(string) --* 

      
  
  
  :type includeChildren: boolean
  :param includeChildren: 

    A boolean value that determines whether to include enabled controls from child organizational units in the response.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'enabledControls': [
              {
                  'arn': 'string',
                  'controlIdentifier': 'string',
                  'targetIdentifier': 'string',
                  'statusSummary': {
                      'status': 'SUCCEEDED'|'FAILED'|'UNDER_CHANGE',
                      'lastOperationIdentifier': 'string'
                  },
                  'driftStatusSummary': {
                      'driftStatus': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN',
                      'types': {
                          'inheritance': {
                              'status': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN'
                          },
                          'resource': {
                              'status': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN'
                          }
                      }
                  },
                  'parentIdentifier': 'string'
              },
          ],
          'nextToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **enabledControls** *(list) --* 

        Lists the controls enabled by Amazon Web Services Control Tower on the specified organizational unit and the accounts it contains.

        
        

        - *(dict) --* 

          Returns a summary of information about an enabled control.

          
          

          - **arn** *(string) --* 

            The ARN of the enabled control.

            
          

          - **controlIdentifier** *(string) --* 

            The ``controlIdentifier`` of the enabled control.

            
          

          - **targetIdentifier** *(string) --* 

            The ARN of the organizational unit.

            
          

          - **statusSummary** *(dict) --* 

            A short description of the status of the enabled control.

            
            

            - **status** *(string) --* 

              The deployment status of the enabled resource.

               

              Valid values:

               

              
              * ``SUCCEEDED``: The ``EnabledControl`` or ``EnabledBaseline`` configuration was deployed successfully.
               
              * ``UNDER_CHANGE``: The ``EnabledControl`` or ``EnabledBaseline`` configuration is changing.
               
              * ``FAILED``: The ``EnabledControl`` or ``EnabledBaseline`` configuration failed to deploy.
              

              
            

            - **lastOperationIdentifier** *(string) --* 

              The last operation identifier for the enabled resource.

              
        
          

          - **driftStatusSummary** *(dict) --* 

            The drift status of the enabled control.

            
            

            - **driftStatus** *(string) --* 

              The drift status of the enabled control.

               

              Valid values:

               

              
              * ``DRIFTED``: The ``enabledControl`` deployed in this configuration doesn’t match the configuration that Amazon Web Services Control Tower expected.
               
              * ``IN_SYNC``: The ``enabledControl`` deployed in this configuration matches the configuration that Amazon Web Services Control Tower expected.
               
              * ``NOT_CHECKING``: Amazon Web Services Control Tower does not check drift for this enabled control. Drift is not supported for the control type.
               
              * ``UNKNOWN``: Amazon Web Services Control Tower is not able to check the drift status for the enabled control.
              

              
            

            - **types** *(dict) --* 

              An object that categorizes the different types of drift detected for the enabled control.

              
              

              - **inheritance** *(dict) --* 

                Indicates drift related to inheritance configuration between parent and child controls.

                
                

                - **status** *(string) --* 

                  The status of inheritance drift for the enabled control, indicating whether inheritance configuration matches expectations.

                  
            
              

              - **resource** *(dict) --* 

                Indicates drift related to the underlying Amazon Web Services resources managed by the control.

                
                

                - **status** *(string) --* 

                  The status of resource drift for the enabled control, indicating whether the underlying resources match the expected configuration.

                  
            
          
        
          

          - **parentIdentifier** *(string) --* 

            The ARN of the parent enabled control from which this control inherits its configuration, if applicable.

            
      
    
      

      - **nextToken** *(string) --* 

        Retrieves the next page of results. If the string is empty, the response is the end of the results.

        
  
  **Exceptions**
  
  *   :py:class:`ControlTower.Client.exceptions.ValidationException`

  
  *   :py:class:`ControlTower.Client.exceptions.InternalServerException`

  
  *   :py:class:`ControlTower.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`ControlTower.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`ControlTower.Client.exceptions.ThrottlingException`

  