@aws-sdk/client-controlcatalog 3.825.0 → 3.828.0

package/dist-types/models/models_0.d.ts

@@ -62,13 +62,22 @@ export interface ObjectiveResourceFilter {
  */
 export interface CommonControlFilter {
     /**
-     * <p>The objective that's used as filter criteria.</p>
-     *          <p>You can use this parameter to specify one objective ARN at a time. Passing multiple ARNs
-     *       in the <code>CommonControlFilter</code> isn’t currently supported.</p>
+     * <p>The objective that's used as filter criteria.</p> <p>You can use this parameter to specify one objective ARN at a time. Passing multiple ARNs in the <code>CommonControlFilter</code> isn’t supported.</p>
      * @public
      */
     Objectives?: ObjectiveResourceFilter[] | undefined;
 }
+/**
+ * <p>A structure that contains details about a common control mapping. In particular, it returns the Amazon Resource Name (ARN) of the common control.</p>
+ * @public
+ */
+export interface CommonControlMappingDetails {
+    /**
+     * <p>The Amazon Resource Name (ARN) that identifies the common control in the mapping.</p>
+     * @public
+     */
+    CommonControlArn: string | undefined;
+}
 /**
  * <p>An internal service error occurred during the processing of your request. Try again later.</p>
  * @public
@@ -98,9 +107,7 @@ export interface ListCommonControlsRequest {
      */
     NextToken?: string | undefined;
     /**
-     * <p>An optional filter that narrows the results to a specific objective.</p>
-     *          <p>This filter allows you to specify one objective ARN at a time. Passing multiple ARNs in
-     *       the <code>CommonControlFilter</code> isn’t currently supported.</p>
+     * <p>An optional filter that narrows the results to a specific objective.</p> <p>This filter allows you to specify one objective ARN at a time. Passing multiple ARNs in the <code>CommonControlFilter</code> isn’t supported.</p>
      * @public
      */
     CommonControlFilter?: CommonControlFilter | undefined;
@@ -208,55 +215,13 @@ export type ControlBehavior = (typeof ControlBehavior)[keyof typeof ControlBehav
  */
 export interface GetControlRequest {
     /**
-     * <p>The Amazon Resource Name (ARN) of the control. It has one of the following formats:</p>
-     *          <p>
-     *             <i>Global format</i>
-     *          </p>
-     *          <p>
-     *             <code>arn:\{PARTITION\}:controlcatalog:::control/\{CONTROL_CATALOG_OPAQUE_ID\}</code>
-     *          </p>
-     *          <p>
-     *             <i>Or Regional format</i>
-     *          </p>
-     *          <p>
-     *             <code>arn:\{PARTITION\}:controltower:\{REGION\}::control/\{CONTROL_TOWER_OPAQUE_ID\}</code>
-     *          </p>
-     *          <p>Here is a more general pattern that covers Amazon Web Services Control Tower and Control Catalog ARNs:</p>
-     *          <p>
-     *             <code>^arn:(aws(?:[-a-z]*)?):(controlcatalog|controltower):[a-zA-Z0-9-]*::control/[0-9a-zA-Z_\\-]+$</code>
-     *          </p>
+     * <p>The Amazon Resource Name (ARN) of the control. It has one of the following formats:</p> <p> <i>Global format</i> </p> <p> <code>arn:\{PARTITION\}:controlcatalog:::control/\{CONTROL_CATALOG_OPAQUE_ID\}</code> </p> <p> <i>Or Regional format</i> </p> <p> <code>arn:\{PARTITION\}:controltower:\{REGION\}::control/\{CONTROL_TOWER_OPAQUE_ID\}</code> </p> <p>Here is a more general pattern that covers Amazon Web Services Control Tower and Control Catalog ARNs:</p> <p> <code>^arn:(aws(?:[-a-z]*)?):(controlcatalog|controltower):[a-zA-Z0-9-]*::control/[0-9a-zA-Z_\\-]+$</code> </p>
      * @public
      */
     ControlArn: string | undefined;
 }
 /**
- * <p>An object that describes the implementation type for a control.</p>
- *          <p>Our <code>ImplementationDetails</code>
- *             <code>Type</code> format has three required segments:</p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <code>SERVICE-PROVIDER::SERVICE-NAME::RESOURCE-NAME</code>
- *                </p>
- *             </li>
- *          </ul>
- *          <p>For example, <code>AWS::Config::ConfigRule</code>
- *             <b>or</b>
- *             <code>AWS::SecurityHub::SecurityControl</code> resources have the format with three required segments.</p>
- *          <p>Our <code>ImplementationDetails</code>
- *             <code>Type</code> format has an optional fourth segment, which is present for applicable
