ControlTower / Paginator / ListEnabledControls

ListEnabledControls

class ControlTower.Paginator.ListEnabledControls
paginator = client.get_paginator('list_enabled_controls')
paginate(**kwargs)

Creates an iterator that will paginate through responses from ControlTower.Client.list_enabled_controls().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    targetIdentifier='string',
    filter={
        'controlIdentifiers': [
            'string',
        ],
        'statuses': [
            'SUCCEEDED'|'FAILED'|'UNDER_CHANGE',
        ],
        'driftStatuses': [
            'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN',
        ],
        'parentIdentifiers': [
            'string',
        ],
        'inheritanceDriftStatuses': [
            'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN',
        ],
        'resourceDriftStatuses': [
            'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN',
        ]
    },
    includeChildren=True|False,
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters:

  • targetIdentifier (string) – The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

  • filter (dict) –

    An input filter for the ListEnabledControls API that lets you select the types of control operations to view.

    • controlIdentifiers (list) –

      The set of controlIdentifier returned by the filter.

      • (string) –

    • statuses (list) –

      A list of EnablementStatus items.

      • (string) –

    • driftStatuses (list) –

      A list of DriftStatus items.

      • (string) –

    • parentIdentifiers (list) –

      Filters enabled controls by their parent control identifiers, allowing you to find child controls of specific parent controls.

      • (string) –

    • inheritanceDriftStatuses (list) –

      Filters enabled controls by their inheritance drift status, allowing you to find controls with specific inheritance-related drift conditions.

      • (string) –

    • resourceDriftStatuses (list) –

      Filters enabled controls by their resource drift status, allowing you to find controls with specific resource-related drift conditions.

      • (string) –

  • includeChildren (boolean) – A boolean value that determines whether to include enabled controls from child organizational units in the response.

  • PaginationConfig (dict) –

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) –

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) –

      The size of each page.

    • StartingToken (string) –

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type:

dict

Returns:

Response Syntax

{
    'enabledControls': [
        {
            'arn': 'string',
            'controlIdentifier': 'string',
            'targetIdentifier': 'string',
            'statusSummary': {
                'status': 'SUCCEEDED'|'FAILED'|'UNDER_CHANGE',
                'lastOperationIdentifier': 'string'
            },
            'driftStatusSummary': {
                'driftStatus': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN',
                'types': {
                    'inheritance': {
                        'status': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN'
                    },
                    'resource': {
                        'status': 'DRIFTED'|'IN_SYNC'|'NOT_CHECKING'|'UNKNOWN'
                    }
                }
            },
            'parentIdentifier': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) –

    • enabledControls (list) –

      Lists the controls enabled by Amazon Web Services Control Tower on the specified organizational unit and the accounts it contains.

      • (dict) –

        Returns a summary of information about an enabled control.

        • arn (string) –

          The ARN of the enabled control.

        • controlIdentifier (string) –

          The controlIdentifier of the enabled control.

        • targetIdentifier (string) –

          The ARN of the organizational unit.

        • statusSummary (dict) –

          A short description of the status of the enabled control.

          • status (string) –

            The deployment status of the enabled resource.

            Valid values:

            • SUCCEEDED: The EnabledControl or EnabledBaseline configuration was deployed successfully.

            • UNDER_CHANGE: The EnabledControl or EnabledBaseline configuration is changing.

            • FAILED: The EnabledControl or EnabledBaseline configuration failed to deploy.

          • lastOperationIdentifier (string) –

            The last operation identifier for the enabled resource.

        • driftStatusSummary (dict) –

          The drift status of the enabled control.

          • driftStatus (string) –

            The drift status of the enabled control.

            Valid values:

            • DRIFTED: The enabledControl deployed in this configuration doesn’t match the configuration that Amazon Web Services Control Tower expected.

            • IN_SYNC: The enabledControl deployed in this configuration matches the configuration that Amazon Web Services Control Tower expected.

            • NOT_CHECKING: Amazon Web Services Control Tower does not check drift for this enabled control. Drift is not supported for the control type.

            • UNKNOWN: Amazon Web Services Control Tower is not able to check the drift status for the enabled control.

          • types (dict) –

            An object that categorizes the different types of drift detected for the enabled control.

            • inheritance (dict) –

              Indicates drift related to inheritance configuration between parent and child controls.

              • status (string) –

                The status of inheritance drift for the enabled control, indicating whether inheritance configuration matches expectations.

            • resource (dict) –

              Indicates drift related to the underlying Amazon Web Services resources managed by the control.

              • status (string) –

                The status of resource drift for the enabled control, indicating whether the underlying resources match the expected configuration.

        • parentIdentifier (string) –

          The ARN of the parent enabled control from which this control inherits its configuration, if applicable.

    • NextToken (string) –

      A token to resume pagination.