The AWS Control Tower Control Catalog

The following sections include an individual reference entry for each of the controls available in AWS Control Tower. The controls are grouped into sections according to common characteristics. Each control reference entry includes the details, artifacts, additional information, and considerations to keep in mind when enabling a specific control on a OU in your landing zone.

Note

The Control Catalog was formerly called the Controls Library. We have renamed it for consistency.

How to view controls

• To retrieve information about individual controls programmatically, call the GetControl API from the controlcatalog namespace of AWS Control Tower.

• To retrieve a list of available controls programmatically, call the ListControls API from the controlcatalog namespace of AWS Control Tower.

• Additional detail about each control is available in the AWS Control Tower console, on the Control details pages and Control Catalog APIs. For more information, see View control details.

• To understand control ARNs, see Resource identifiers for APIs and controls.

Topics

• Mandatory controls

• Proactive controls

• Preventive controls

• Detective controls

• Controls with parameters

• Optional controls

• Strongly recommended controls

• Elective controls

• Search for controls with Amazon Q

Note

The four mandatory controls with "Sid": "GRCLOUDTRAILENABLED" are identical by design. The sample code is correct.