기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
기준 API 사용 예시
이 섹션에는 AWS Control Tower 기준 API의 입력 및 출력 파라미터 예제가 수록되어 있습니다.
DisableBaseline
이 API 작업에 대한 자세한 내용은 을 참조하십시오. DisableBaseline
DisableBaseline입력:
{ "enabledBaselineIdentifier": "arn:aws:controltower:us-west-2:123456789012:enabledbaseline/AB12CD34EF56GH789" }
DisableBaseline출력:
{ "operationIdentifier": "58f12232-26be-4735-a3e9-dd30d90f021f" }
DisableBaselineCLI 예제:
aws controltower disable-baseline \ --enabled-baseline-identifier arn:aws:controltower:us-west-2:123456789012:enabledbaseline/AB12CD34EF56GH789 \ --region us-west-2
EnableBaseline
이 API 작업에 대한 자세한 내용은 을 참조하십시오 EnableBaseline.
EnableBaseline입력:
{ "baselineIdentifier": "arn:aws:controltower:us-west-2::baseline:17BSJV3IGJ2QSGA2", "targetIdentifier": "arn:aws:organizations::123456789012:ou/o-kgj0txdhpa/ou-r9mj-4j3mzjql", "baselineVersion": "3.0", "parameters": [ { "key": "IdentityCenterEnabledBaselineArn", "value": "arn:aws:controltower:us-west-2:123456789012:enabledbaseline/XAHCR4CJTSI4W07MZ" } ] }
EnableBaseline출력:
{ "operationIdentifier": "58f12232-26be-4735-a3e9-dd30d90f021f", "arn": "arn:aws:controltower:us-west-2:123456789012:enabledbaseline/XAHCR4CJTSI4W07MZ" }
EnableBaselineCLI 예제:
이 예시는 랜딩 존이 옵트인된 AWS Organizations 조직이 AWS Control Tower에서 관리하는 AWS IAM Identity Center 액세스를 허용하도록 기준을 설정하는 방법을 보여줍니다. ID 센터 EnabledBaseline 식별자를 검색하려면 ID 센터 기준에 따라 필터링하여 ListEnabledBaselines API를 호출할 수 있습니다. (arn:aws:controltower: Region::baseline/LN25R72TTG6IGPTQ)
aws controltower list-enabled-baselines \ --filter baselineIdentifiers=arn:aws:controltower:us-west-2::baseline/LN25R72TTG6IGPTQ \ --region us-west-2
응답에는 식별자를 보여주는 EnabledBaseline 세부 정보가 표시됩니다.
{ "enabledBaselines": [ { "arn": "arn:aws:controltower:us-west-2:123456789012:enabledbaseline/XAHXS7P6C4I453EZC", "baselineIdentifier": "arn:aws:controltower:us-west-2::baseline/LN25R72TTG6IGPTQ", "targetIdentifier": "arn:aws:organizations::123456789012:account/o-aq21sw43de5/123456789012", "statusSummary": { "status": "SUCCEEDED" } } ] }
참고
응답의 ARN 값을 기록하고 이 값을 파라미터로 전달하여 기본 기준을 활성화합니다.
aws controltower enable-baseline \ --baseline-identifier arn:aws:controltower:us-west-2::baseline/17BSJV3IGJ2QSGA2 \ --baseline-version 3.0 \ --target-identifier arn:aws:organizations::123456789012:ou/o-aq21sw43de5/ou-po90-lk87jh65 \ --parameters '[{"key":"IdentityCenterEnabledBaselineArn","value":"arn:aws:controltower:us-west-2:123456789012:enabledbaseline/XAHXS7P6C4I453EZC"}]' \ --region us-west-2
IAM Identity Center의 AWS Control Tower 관리에서 랜딩 존을 옵트아웃한 조직의 경우 파라미터 없이 베이스라인을 활성화하십시오.
aws controltower enable-baseline \ --baseline-identifier arn:aws:controltower:us-west-2::baseline/17BSJV3IGJ2QSGA2 \ --baseline-version 3.0 \ --target-identifier arn:aws:organizations::123456789012:ou/o-aq21sw43de5/ou-po90-lk87jh65 \ --region us-west-2
GetBaseline
이 API 작업에 대한 자세한 내용은 을 참조하십시오. GetBaseline
GetBaseline입력:
{ "baselineIdentifier": "arn:aws:controltower:us-west-2::baseline/17BSJV3IGJ2QSGA2" }
GetBaseline출력:
{ "arn": "arn:aws:controltower:us-west-2::baseline/17BSJV3IGJ2QSGA2", "name": "AWSControlTowerBaseline", "description": "Sets up resources and mandatory controls for member accounts within the target OU, required for AWS Control Tower governance.", }
GetBaselineCLI 예제:
aws controltower get-baseline \ --baseline-identifier arn:aws:controltower:us-west-2::baseline/17BSJV3IGJ2QSGA2 \ --region us-west-2
GetBaselineOperation
이 API 작업에 대한 자세한 내용은 을 참조하십시오 GetBaselineOperation.
