aws-sdk-controltower 1.9.0 → 1.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d15286b41b4e37c5e7ee7ed46629050a27c7b4758d5e6667af64389185e819e0
-  data.tar.gz: 2a0caadb260cc26c4634131dc213927aa64457a48d241bed3b7b016ce83673fc
+  metadata.gz: 4a3aa67695d6e0f0ee8cc3f70eae34f700ed760a9569b962da3b197781d6fe6f
+  data.tar.gz: 587639ea3f15464a4517f32278cc27d610952452c254cc4e7f2f5b0125f77f35
 SHA512:
-  metadata.gz: 25e5a3f75945bb6793413a06d192488fd003314760964d86be8fbf78a77cb982f70db96a9e5987922344389db2ea69b91b18d9e0f74c1ba7850a17717999d548
-  data.tar.gz: 3accb251e4a1b58326be90252ec714650adb8335816a91b9631e70849b2a535cae1217a3c80dbce2b97ea5c08cbf9d2068a88bcfca9097eb789aada37ad62acf
+  metadata.gz: 9c34002ebcfa9aa3f8904ee6bb976c3a53e54d1c084c55ac212a2abf0e5dfdbd518d1c0335ff62552d8e85bf901a011b4d091ffbccabbe3e3cca69446de639fe
+  data.tar.gz: 913cc819e0f644b7af70dab0b334fe5c8f5f85a0ea7d71c0dae94ee1b80190cca972a37a8daa30a6bbf74a843617f6520fc4b850ce5b6c2f56a63d292298c139

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.11.0 (2023-11-10)
+------------------
+
+* Feature - AWS Control Tower supports tagging for enabled controls. This release introduces TagResource, UntagResource and ListTagsForResource APIs to manage tags in existing enabled controls. It updates EnabledControl API to tag resources at creation time.
+
+1.10.0 (2023-10-12)
+------------------
+
+* Feature - Added new EnabledControl resource details to ListEnabledControls API and added new GetEnabledControl API.
+
 1.9.0 (2023-09-27)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.9.0
+1.11.0

data/lib/aws-sdk-controltower/client.rb

@@ -391,15 +391,30 @@ module Aws::ControlTower
     # This API call turns off a control. It starts an asynchronous operation
     # that deletes AWS resources on the specified organizational unit and
     # the accounts it contains. The resources will vary according to the
-    # control that you specify.
+    # control that you specify. For usage examples, see [ *the AWS Control
+    # Tower User Guide* ][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html
     #
     # @option params [required, String] :control_identifier
     #   The ARN of the control. Only **Strongly recommended** and **Elective**
     #   controls are permitted, with the exception of the **Region deny**
-    #   guardrail.
+    #   control. For information on how to find the `controlIdentifier`, see
+    #   [the overview page][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html
     #
     # @option params [required, String] :target_identifier
-    #   The ARN of the organizational unit.
+    #   The ARN of the organizational unit. For information on how to find the
+    #   `targetIdentifier`, see [the overview page][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html
     #
     # @return [Types::DisableControlOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -428,29 +443,52 @@ module Aws::ControlTower
     # This API call activates a control. It starts an asynchronous operation
     # that creates AWS resources on the specified organizational unit and
     # the accounts it contains. The resources created will vary according to
-    # the control that you specify.
+    # the control that you specify. For usage examples, see [ *the AWS
+    # Control Tower User Guide* ][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html
     #
     # @option params [required, String] :control_identifier
     #   The ARN of the control. Only **Strongly recommended** and **Elective**
     #   controls are permitted, with the exception of the **Region deny**
-    #   guardrail.
+    #   control. For information on how to find the `controlIdentifier`, see
+    #   [the overview page][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html
+    #
+    # @option params [Hash<String,String>] :tags
+    #   Tags to be applied to the `EnabledControl` resource.
     #
     # @option params [required, String] :target_identifier
-    #   The ARN of the organizational unit.
+    #   The ARN of the organizational unit. For information on how to find the
+    #   `targetIdentifier`, see [the overview page][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html
     #
     # @return [Types::EnableControlOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
+    #   * {Types::EnableControlOutput#arn #arn} => String
     #   * {Types::EnableControlOutput#operation_identifier #operation_identifier} => String
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.enable_control({
     #     control_identifier: "ControlIdentifier", # required
+    #     tags: {
+    #       "TagKey" => "TagValue",
+    #     },
     #     target_identifier: "TargetIdentifier", # required
     #   })
     #
     # @example Response structure
     #
+    #   resp.arn #=> String
     #   resp.operation_identifier #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/EnableControl AWS API Documentation
@@ -464,7 +502,12 @@ module Aws::ControlTower
 