- *       implementation types. The format is as follows: </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <code>SERVICE-PROVIDER::SERVICE-NAME::RESOURCE-NAME::RESOURCE-TYPE-DESCRIPTION</code>
- *                </p>
- *             </li>
- *          </ul>
- *          <p>For example, <code>AWS::Organizations::Policy::SERVICE_CONTROL_POLICY</code>
- *             <b>or</b>
- *             <code>AWS::CloudFormation::Type::HOOK</code> have the format with four segments.</p>
- *          <p>Although the format is similar, the values for the <code>Type</code> field do not match any Amazon Web Services CloudFormation values.</p>
+ * <p>An object that describes the implementation type for a control.</p> <p>Our <code>ImplementationDetails</code> <code>Type</code> format has three required segments:</p> <ul> <li> <p> <code>SERVICE-PROVIDER::SERVICE-NAME::RESOURCE-NAME</code> </p> </li> </ul> <p>For example, <code>AWS::Config::ConfigRule</code> <b>or</b> <code>AWS::SecurityHub::SecurityControl</code> resources have the format with three required segments.</p> <p>Our <code>ImplementationDetails</code> <code>Type</code> format has an optional fourth segment, which is present for applicable implementation types. The format is as follows: </p> <ul> <li> <p> <code>SERVICE-PROVIDER::SERVICE-NAME::RESOURCE-NAME::RESOURCE-TYPE-DESCRIPTION</code> </p> </li> </ul> <p>For example, <code>AWS::Organizations::Policy::SERVICE_CONTROL_POLICY</code> <b>or</b> <code>AWS::CloudFormation::Type::HOOK</code> have the format with four segments.</p> <p>Although the format is similar, the values for the <code>Type</code> field do not match any Amazon Web Services CloudFormation values.</p>
  * @public
  */
 export interface ImplementationDetails {
@@ -272,77 +237,12 @@ export interface ImplementationDetails {
     Identifier?: string | undefined;
 }
 /**
- * <p>Five types of control parameters are supported.</p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <b>AllowedRegions</b>: List of Amazon Web Services Regions exempted from the
- *           control. Each string is expected to be an Amazon Web Services Region code. This parameter is mandatory for the <b>OU Region deny</b> control, <b>CT.MULTISERVICE.PV.1</b>.</p>
- *                <p>Example: <code>["us-east-1","us-west-2"]</code>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>ExemptedActions</b>: List of Amazon Web Services IAM actions exempted
- *           from the control. Each string is expected to be an IAM action.</p>
- *                <p>Example:
- *           <code>["logs:DescribeLogGroups","logs:StartQuery","logs:GetQueryResults"]</code>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>ExemptedPrincipalArns</b>: List of Amazon Web Services IAM principal ARNs
- *           exempted from the control. Each string is expected to be an IAM principal that follows
- *           the pattern <code>^arn:(aws|aws-us-gov):(iam|sts)::.+:.+$</code>
- *                </p>
- *                <p>Example:
- *           <code>["arn:aws:iam::*:role/ReadOnly","arn:aws:sts::*:assumed-role/ReadOnly/*"]</code>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>ExemptedResourceArns</b>: List of resource ARNs exempted
- *           from the control. Each string is expected to be a resource ARN.</p>
- *                <p>Example: <code>["arn:aws:s3:::my-bucket-name"]</code>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>ExemptAssumeRoot</b>: A parameter that lets you choose
- *           whether to exempt requests made with <code>AssumeRoot</code> from this control, for this
- *           OU. For member accounts, the <code>AssumeRoot</code> property is included in requests
- *           initiated by IAM centralized root access. This parameter applies only to the
- *             <code>AWS-GR_RESTRICT_ROOT_USER</code> control. If you add the parameter when enabling
- *           the control, the <code>AssumeRoot</code> exemption is allowed. If you omit the parameter,
- *           the <code>AssumeRoot</code> exception is not permitted. The parameter does not accept
- *             <code>False</code> as a value.</p>
- *                <p>
- *                   <i>Example: Enabling the control and allowing <code>AssumeRoot</code>
- *                   </i>
- *                </p>
- *                <p>
- *                   <code>\{
- *           "controlIdentifier": "arn:aws:controlcatalog:::control/5kvme4m5d2b4d7if2fs5yg2ui",
- *           "parameters": [
- *             \{
- *               "key": "ExemptAssumeRoot",
