@aws-sdk/client-controlcatalog 3.686.0 → 3.688.0

package/dist-cjs/protocols/Aws_restJson1.js

@@ -94,7 +94,9 @@ const de_GetControlCommand = async (output, context) => {
         Arn: smithy_client_1.expectString,
         Behavior: smithy_client_1.expectString,
         Description: smithy_client_1.expectString,
+        Implementation: smithy_client_1._json,
         Name: smithy_client_1.expectString,
+        Parameters: smithy_client_1._json,
         RegionConfiguration: smithy_client_1._json,
     });
     Object.assign(contents, doc);

package/dist-es/protocols/Aws_restJson1.js

@@ -86,7 +86,9 @@ export const de_GetControlCommand = async (output, context) => {
         Arn: __expectString,
         Behavior: __expectString,
         Description: __expectString,
+        Implementation: _json,
         Name: __expectString,
+        Parameters: _json,
         RegionConfiguration: _json,
     });
     Object.assign(contents, doc);

package/dist-types/commands/GetControlCommand.d.ts

@@ -51,6 +51,14 @@ declare const GetControlCommand_base: {
  * //       "STRING_VALUE",
  * //     ],
  * //   },
+ * //   Implementation: { // ImplementationDetails
+ * //     Type: "STRING_VALUE", // required
+ * //   },
+ * //   Parameters: [ // ControlParameters
+ * //     { // ControlParameter
+ * //       Name: "STRING_VALUE", // required
+ * //     },
+ * //   ],
  * // };
  *
  * ```

package/dist-types/models/models_0.d.ts

@@ -229,6 +229,92 @@ export interface GetControlRequest {
      */
     ControlArn: string | undefined;
 }
+/**
+ * <p>An object that describes the implementation type for a control.</p>
+ *          <p>Our <code>ImplementationDetails</code>
+ *             <code>Type</code> format has three required segments:</p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <code>SERVICE-PROVIDER::SERVICE-NAME::RESOURCE-NAME</code>
+ *                </p>
+ *             </li>
+ *          </ul>
+ *          <p>For example, <code>AWS::Config::ConfigRule</code>
+ *             <b>or</b>
+ *             <code>AWS::SecurityHub::SecurityControl</code> resources have the format with three required segments.</p>
+ *          <p>Our <code>ImplementationDetails</code>
+ *             <code>Type</code> format has an optional fourth segment, which is present for applicable
+ *       implementation types. The format is as follows: </p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <code>SERVICE-PROVIDER::SERVICE-NAME::RESOURCE-NAME::RESOURCE-TYPE-DESCRIPTION</code>
+ *                </p>
+ *             </li>
+ *          </ul>
+ *          <p>For example, <code>AWS::Organizations::Policy::SERVICE_CONTROL_POLICY</code>
+ *             <b>or</b>
+ *             <code>AWS::CloudFormation::Type::HOOK</code> have the format with four segments.</p>
+ *          <p>Although the format is similar, the values for the <code>Type</code> field do not match any Amazon Web Services CloudFormation values, and we do not use CloudFormation to implement these controls.</p>
+ * @public
+ */
+export interface ImplementationDetails {
+    /**
+     * <p>A string that describes a control's implementation type.</p>
+     * @public
+     */
+    Type: string | undefined;
+}
+/**
+ * <p>Four types of control parameters are supported.</p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <b>AllowedRegions</b>: List of Amazon Web Services Regions exempted from the
+ *           control. Each string is expected to be an Amazon Web Services Region code. This parameter is mandatory for the <b>OU Region deny</b> control, <b>CT.MULTISERVICE.PV.1</b>.</p>
+ *                <p>Example: <code>["us-east-1","us-west-2"]</code>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <b>ExemptedActions</b>: List of Amazon Web Services IAM actions exempted
+ *           from the control. Each string is expected to be an IAM action.</p>
+ *                <p>Example:
+ *           <code>["logs:DescribeLogGroups","logs:StartQuery","logs:GetQueryResults"]</code>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <b>ExemptedPrincipalArns</b>: List of Amazon Web Services IAM principal ARNs
+ *           exempted from the control. Each string is expected to be an IAM principal that follows
+ *           the pattern <code>^arn:(aws|aws-us-gov):(iam|sts)::.+:.+$</code>
+ *                </p>
+ *                <p>Example:
+ *           <code>["arn:aws:iam::*:role/ReadOnly","arn:aws:sts::*:assumed-role/ReadOnly/*"]</code>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <b>ExemptedResourceArns</b>: List of resource ARNs exempted
+ *           from the control. Each string is expected to be a resource ARN.</p>
+ *                <p>Example: <code>["arn:aws:s3:::my-bucket-name"]</code>
+ *                </p>
+ *             </li>
+ *          </ul>
+ * @public
+ */
+export interface ControlParameter {
+    /**
+     * <p>The parameter name. This name is the parameter <code>key</code> when you call <a href="https://docs.aws.amazon.com/controltower/latest/APIReference/API_EnableControl.html">
+     *                <code>EnableControl</code>
+     *             </a> or <a href="https://docs.aws.amazon.com/controltower/latest/APIReference/API_UpdateEnabledControl.html">
+     *                <code>UpdateEnabledControl</code>
+     *             </a>.</p>
+     * @public
+     */
+    Name: string | undefined;
+}
 /**
  * @public
  * @enum
@@ -242,7 +328,7 @@ export declare const ControlScope: {
  */
 export type ControlScope = (typeof ControlScope)[keyof typeof ControlScope];
 /**
- * <p>Returns information about the control, including the scope of the control, if enabled, and the Regions in which the control currently is available for deployment.</p>