     # Returns the status of a particular `EnableControl` or `DisableControl`
     # operation. Displays a message in case of error. Details for an
-    # operation are available for 90 days.
+    # operation are available for 90 days. For usage examples, see [ *the
+    # AWS Control Tower User Guide* ][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html
     #
     # @option params [required, String] :operation_identifier
     #   The ID of the asynchronous operation, which is used to track status.
@@ -497,8 +540,53 @@ module Aws::ControlTower
       req.send_request(options)
     end
 
+    # Retrieves details about an enabled control. For usage examples, see [
+    # *the AWS Control Tower User Guide* ][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html
+    #
+    # @option params [required, String] :enabled_control_identifier
+    #   The `controlIdentifier` of the enabled control.
+    #
+    # @return [Types::GetEnabledControlOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetEnabledControlOutput#enabled_control_details #enabled_control_details} => Types::EnabledControlDetails
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_enabled_control({
+    #     enabled_control_identifier: "Arn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.enabled_control_details.arn #=> String
+    #   resp.enabled_control_details.control_identifier #=> String
+    #   resp.enabled_control_details.drift_status_summary.drift_status #=> String, one of "DRIFTED", "IN_SYNC", "NOT_CHECKING", "UNKNOWN"
+    #   resp.enabled_control_details.status_summary.last_operation_identifier #=> String
+    #   resp.enabled_control_details.status_summary.status #=> String, one of "SUCCEEDED", "FAILED", "UNDER_CHANGE"
+    #   resp.enabled_control_details.target_identifier #=> String
+    #   resp.enabled_control_details.target_regions #=> Array
+    #   resp.enabled_control_details.target_regions[0].name #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/GetEnabledControl AWS API Documentation
+    #
+    # @overload get_enabled_control(params = {})
+    # @param [Hash] params ({})
+    def get_enabled_control(params = {}, options = {})
+      req = build_request(:get_enabled_control, params)
+      req.send_request(options)
+    end
+
     # Lists the controls enabled by AWS Control Tower on the specified
-    # organizational unit and the accounts it contains.
+    # organizational unit and the accounts it contains. For usage examples,
+    # see [ *the AWS Control Tower User Guide* ][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html
     #
     # @option params [Integer] :max_results
     #   How many results to return per API call.
@@ -508,7 +596,12 @@ module Aws::ControlTower
     #   parameters.
     #
     # @option params [required, String] :target_identifier
-    #   The ARN of the organizational unit.
+    #   The ARN of the organizational unit. For information on how to find the
+    #   `targetIdentifier`, see [the overview page][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html
     #
     # @return [Types::ListEnabledControlsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -528,7 +621,12 @@ module Aws::ControlTower
     # @example Response structure
     #
     #   resp.enabled_controls #=> Array
+    #   resp.enabled_controls[0].arn #=> String
     #   resp.enabled_controls[0].control_identifier #=> String
+    #   resp.enabled_controls[0].drift_status_summary.drift_status #=> String, one of "DRIFTED", "IN_SYNC", "NOT_CHECKING", "UNKNOWN"
+    #   resp.enabled_controls[0].status_summary.last_operation_identifier #=> String
+    #   resp.enabled_controls[0].status_summary.status #=> String, one of "SUCCEEDED", "FAILED", "UNDER_CHANGE"
+    #   resp.enabled_controls[0].target_identifier #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/ListEnabledControls AWS API Documentation
@@ -540,6 +638,104 @@ module Aws::ControlTower
       req.send_request(options)
     end
 
