AWS::ControlTower::EnabledControl
The resource represents an enabled control. It specifies an asynchronous operation that creates AWS resources on the specified organizational unit and the accounts it contains. The resources created will vary according to the control that you specify.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::ControlTower::EnabledControl", "Properties" : { "ControlIdentifier" :
String
, "TargetIdentifier" :String
} }
YAML
Type: AWS::ControlTower::EnabledControl Properties: ControlIdentifier:
String
TargetIdentifier:String
Properties
ControlIdentifier
-
The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny guardrail.
Required: Yes
Type: String
Update requires: Replacement
TargetIdentifier
-
The ARN of the organizational unit.
Required: Yes
Type: String
Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the physical ID of the resource. The format is of the
form target | control
. For example:
arn:aws:organizations::123456789012:ou/o-myorg/ou-my-ouid |
arn:aws:controltower:us-west-2::control/AWS-GR_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED
For more information about using the Ref
function, see Ref.
Examples
Example
The following example creates an enabled control named MyExampleControl for an OU named ou-zzxx-zzx0zzz2.
JSON
{ "Resources": { "MyExampleControl": { "Properties": { "ControlIdentifier": "arn:aws:controltower:us-east-2::control/EXAMPLE_NAME", "TargetIdentifier": "arn:aws:organizations::01234567890:ou/o-EXAMPLE/ou-zzxx-zzx0zzz2" }, "Type": "AWS::ControlTower::EnabledControl" } } }
YAML
Resources: MyExampleControl: Properties: ControlIdentifier: 'arn:aws:controltower:us-east-2::control/EXAMPLE_NAME' TargetIdentifier: 'arn:aws:organizations::01234567890:ou/o-EXAMPLE/ou-zzxx-zzx0zzz2' Type: 'AWS::ControlTower::EnabledControl'