GetBaselineOperation입력:
{ "operationIdentifier": "58f12232-26be-4735-a3e9-dd30d90f021f" }
GetBaselineOperation출력:
{ "baselineOperation": { "operationIdentifier": "58f12232-26be-4735-a3e9-dd30d90f021f", "operationType": "DISABLE_BASELINE", "status": "FAILED", "startTime": "2023-01-12T19:05:00Z", "endTime": "2023-01-12T19:45:00Z", "statusMessage": "Can't perform DisableBaseline on a parent target with governed child OUs" } }
GetBaselineOperationCLI 예제:
aws controltower get-baseline-operation \ --operation-identifier 58f12232-26be-4735-a3e9-dd30d90f021f \ --region us-west-2
GetEnabledBaseline
이 API 작업에 대한 자세한 내용은 을 참조하십시오 GetEnabledBaseline.
GetEnabledBaseline입력:
{ "enabledBaselineIdentifier": "arn:aws:controltower:us-west-2:123456789012:enabledbaseline/XAHCR4CJTSI4W07MZ" }
GetEnabledBaseline출력:
{ "enabledBaselineDetails": { "arn": "arn:aws:controltower:us-west-2:123456789012:enabledbaseline/XAHCR4CJTSI4W07MZ", "baselineIdentifier": "arn:aws:controltower:us-west-2::baseline:17BSJV3IGJ2QSGA2", "baselineVersion": "3.0", "targetIdentifier": "arn:aws:organizations::123456789012:ou/o-kgj0txdhpa/ou-r9mj-4j3mzjql", "statusSummary": { "status": "SUCCEEDED", "lastOperationIdentifier": "58f12232-26be-4735-a3e9-dd30d90f021f" }, "parameters": [ { "key": "IdentityCenterEnabledBaselineArn", "value": "arn:aws:controltower:us-west-2:123456789012:enabledbaseline/XAHCR4CJTSI4W07MZ" } ] } }
GetEnabledBaselineCLI 예제:
aws controltower get-enabled-baseline \ --enabled-baseline-identifier arn:aws:controltower:us-west-2:123456789012:enabledbaseline/XAHXS7P6C4I453EZC \ --region us-west-2
ListBaselines
이 API 작업에 대한 자세한 내용은 을 참조하십시오 ListBaselines.
ListBaselines입력 (선택적 입력 사용):
{ "nextToken": "AbCd1234", "maxResults": "4" }
ListBaselines출력:
{ "baselines": [ { "arn": "arn:aws:controltower:us-west-1::baseline/4T4HA1KMO10S6311", "name": "AuditBaseline", "description": "Sets up resources to monitor security and compliance of accounts in your organization." }, { "arn": "arn:aws:controltower:us-west-1::baseline/J8HX46AHS5MIKQPD", "name": "LogArchiveBaseline", "description": "Sets up a central repository for logs of API activities and resource configurations from accounts in your organization." }, { "arn": "arn:aws:controltower:us-west-1::baseline/LN25R72TTG6IGPTQ", "name": "IdentityCenterBaseline", "description": "Sets up shared resources for AWS Identity Center, which prepares the AWSControlTowerBaseline to set up Identity Center access for accounts." }, { "arn": "arn:aws:controltower:us-west-1::baseline/17BSJV3IGJ2QSGA2", "name": "AWSControlTowerBaseline", "description": "Sets up resources and mandatory controls for member accounts within the target OU, required for AWS Control Tower governance." } ] }
ListBaselinesCLI 예제:
aws controltower list-baselines \ --region us-west-2
ListEnabledBaselines
이 API 작업에 대한 자세한 내용은 을 참조하십시오 ListEnabledBaselines.