+    # Returns a list of tags associated with the resource. For usage
+    # examples, see [ *the AWS Control Tower User Guide* ][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html
+    #
+    # @option params [required, String] :resource_arn
+    #   The ARN of the resource.
+    #
+    # @return [Types::ListTagsForResourceOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListTagsForResourceOutput#tags #tags} => Hash&lt;String,String&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_tags_for_resource({
+    #     resource_arn: "Arn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.tags #=> Hash
+    #   resp.tags["TagKey"] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/ListTagsForResource AWS API Documentation
+    #
+    # @overload list_tags_for_resource(params = {})
+    # @param [Hash] params ({})
+    def list_tags_for_resource(params = {}, options = {})
+      req = build_request(:list_tags_for_resource, params)
+      req.send_request(options)
+    end
+
+    # Applies tags to a resource. For usage examples, see [ *the AWS Control
+    # Tower User Guide* ][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html
+    #
+    # @option params [required, String] :resource_arn
+    #   The ARN of the resource to be tagged.
+    #
+    # @option params [required, Hash<String,String>] :tags
+    #   Tags to be applied to the resource.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.tag_resource({
+    #     resource_arn: "Arn", # required
+    #     tags: { # required
+    #       "TagKey" => "TagValue",
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/TagResource AWS API Documentation
+    #
+    # @overload tag_resource(params = {})
+    # @param [Hash] params ({})
+    def tag_resource(params = {}, options = {})
+      req = build_request(:tag_resource, params)
+      req.send_request(options)
+    end
+
+    # Removes tags from a resource. For usage examples, see [ *the AWS
+    # Control Tower User Guide* ][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html
+    #
+    # @option params [required, String] :resource_arn
+    #   The ARN of the resource.
+    #
+    # @option params [required, Array<String>] :tag_keys
+    #   Tag keys to be removed from the resource.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.untag_resource({
+    #     resource_arn: "Arn", # required
+    #     tag_keys: ["TagKey"], # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/UntagResource AWS API Documentation
+    #
+    # @overload untag_resource(params = {})
+    # @param [Hash] params ({})
+    def untag_resource(params = {}, options = {})
+      req = build_request(:untag_resource, params)
+      req.send_request(options)
+    end
+
     # @!endgroup
 
     # @param params ({})
@@ -553,7 +749,7 @@ module Aws::ControlTower
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-controltower'
-      context[:gem_version] = '1.9.0'
+      context[:gem_version] = '1.11.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-controltower/client_api.rb

@@ -14,6 +14,7 @@ module Aws::ControlTower
     include Seahorse::Model
 
     AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
+    Arn = Shapes::StringShape.new(name: 'Arn')
     ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
     ControlIdentifier = Shapes::StringShape.new(name: 'ControlIdentifier')
     ControlOperation = Shapes::StructureShape.new(name: 'ControlOperation')
@@ -21,24 +22,44 @@ module Aws::ControlTower
     ControlOperationType = Shapes::StringShape.new(name: 'ControlOperationType')
     DisableControlInput = Shapes::StructureShape.new(name: 'DisableControlInput')
     DisableControlOutput = Shapes::StructureShape.new(name: 'DisableControlOutput')
+    DriftStatus = Shapes::StringShape.new(name: 'DriftStatus')
+    DriftStatusSummary = Shapes::StructureShape.new(name: 'DriftStatusSummary')
     EnableControlInput = Shapes::StructureShape.new(name: 'EnableControlInput')
     EnableControlOutput = Shapes::StructureShape.new(name: 'EnableControlOutput')
+    EnabledControlDetails = Shapes::StructureShape.new(name: 'EnabledControlDetails')
     EnabledControlSummary = Shapes::StructureShape.new(name: 'EnabledControlSummary')
     EnabledControls = Shapes::ListShape.new(name: 'EnabledControls')
+    EnablementStatus = Shapes::StringShape.new(name: 'EnablementStatus')
+    EnablementStatusSummary = Shapes::StructureShape.new(name: 'EnablementStatusSummary')
     GetControlOperationInput = Shapes::StructureShape.new(name: 'GetControlOperationInput')
     GetControlOperationOutput = Shapes::StructureShape.new(name: 'GetControlOperationOutput')
+    GetEnabledControlInput = Shapes::StructureShape.new(name: 'GetEnabledControlInput')
+    GetEnabledControlOutput = Shapes::StructureShape.new(name: 'GetEnabledControlOutput')
     Integer = Shapes::IntegerShape.new(name: 'Integer')
     InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException')
     ListEnabledControlsInput = Shapes::StructureShape.new(name: 'ListEnabledControlsInput')
     ListEnabledControlsOutput = Shapes::StructureShape.new(name: 'ListEnabledControlsOutput')
+    ListTagsForResourceInput = Shapes::StructureShape.new(name: 'ListTagsForResourceInput')
+    ListTagsForResourceOutput = Shapes::StructureShape.new(name: 'ListTagsForResourceOutput')
     MaxResults = Shapes::IntegerShape.new(name: 'MaxResults')
     OperationIdentifier = Shapes::StringShape.new(name: 'OperationIdentifier')
+    Region = Shapes::StructureShape.new(name: 'Region')
+    RegionName = Shapes::StringShape.new(name: 'RegionName')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
     ServiceQuotaExceededException = Shapes::StructureShape.new(name: 'ServiceQuotaExceededException')
     String = Shapes::StringShape.new(name: 'String')
     SyntheticTimestamp_date_time = Shapes::TimestampShape.new(name: 'SyntheticTimestamp_date_time', timestampFormat: "iso8601")
+    TagKey = Shapes::StringShape.new(name: 'TagKey')
+    TagKeys = Shapes::ListShape.new(name: 'TagKeys')
+    TagMap = Shapes::MapShape.new(name: 'TagMap')
+    TagResourceInput = Shapes::StructureShape.new(name: 'TagResourceInput')
+    TagResourceOutput = Shapes::StructureShape.new(name: 'TagResourceOutput')
+    TagValue = Shapes::StringShape.new(name: 'TagValue')
     TargetIdentifier = Shapes::StringShape.new(name: 'TargetIdentifier')
+    TargetRegions = Shapes::ListShape.new(name: 'TargetRegions')
     ThrottlingException = Shapes::StructureShape.new(name: 'ThrottlingException')
+    UntagResourceInput = Shapes::StructureShape.new(name: 'UntagResourceInput')
+    UntagResourceOutput = Shapes::StructureShape.new(name: 'UntagResourceOutput')
     ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
 
