Data retrieval APIs for AWS Control Tower
AWS Control Tower provides the following APIs for data retrieval.
| Actions | Description | Access level |
|---|---|---|
| DescribeAccountFactoryConfig | Describe the current account factory configuration | Read |
| DescribeCoreService | Describe resources managed by core accounts in AWS Control Tower | Read |
| DescribeGuardrail | Describe a guardrail | Read |
| DescribeGuardrailForTarget | Describe a guardrail for a organizational unit | Read |
| DescribeLandingZoneConfiguration | Describe the current Landing Zone configuration | Read |
| DescribeManagedAccount | Describe an account created through account factory | Read |
| DescribeManagedOrganizationalUnit | Describe an AWS Organizations organizational unit managed by AWS Control Tower | Read |
| DescribeRegisterOrganizationalUnitOperation | Describe a Register Organizational Unit Operation | Read |
| DescribeSingleSignOn | Describe the current AWS Control Tower IAM Identity Center configuration | Read |
| GetAccountInfo | Describe an account email and validate that it exists | Read |
| GetAvailableUpdates | List available updates for the current AWS Control Tower deployment | Read |
| GetBaseline | Get Baseline details | Read |
| GetBaselineOperation | Get the current status of a particular Baseline operation | Read |
| GetControlOperation | Get the current status of a particular EnabledControl or DisableControl operation | Read |
| GetEnabledBaseline | Get an enabled Baseline | Read |
| GetEnabledControl | Get an enabled control from an organizational unit | Read |
| GetGuardrailComplianceStatus | Get the current compliance status of a guardrail | Read |
| GetHomeRegion | Get the home region of the AWS Control Tower setup | Read |
| GetLandingZone | Get the current status of the landing zone setup | Read |
| GetLandingZoneDriftStatus | Get the current landing zone drift status | Read |
| GetLandingZoneOperation | Get the current status of a particular landing zone operation | Read |
| GetLandingZoneStatus | Get the current status of the landing zone setup | Read |
| ListBaselines | List Baselines | List |
| ListControlOperations | List all control operations | List |
| ListDirectoryGroups | List the current directory groups available through IAM Identity Center | List |
| ListDriftDetails | List occurrences of drift in AWS Control Tower | Read |
| ListEnabledBaselines | List enabled Baselines | List |
| ListEnabledControls | List all enabled controls in a specified organizational unit | List |
| ListEnabledGuardrails | List currently enabled guardrails | List |
| ListExtendGovernancePrecheckDetails | List Precheck details for an Organizational Unit | List |
| ListExternalConfigRuleCompliance | List the compliance of external AWS Config rules | Read |
| ListGuardrailViolations | List existing guardrail violations | List |
| ListGuardrails | List all available guardrails | List |
| ListGuardrailsForTarget | List guardrails and their current state for a organizational unit | List |
| ListLandingZoneOperations | List all landing zone operations | List |
| ListLandingZones | List all landing zones | List |
| ListManagedAccounts | List accounts managed through AWS Control Tower | List |
| ListManagedAccountsForGuardrail | List managed accounts with a specified guardrail applied | List |
| ListManagedAccountsForParent | List managed accounts under an organizational unit | List |
| ListManagedOrganizationalUnits | List organizational units managed by AWS Control Tower | List |
| ListManagedOrganizationalUnitsForGuardrail | List managed organizational units that have a specified guardrail applied | List |
| ListTagsForResource | List the tags for a resource | Read |
| PerformPreLaunchChecks | Perform validations in an account | Read |
