Data retrieval APIs for AWS Control Tower - AWS Online Register of Data Formats

Data retrieval APIs for AWS Control Tower

AWS Control Tower provides the following APIs for data retrieval.

Actions Description Access level
DescribeAccountFactoryConfigDescribe the current account factory configurationRead
DescribeCoreServiceDescribe resources managed by core accounts in AWS Control TowerRead
DescribeGuardrailDescribe a guardrailRead
DescribeGuardrailForTargetDescribe a guardrail for a organizational unitRead
DescribeLandingZoneConfigurationDescribe the current Landing Zone configurationRead
DescribeManagedAccountDescribe an account created through account factoryRead
DescribeManagedOrganizationalUnitDescribe an AWS Organizations organizational unit managed by AWS Control TowerRead
DescribeRegisterOrganizationalUnitOperationDescribe a Register Organizational Unit Operation Read
DescribeSingleSignOnDescribe the current AWS Control Tower IAM Identity Center configurationRead
GetAccountInfoDescribe an account email and validate that it existsRead
GetAvailableUpdatesList available updates for the current AWS Control Tower deploymentRead
GetBaselineGet Baseline detailsRead
GetBaselineOperationGet the current status of a particular Baseline operationRead
GetControlOperationGet the current status of a particular EnabledControl or DisableControl operationRead
GetEnabledBaselineGet an enabled BaselineRead
GetEnabledControlGet an enabled control from an organizational unitRead
GetGuardrailComplianceStatusGet the current compliance status of a guardrailRead
GetHomeRegionGet the home region of the AWS Control Tower setupRead
GetLandingZoneGet the current status of the landing zone setupRead
GetLandingZoneDriftStatusGet the current landing zone drift statusRead
GetLandingZoneOperationGet the current status of a particular landing zone operationRead
GetLandingZoneStatusGet the current status of the landing zone setupRead
ListBaselinesList BaselinesList
ListControlOperationsList all control operationsList
ListDirectoryGroupsList the current directory groups available through IAM Identity CenterList
ListDriftDetailsList occurrences of drift in AWS Control TowerRead
ListEnabledBaselinesList enabled BaselinesList
ListEnabledControlsList all enabled controls in a specified organizational unitList
ListEnabledGuardrailsList currently enabled guardrailsList
ListExtendGovernancePrecheckDetailsList Precheck details for an Organizational Unit List
ListExternalConfigRuleComplianceList the compliance of external AWS Config rulesRead
ListGuardrailViolationsList existing guardrail violationsList
ListGuardrailsList all available guardrailsList
ListGuardrailsForTargetList guardrails and their current state for a organizational unitList
ListLandingZoneOperationsList all landing zone operationsList
ListLandingZonesList all landing zonesList
ListManagedAccountsList accounts managed through AWS Control TowerList
ListManagedAccountsForGuardrailList managed accounts with a specified guardrail appliedList
ListManagedAccountsForParentList managed accounts under an organizational unitList
ListManagedOrganizationalUnitsList organizational units managed by AWS Control TowerList
ListManagedOrganizationalUnitsForGuardrailList managed organizational units that have a specified guardrail appliedList
ListTagsForResourceList the tags for a resourceRead
PerformPreLaunchChecksPerform validations in an accountRead