     AccessDeniedException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
@@ -61,24 +82,51 @@ module Aws::ControlTower
     DisableControlOutput.add_member(:operation_identifier, Shapes::ShapeRef.new(shape: OperationIdentifier, required: true, location_name: "operationIdentifier"))
     DisableControlOutput.struct_class = Types::DisableControlOutput
 
+    DriftStatusSummary.add_member(:drift_status, Shapes::ShapeRef.new(shape: DriftStatus, location_name: "driftStatus"))
+    DriftStatusSummary.struct_class = Types::DriftStatusSummary
+
     EnableControlInput.add_member(:control_identifier, Shapes::ShapeRef.new(shape: ControlIdentifier, required: true, location_name: "controlIdentifier"))
+    EnableControlInput.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
     EnableControlInput.add_member(:target_identifier, Shapes::ShapeRef.new(shape: TargetIdentifier, required: true, location_name: "targetIdentifier"))
     EnableControlInput.struct_class = Types::EnableControlInput
 
+    EnableControlOutput.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "arn"))
     EnableControlOutput.add_member(:operation_identifier, Shapes::ShapeRef.new(shape: OperationIdentifier, required: true, location_name: "operationIdentifier"))
     EnableControlOutput.struct_class = Types::EnableControlOutput
 
+    EnabledControlDetails.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "arn"))
+    EnabledControlDetails.add_member(:control_identifier, Shapes::ShapeRef.new(shape: ControlIdentifier, location_name: "controlIdentifier"))
+    EnabledControlDetails.add_member(:drift_status_summary, Shapes::ShapeRef.new(shape: DriftStatusSummary, location_name: "driftStatusSummary"))
+    EnabledControlDetails.add_member(:status_summary, Shapes::ShapeRef.new(shape: EnablementStatusSummary, location_name: "statusSummary"))
+    EnabledControlDetails.add_member(:target_identifier, Shapes::ShapeRef.new(shape: TargetIdentifier, location_name: "targetIdentifier"))
+    EnabledControlDetails.add_member(:target_regions, Shapes::ShapeRef.new(shape: TargetRegions, location_name: "targetRegions"))
+    EnabledControlDetails.struct_class = Types::EnabledControlDetails
+
+    EnabledControlSummary.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "arn"))
     EnabledControlSummary.add_member(:control_identifier, Shapes::ShapeRef.new(shape: ControlIdentifier, location_name: "controlIdentifier"))
+    EnabledControlSummary.add_member(:drift_status_summary, Shapes::ShapeRef.new(shape: DriftStatusSummary, location_name: "driftStatusSummary"))
+    EnabledControlSummary.add_member(:status_summary, Shapes::ShapeRef.new(shape: EnablementStatusSummary, location_name: "statusSummary"))
+    EnabledControlSummary.add_member(:target_identifier, Shapes::ShapeRef.new(shape: TargetIdentifier, location_name: "targetIdentifier"))
     EnabledControlSummary.struct_class = Types::EnabledControlSummary
 