+ * <p>Returns information about the control, including the scope of the control, if enabled, and the Regions in which the control currently is available for deployment. For more information about scope, see <a href="https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html">Global services</a>.</p>
  *          <p>If you are applying controls through an Amazon Web Services Control Tower landing zone environment, remember that the values returned in the <code>RegionConfiguration</code> API operation are not related to the governed Regions in your landing zone. For example, if you are governing Regions <code>A</code>,<code>B</code>,and <code>C</code> while the control is available in Regions <code>A</code>, <code>B</code>, C<code>,</code> and <code>D</code>, you'd see a response with <code>DeployableRegions</code> of <code>A</code>, <code>B</code>, <code>C</code>, and <code>D</code> for a control with <code>REGIONAL</code> scope, even though you may not intend to deploy the control in Region <code>D</code>, because you do not govern it through your landing zone.</p>
  * @public
  */
@@ -278,17 +364,28 @@ export interface GetControlResponse {
      */
     Description: string | undefined;
     /**
-     * <p>A term that identifies the control's functional behavior. One of <code>Preventive</code>, <code>Deteictive</code>, <code>Proactive</code>
+     * <p>A term that identifies the control's functional behavior. One of <code>Preventive</code>, <code>Detective</code>, <code>Proactive</code>
      *          </p>
      * @public
      */
     Behavior: ControlBehavior | undefined;
     /**
-     * <p>Returns information about the control, including the scope of the control, if enabled, and the Regions in which the control currently is available for deployment.</p>
+     * <p>Returns information about the control, including the scope of the control, if enabled, and the Regions in which the control currently is available for deployment. For more information about scope, see <a href="https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html">Global services</a>.</p>
      *          <p>If you are applying controls through an Amazon Web Services Control Tower landing zone environment, remember that the values returned in the <code>RegionConfiguration</code> API operation are not related to the governed Regions in your landing zone. For example, if you are governing Regions <code>A</code>,<code>B</code>,and <code>C</code> while the control is available in Regions <code>A</code>, <code>B</code>, C<code>,</code> and <code>D</code>, you'd see a response with <code>DeployableRegions</code> of <code>A</code>, <code>B</code>, <code>C</code>, and <code>D</code> for a control with <code>REGIONAL</code> scope, even though you may not intend to deploy the control in Region <code>D</code>, because you do not govern it through your landing zone.</p>
      * @public
      */
     RegionConfiguration: RegionConfiguration | undefined;
+    /**
+     * <p>Returns information about the control, as an <code>ImplementationDetails</code> object that shows the underlying implementation type for a control.</p>
+     * @public
+     */
+    Implementation?: ImplementationDetails;
+    /**
+     * <p>Returns an array of <code>ControlParameter</code> objects that specify the parameters a control supports. An empty list is returned for controls that don’t support parameters.
+     *     </p>
+     * @public
+     */
+    Parameters?: ControlParameter[];
 }
 /**
  * <p>The requested resource does not exist.</p>

package/dist-types/ts3.4/models/models_0.d.ts

@@ -78,6 +78,12 @@ export type ControlBehavior =
 export interface GetControlRequest {
   ControlArn: string | undefined;
 }
+export interface ImplementationDetails {
+  Type: string | undefined;
+}
+export interface ControlParameter {
+  Name: string | undefined;
+}
 export declare const ControlScope: {
   readonly GLOBAL: "GLOBAL";
   readonly REGIONAL: "REGIONAL";
@@ -93,6 +99,8 @@ export interface GetControlResponse {
   Description: string | undefined;
   Behavior: ControlBehavior | undefined;
   RegionConfiguration: RegionConfiguration | undefined;
+  Implementation?: ImplementationDetails;
+  Parameters?: ControlParameter[];
 }
 export declare class ResourceNotFoundException extends __BaseException {
   readonly name: "ResourceNotFoundException";

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-controlcatalog",
   "description": "AWS SDK for JavaScript Controlcatalog Client for Node.js, Browser and React Native",
-  "version": "3.686.0",
+  "version": "3.688.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "tsc -p tsconfig.cjs.json",
@@ -20,19 +20,19 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/client-sso-oidc": "3.686.0",
-    "@aws-sdk/client-sts": "3.686.0",
+    "@aws-sdk/client-sso-oidc": "3.687.0",
+    "@aws-sdk/client-sts": "3.687.0",
     "@aws-sdk/core": "3.686.0",
-    "@aws-sdk/credential-provider-node": "3.686.0",
+    "@aws-sdk/credential-provider-node": "3.687.0",
     "@aws-sdk/middleware-host-header": "3.686.0",
     "@aws-sdk/middleware-logger": "3.686.0",
     "@aws-sdk/middleware-recursion-detection": "3.686.0",
-    "@aws-sdk/middleware-user-agent": "3.686.0",
+    "@aws-sdk/middleware-user-agent": "3.687.0",
     "@aws-sdk/region-config-resolver": "3.686.0",
     "@aws-sdk/types": "3.686.0",
     "@aws-sdk/util-endpoints": "3.686.0",
     "@aws-sdk/util-user-agent-browser": "3.686.0",
-    "@aws-sdk/util-user-agent-node": "3.686.0",
+    "@aws-sdk/util-user-agent-node": "3.687.0",
     "@smithy/config-resolver": "^3.0.10",
     "@smithy/core": "^2.5.1",
     "@smithy/fetch-http-handler": "^4.0.0",