ListEnabledBaselines입력 (필터 없음):
{ "nextToken": "bde7-XX0c6fXXXXXX", "maxResults": 5 }
ListEnabledBaselines입력 (baselineIdentifiers필터 전용):
{ "filter": { "baselineIdentifiers": ['arn:aws:controltower:us-east-1::baseline/17BSJV3IGJ2QSGA2', 'arn:aws:controltower:us-east-1::baseline/12GZU8CKZKVMS2AW'] }, "nextToken": "bde7-XX0c6fXXXXXX", "maxResults": 5 }
ListEnabledBaselines입력 (targetIdentifiers필터 전용):
{ "filter": { "targetIdentifiers": ['arn:aws:organizations::123456789012:ou/o-s9511vn103/ou-xqj7-fex1u317', 'arn:aws:organizations::123456789012:ou/o-s9511vn103/ou-xqj7-11q6n2cf'] }, "nextToken": "bde7-XX0c6fXXXXXX", "maxResults": 2 }
ListEnabledBaselines입력 (baselineIdentifiers및 targetIdentifiers 필터):
{ "filter": { "baselineIdentifiers": ['arn:aws:controltower:us-east-1::baseline/17BSJV3IGJ2QSGA2'] "targetIdentifiers": ['arn:aws:organizations::123456789012:ou/o-s9511vn103/ou-xqj7-fex1u317'] }, "nextToken": "bde7-XX0c6fXXXXXX", "maxResults": 5 }
ListEnabledBaselines출력:
{ "enabledBaselines": [ { "arn": "arn:aws:controltower:us-east-1:123456789012:enabledbaseline/XAHCR4CJTSI4W07MZ", "baselineIdentifier": "arn:aws:controltower:us-east-1::baseline:17BSJV3IGJ2QSGA2", "baselineVersion": "3.0", "targetIdentifier": "arn:aws:organizations::123456789012:ou/o-kgj0txdhpa/ou-r9mj-4j3mzjql", "statusSummary": { "status": "SUCCEEDED", "lastOperationIdentifier": "58f12232-26be-4735-a3e9-dd30d90f021f" } }, { "arn": "arn:aws:controltower:us-east-1:123456789012:enabledbaseline/XAJ9NKW88AA4W9CLL", "baselineIdentifier": "arn:aws:controltower:us-east-1::baseline:17BSJV3IGJ2QSGA2", "baselineVersion": "4.0", "targetIdentifier": "arn:aws:organizations::123456789012:ou/o-s9511vn103/ou-xqj7-fex1u317", "statusSummary": { "status": "FAILED", "lastOperationIdentifier": "81e02df1-2b4d-48f0-838f-3833b93dcdc0" } } ], "nextToken": "e2bXXXXX6cab" }
한 가지 유형의 필터 (baselineIdentifiers필터) 를 사용하는 CLI 예제:
aws controltower list-enabled-baselines \ --filter baselineIdentifiers=arn:aws:controltower:us-west-2::baseline/17BSJV3IGJ2QSGA2,arn:aws:controltower:us-west-2::baseline/LN25R72TTG6IGPTQ \ --region us-west-2
다중 필터 (baselineIdentifiers및 targetIdentifiers 필터) 를 사용하는 CLI 예제:
aws controltower list-enabled-baselines \ --filter targetIdentifiers=arn:aws:organizations::123456789012:ou/o-aq21sw43de5/ou-po90-lk87jh65,baselineIdentifiers=arn:aws:controltower:us-west-2::baseline/17BSJV3IGJ2QSGA2 \ --region us-west-2
ResetEnabledBaseline
이 API 작업에 대한 자세한 내용은 을 참조하십시오 ResetEnabledBaseline.
ResetEnabledbaseline입력:
{ "enabledBaselineIdentifier": "arn:aws:controltower:us-west-2:123456789012:enabledbaseline/XAJ9NKW88AA4W9CLL" }
ResetEnabledBaseline출력:
{ "operationIdentifier": "81e02df1-2b4d-48f0-838f-3833b93dcdc0" }
ResetEnabledBaselineCLI 예제:
aws controltower reset-enabled-baseline \ --enabled-baseline-identifier arn:aws:controltower:us-west-2:123456789012:enabledbaseline/XAHXS7P6C4I453EZC \ --region us-west-2
UpdateEnabledBaseline
이 API 작업에 대한 자세한 내용은 을 참조하십시오 UpdateEnabledBaseline.
UpdateEnabledBaseline입력:
{ "enabledBaselineIdentifier": "arn:aws:controltower:us-east-1:123456789012:enabledbaseline/XAJ9NKW88AA4W9CLL", "baselineVersion": "4.0", "parameters": [ { "key": "IdentityCenterEnabledBaselineArn", "value": "arn:aws:controltower:us-east-1:123456789012:enabledbaseline/XAHCR4CJTSI4W07MZ" } ] }
UpdateEnabledBaseline출력:
{ "operationIdentifier": "81e02df1-2b4d-48f0-838f-3833b93dcdc0" }
UpdateEnabledBaselineCLI 예제:
aws controltower update-enabled-baseline \ --enabled-baseline-identifier arn:aws:controltower:us-west-2:123456789012:enabledbaseline/XAHXS7P6C4I453EZC \ --baseline-version 4.0 --parameters '[{"key":"IdentityCenterEnabledBaselineArn","value":"arn:aws:controltower:us-west-2:123456789012:enabledbaseline/XAHXS7P6C4I453EZC"}]' \ --region us-west-2