     EnabledControls.member = Shapes::ShapeRef.new(shape: EnabledControlSummary)
 
+    EnablementStatusSummary.add_member(:last_operation_identifier, Shapes::ShapeRef.new(shape: OperationIdentifier, location_name: "lastOperationIdentifier"))
+    EnablementStatusSummary.add_member(:status, Shapes::ShapeRef.new(shape: EnablementStatus, location_name: "status"))
+    EnablementStatusSummary.struct_class = Types::EnablementStatusSummary
+
     GetControlOperationInput.add_member(:operation_identifier, Shapes::ShapeRef.new(shape: OperationIdentifier, required: true, location_name: "operationIdentifier"))
     GetControlOperationInput.struct_class = Types::GetControlOperationInput
 
     GetControlOperationOutput.add_member(:control_operation, Shapes::ShapeRef.new(shape: ControlOperation, required: true, location_name: "controlOperation"))
     GetControlOperationOutput.struct_class = Types::GetControlOperationOutput
 
+    GetEnabledControlInput.add_member(:enabled_control_identifier, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "enabledControlIdentifier"))
+    GetEnabledControlInput.struct_class = Types::GetEnabledControlInput
+
+    GetEnabledControlOutput.add_member(:enabled_control_details, Shapes::ShapeRef.new(shape: EnabledControlDetails, required: true, location_name: "enabledControlDetails"))
+    GetEnabledControlOutput.struct_class = Types::GetEnabledControlOutput
+
     InternalServerException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     InternalServerException.struct_class = Types::InternalServerException
 
@@ -91,18 +139,46 @@ module Aws::ControlTower
     ListEnabledControlsOutput.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location_name: "nextToken"))
     ListEnabledControlsOutput.struct_class = Types::ListEnabledControlsOutput
 
+    ListTagsForResourceInput.add_member(:resource_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location: "uri", location_name: "resourceArn"))
+    ListTagsForResourceInput.struct_class = Types::ListTagsForResourceInput
+
+    ListTagsForResourceOutput.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, required: true, location_name: "tags"))
+    ListTagsForResourceOutput.struct_class = Types::ListTagsForResourceOutput
+
+    Region.add_member(:name, Shapes::ShapeRef.new(shape: RegionName, location_name: "name"))
+    Region.struct_class = Types::Region
+
     ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     ResourceNotFoundException.struct_class = Types::ResourceNotFoundException
 
     ServiceQuotaExceededException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     ServiceQuotaExceededException.struct_class = Types::ServiceQuotaExceededException
 
+    TagKeys.member = Shapes::ShapeRef.new(shape: TagKey)
+
+    TagMap.key = Shapes::ShapeRef.new(shape: TagKey)
+    TagMap.value = Shapes::ShapeRef.new(shape: TagValue)
+
+    TagResourceInput.add_member(:resource_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location: "uri", location_name: "resourceArn"))
+    TagResourceInput.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, required: true, location_name: "tags"))
+    TagResourceInput.struct_class = Types::TagResourceInput
+
+    TagResourceOutput.struct_class = Types::TagResourceOutput
+
+    TargetRegions.member = Shapes::ShapeRef.new(shape: Region)
+
     ThrottlingException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     ThrottlingException.add_member(:quota_code, Shapes::ShapeRef.new(shape: String, location_name: "quotaCode"))
     ThrottlingException.add_member(:retry_after_seconds, Shapes::ShapeRef.new(shape: Integer, location: "header", location_name: "Retry-After"))
     ThrottlingException.add_member(:service_code, Shapes::ShapeRef.new(shape: String, location_name: "serviceCode"))
     ThrottlingException.struct_class = Types::ThrottlingException
 
+    UntagResourceInput.add_member(:resource_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location: "uri", location_name: "resourceArn"))
+    UntagResourceInput.add_member(:tag_keys, Shapes::ShapeRef.new(shape: TagKeys, required: true, location: "querystring", location_name: "tagKeys"))
+    UntagResourceInput.struct_class = Types::UntagResourceInput
+
+    UntagResourceOutput.struct_class = Types::UntagResourceOutput
+
     ValidationException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     ValidationException.struct_class = Types::ValidationException
 
@@ -167,6 +243,19 @@ module Aws::ControlTower
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
 
