Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
DisableControl - AWS Control Tower
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

DisableControl

PDF

This API call turns off a control. It starts an asynchronous operation that deletes AWS resources on the specified organizational unit and the accounts it contains. The resources will vary according to the control that you specify. For usage examples, see the Controls Reference Guide.

Request Syntax

POST /disable-control HTTP/1.1
Content-type: application/json

{
   "controlIdentifier": "string",
   "targetIdentifier": "string"
}

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

controlIdentifier

The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny control. For information on how to find the controlIdentifier, see the overview page.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: ^arn:aws[0-9a-zA-Z_\-:\/]+$

Required: Yes

targetIdentifier

The ARN of the organizational unit. For information on how to find the targetIdentifier, see the overview page.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: ^arn:aws[0-9a-zA-Z_\-:\/]+$

Required: Yes

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "operationIdentifier": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

operationIdentifier

The ID of the asynchronous operation, which is used to track status. The operation is available for 90 days.

Type: String

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403

ConflictException

Updating or deleting the resource can cause an inconsistent state.

HTTP Status Code: 409

InternalServerException

An unexpected error occurred during processing of a request.

HTTP Status Code: 500

ResourceNotFoundException

The request references a resource that does not exist.

HTTP Status Code: 404

ServiceQuotaExceededException

The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.

HTTP Status Code: 402

ThrottlingException

The request was denied due to request throttling.

HTTP Status Code: 429

ValidationException

The input does not satisfy the constraints specified by an AWS service.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

Next topic:

EnableBaseline

Previous topic:

DisableBaseline

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.