+      api.add_operation(:get_enabled_control, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetEnabledControl"
+        o.http_method = "POST"
+        o.http_request_uri = "/get-enabled-control"
+        o.input = Shapes::ShapeRef.new(shape: GetEnabledControlInput)
+        o.output = Shapes::ShapeRef.new(shape: GetEnabledControlOutput)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+      end)
+
       api.add_operation(:list_enabled_controls, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListEnabledControls"
         o.http_method = "POST"
@@ -185,6 +274,39 @@ module Aws::ControlTower
           }
         )
       end)
+
+      api.add_operation(:list_tags_for_resource, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListTagsForResource"
+        o.http_method = "GET"
+        o.http_request_uri = "/tags/{resourceArn}"
+        o.input = Shapes::ShapeRef.new(shape: ListTagsForResourceInput)
+        o.output = Shapes::ShapeRef.new(shape: ListTagsForResourceOutput)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+      end)
+
+      api.add_operation(:tag_resource, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "TagResource"
+        o.http_method = "POST"
+        o.http_request_uri = "/tags/{resourceArn}"
+        o.input = Shapes::ShapeRef.new(shape: TagResourceInput)
+        o.output = Shapes::ShapeRef.new(shape: TagResourceOutput)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+      end)
+
+      api.add_operation(:untag_resource, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UntagResource"
+        o.http_method = "DELETE"
+        o.http_request_uri = "/tags/{resourceArn}"
+        o.input = Shapes::ShapeRef.new(shape: UntagResourceInput)
+        o.output = Shapes::ShapeRef.new(shape: UntagResourceOutput)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+      end)
     end
 
   end

data/lib/aws-sdk-controltower/endpoint_provider.rb

@@ -32,7 +32,7 @@ module Aws::ControlTower
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+            if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
               return Aws::Endpoints::Endpoint.new(url: "https://controltower-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"

data/lib/aws-sdk-controltower/endpoints.rb

@@ -54,6 +54,20 @@ module Aws::ControlTower
       end
     end
 
+    class GetEnabledControl
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::ControlTower::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
     class ListEnabledControls
       def self.build(context)
         unless context.config.regional_endpoint
@@ -68,5 +82,47 @@ module Aws::ControlTower
       end
     end
 
+    class ListTagsForResource
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::ControlTower::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
+    class TagResource
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::ControlTower::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
+    class UntagResource
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::ControlTower::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
   end
 end

data/lib/aws-sdk-controltower/plugins/endpoints.rb

@@ -62,8 +62,16 @@ module Aws::ControlTower
             Aws::ControlTower::Endpoints::EnableControl.build(context)
           when :get_control_operation
             Aws::ControlTower::Endpoints::GetControlOperation.build(context)
+          when :get_enabled_control
+            Aws::ControlTower::Endpoints::GetEnabledControl.build(context)
           when :list_enabled_controls
             Aws::ControlTower::Endpoints::ListEnabledControls.build(context)
+          when :list_tags_for_resource
+            Aws::ControlTower::Endpoints::ListTagsForResource.build(context)
+          when :tag_resource
+            Aws::ControlTower::Endpoints::TagResource.build(context)
+          when :untag_resource
+            Aws::ControlTower::Endpoints::UntagResource.build(context)
           end
         end
       end

data/lib/aws-sdk-controltower/types.rb

@@ -74,11 +74,21 @@ module Aws::ControlTower
     # @!attribute [rw] control_identifier
     #   The ARN of the control. Only **Strongly recommended** and
     #   **Elective** controls are permitted, with the exception of the
-    #   **Region deny** guardrail.
+    #   **Region deny** control. For information on how to find the
+    #   `controlIdentifier`, see [the overview page][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html
     #   @return [String]
     #
     # @!attribute [rw] target_identifier
-    #   The ARN of the organizational unit.
+    #   The ARN of the organizational unit. For information on how to find
+    #   the `targetIdentifier`, see [the overview page][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/DisableControlInput AWS API Documentation
@@ -103,25 +113,77 @@ module Aws::ControlTower
       include Aws::Structure
     end
 
+    # The drift summary of the enabled control.
+    #
+    # AWS Control Tower expects the enabled control configuration to include
+    # all supported and governed Regions. If the enabled control differs
+    # from the expected configuration, it is defined to be in a state of
+    # drift. You can repair this drift by resetting the enabled control.
+    #
+    # @!attribute [rw] drift_status
+    #   The drift status of the enabled control.
+    #
+    #   Valid values:
+    #
+    #   * `DRIFTED`: The `enabledControl` deployed in this configuration
+    #     doesn’t match the configuration that AWS Control Tower expected.
+    #
+    #   * `IN_SYNC`: The `enabledControl` deployed in this configuration
+    #     matches the configuration that AWS Control Tower expected.
+    #
+    #   * `NOT_CHECKING`: AWS Control Tower does not check drift for this
+    #     enabled control. Drift is not supported for the control type.
+    #
+    #   * `UNKNOWN`: AWS Control Tower is not able to check the drift status
+    #     for the enabled control.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/DriftStatusSummary AWS API Documentation
+    #
+    class DriftStatusSummary < Struct.new(
+      :drift_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] control_identifier
     #   The ARN of the control. Only **Strongly recommended** and
     #   **Elective** controls are permitted, with the exception of the
-    #   **Region deny** guardrail.
+    #   **Region deny** control. For information on how to find the
+    #   `controlIdentifier`, see [the overview page][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   Tags to be applied to the `EnabledControl` resource.
+    #   @return [Hash<String,String>]
+    #
     # @!attribute [rw] target_identifier
-    #   The ARN of the organizational unit.
+    #   The ARN of the organizational unit. For information on how to find
+    #   the `targetIdentifier`, see [the overview page][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/EnableControlInput AWS API Documentation
     #
     class EnableControlInput < Struct.new(
       :control_identifier,
+      :tags,
       :target_identifier)
       SENSITIVE = []
       include Aws::Structure
     end
 
+    # @!attribute [rw] arn
+    #   The ARN of the `EnabledControl` resource.
+    #   @return [String]
+    #
     # @!attribute [rw] operation_identifier
     #   The ID of the asynchronous operation, which is used to track status.
     #   The operation is available for 90 days.
@@ -130,23 +192,119 @@ module Aws::ControlTower
     # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/EnableControlOutput AWS API Documentation
     #
     class EnableControlOutput < Struct.new(
+      :arn,
       :operation_identifier)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # A summary of enabled controls.
+    # Information about the enabled control.
+    #
+    # @!attribute [rw] arn
+    #   The ARN of the enabled control.
+    #   @return [String]
     #
     # @!attribute [rw] control_identifier
-    #   The ARN of the control. Only **Strongly recommended** and
-    #   **Elective** controls are permitted, with the exception of the
-    #   **Region deny** guardrail.
+    #   The control identifier of the enabled control. For information on
+    #   how to find the `controlIdentifier`, see [the overview page][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html
+    #   @return [String]
+    #
+    # @!attribute [rw] drift_status_summary
+    #   The drift status of the enabled control.
+    #   @return [Types::DriftStatusSummary]
+    #
+    # @!attribute [rw] status_summary
+    #   The deployment summary of the enabled control.
+    #   @return [Types::EnablementStatusSummary]
+    #
+    # @!attribute [rw] target_identifier
+    #   The ARN of the organizational unit. For information on how to find
+    #   the `targetIdentifier`, see [the overview page][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html
+    #   @return [String]
+    #
+    # @!attribute [rw] target_regions
+    #   Target AWS Regions for the enabled control.
+    #   @return [Array<Types::Region>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/EnabledControlDetails AWS API Documentation
+    #
+    class EnabledControlDetails < Struct.new(
+      :arn,
+      :control_identifier,
+      :drift_status_summary,
+      :status_summary,
+      :target_identifier,
+      :target_regions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Returns a summary of information about an enabled control.
+    #
+    # @!attribute [rw] arn
+    #   The ARN of the enabled control.
+    #   @return [String]
+    #
+    # @!attribute [rw] control_identifier
+    #   The `controlIdentifier` of the enabled control.
+    #   @return [String]
+    #
+    # @!attribute [rw] drift_status_summary
+    #   The drift status of the enabled control.
+    #   @return [Types::DriftStatusSummary]
+    #
+    # @!attribute [rw] status_summary
+    #   A short description of the status of the enabled control.
+    #   @return [Types::EnablementStatusSummary]
+    #
+    # @!attribute [rw] target_identifier
+    #   The ARN of the organizational unit.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/EnabledControlSummary AWS API Documentation
     #
     class EnabledControlSummary < Struct.new(
-      :control_identifier)
+      :arn,
+      :control_identifier,
+      :drift_status_summary,
+      :status_summary,
+      :target_identifier)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The deployment summary of the enabled control.
+    #
+    # @!attribute [rw] last_operation_identifier
+    #   The last operation identifier for the enabled control.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The deployment status of the enabled control.
+    #
+    #   Valid values:
+    #
+    #   * `SUCCEEDED`: The `enabledControl` configuration was deployed
+    #     successfully.
+    #
+    #   * `UNDER_CHANGE`: The `enabledControl` configuration is changing.
+    #
+    #   * `FAILED`: The `enabledControl` configuration failed to deploy.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/EnablementStatusSummary AWS API Documentation
+    #
+    class EnablementStatusSummary < Struct.new(
+      :last_operation_identifier,
+      :status)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -165,6 +323,7 @@ module Aws::ControlTower
     end
 
     # @!attribute [rw] control_operation
+    #   An operation performed by the control.
     #   @return [Types::ControlOperation]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/GetControlOperationOutput AWS API Documentation
@@ -175,6 +334,30 @@ module Aws::ControlTower
       include Aws::Structure
     end
 
+    # @!attribute [rw] enabled_control_identifier
+    #   The `controlIdentifier` of the enabled control.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/GetEnabledControlInput AWS API Documentation
+    #
+    class GetEnabledControlInput < Struct.new(
+      :enabled_control_identifier)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] enabled_control_details
+    #   Information about the enabled control.
+    #   @return [Types::EnabledControlDetails]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/GetEnabledControlOutput AWS API Documentation
+    #
+    class GetEnabledControlOutput < Struct.new(
+      :enabled_control_details)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Unexpected error during processing of request.
     #
     # @!attribute [rw] message
@@ -198,7 +381,12 @@ module Aws::ControlTower
     #   @return [String]
     #
     # @!attribute [rw] target_identifier
-    #   The ARN of the organizational unit.
+    #   The ARN of the organizational unit. For information on how to find
+    #   the `targetIdentifier`, see [the overview page][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/controltower/latest/APIReference/Welcome.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/ListEnabledControlsInput AWS API Documentation
@@ -230,6 +418,54 @@ module Aws::ControlTower
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_arn
+    #   The ARN of the resource.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/ListTagsForResourceInput AWS API Documentation
+    #
+    class ListTagsForResourceInput < Struct.new(
+      :resource_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] tags
+    #   A list of tags, as `key:value` strings.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/ListTagsForResourceOutput AWS API Documentation
+    #
+    class ListTagsForResourceOutput < Struct.new(
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An AWS Region in which AWS Control Tower expects to find the control
+    # deployed.
+    #
+    # The expected Regions are based on the Regions that are governed by the
+    # landing zone. In certain cases, a control is not actually enabled in
+    # the Region as expected, such as during drift, or [mixed
+    # governance][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/controltower/latest/userguide/region-how.html#mixed-governance
+    #
+    # @!attribute [rw] name
+    #   The AWS Region name.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/Region AWS API Documentation
+    #
+    class Region < Struct.new(
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Request references a resource which does not exist.
     #
     # @!attribute [rw] message
@@ -257,6 +493,27 @@ module Aws::ControlTower
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_arn
+    #   The ARN of the resource to be tagged.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   Tags to be applied to the resource.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/TagResourceInput AWS API Documentation
+    #
+    class TagResourceInput < Struct.new(
+      :resource_arn,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/TagResourceOutput AWS API Documentation
+    #
+    class TagResourceOutput < Aws::EmptyStructure; end
+
     # Request was denied due to request throttling.
     #
     # @!attribute [rw] message
@@ -285,6 +542,27 @@ module Aws::ControlTower
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_arn
+    #   The ARN of the resource.
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_keys
+    #   Tag keys to be removed from the resource.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/UntagResourceInput AWS API Documentation
+    #
+    class UntagResourceInput < Struct.new(
+      :resource_arn,
+      :tag_keys)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/controltower-2018-05-10/UntagResourceOutput AWS API Documentation
+    #
+    class UntagResourceOutput < Aws::EmptyStructure; end
+
     # The input fails to satisfy the constraints specified by an AWS
     # service.
     #

data/lib/aws-sdk-controltower.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-controltower/customizations'
 # @!group service
 module Aws::ControlTower
 
-  GEM_VERSION = '1.9.0'
+  GEM_VERSION = '1.11.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-controltower
 version: !ruby/object:Gem::Version
-  version: 1.9.0
+  version: 1.11.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-09-27 00:00:00.000000000 Z
+date: 2023-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core