- *               "value": true
- *             \}
- *           ],
- *           "targetIdentifier": "arn:aws:organizations::8633900XXXXX:ou/o-6jmn81636m/ou-qsah-jtiihcla"
- *           \}</code>
- *                </p>
- *             </li>
- *          </ul>
+ * <p>Five types of control parameters are supported.</p> <ul> <li> <p> <b>AllowedRegions</b>: List of Amazon Web Services Regions exempted from the control. Each string is expected to be an Amazon Web Services Region code. This parameter is mandatory for the <b>OU Region deny</b> control, <b>CT.MULTISERVICE.PV.1</b>.</p> <p>Example: <code>["us-east-1","us-west-2"]</code> </p> </li> <li> <p> <b>ExemptedActions</b>: List of Amazon Web Services IAM actions exempted from the control. Each string is expected to be an IAM action.</p> <p>Example: <code>["logs:DescribeLogGroups","logs:StartQuery","logs:GetQueryResults"]</code> </p> </li> <li> <p> <b>ExemptedPrincipalArns</b>: List of Amazon Web Services IAM principal ARNs exempted from the control. Each string is expected to be an IAM principal that follows the pattern <code>^arn:(aws|aws-us-gov):(iam|sts)::.+:.+$</code> </p> <p>Example: <code>["arn:aws:iam::*:role/ReadOnly","arn:aws:sts::*:assumed-role/ReadOnly/*"]</code> </p> </li> <li> <p> <b>ExemptedResourceArns</b>: List of resource ARNs exempted from the control. Each string is expected to be a resource ARN.</p> <p>Example: <code>["arn:aws:s3:::my-bucket-name"]</code> </p> </li> <li> <p> <b>ExemptAssumeRoot</b>: A parameter that lets you choose whether to exempt requests made with <code>AssumeRoot</code> from this control, for this OU. For member accounts, the <code>AssumeRoot</code> property is included in requests initiated by IAM centralized root access. This parameter applies only to the <code>AWS-GR_RESTRICT_ROOT_USER</code> control. If you add the parameter when enabling the control, the <code>AssumeRoot</code> exemption is allowed. If you omit the parameter, the <code>AssumeRoot</code> exception is not permitted. The parameter does not accept <code>False</code> as a value.</p> <p> <i>Example: Enabling the control and allowing <code>AssumeRoot</code> </i> </p> <p> <code>\{ "controlIdentifier": "arn:aws:controlcatalog:::control/5kvme4m5d2b4d7if2fs5yg2ui", "parameters": [ \{ "key": "ExemptAssumeRoot", "value": true \} ], "targetIdentifier": "arn:aws:organizations::8633900XXXXX:ou/o-6jmn81636m/ou-qsah-jtiihcla" \}</code> </p> </li> </ul>
  * @public
  */
 export interface ControlParameter {
     /**
-     * <p>The parameter name. This name is the parameter <code>key</code> when you call <a href="https://docs.aws.amazon.com/controltower/latest/APIReference/API_EnableControl.html">
-     *                <code>EnableControl</code>
-     *             </a> or <a href="https://docs.aws.amazon.com/controltower/latest/APIReference/API_UpdateEnabledControl.html">
-     *                <code>UpdateEnabledControl</code>
-     *             </a>.</p>
+     * <p>The parameter name. This name is the parameter <code>key</code> when you call <a href="https://docs.aws.amazon.com/controltower/latest/APIReference/API_EnableControl.html"> <code>EnableControl</code> </a> or <a href="https://docs.aws.amazon.com/controltower/latest/APIReference/API_UpdateEnabledControl.html"> <code>UpdateEnabledControl</code> </a>.</p>
      * @public
      */
     Name: string | undefined;
@@ -360,13 +260,12 @@ export declare const ControlScope: {
  */
 export type ControlScope = (typeof ControlScope)[keyof typeof ControlScope];
 /**
- * <p>Returns information about the control, including the scope of the control, if enabled, and the Regions in which the control currently is available for deployment. For more information about scope, see <a href="https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html">Global services</a>.</p>
- *          <p>If you are applying controls through an Amazon Web Services Control Tower landing zone environment, remember that the values returned in the <code>RegionConfiguration</code> API operation are not related to the governed Regions in your landing zone. For example, if you are governing Regions <code>A</code>,<code>B</code>,and <code>C</code> while the control is available in Regions <code>A</code>, <code>B</code>, C<code>,</code> and <code>D</code>, you'd see a response with <code>DeployableRegions</code> of <code>A</code>, <code>B</code>, <code>C</code>, and <code>D</code> for a control with <code>REGIONAL</code> scope, even though you may not intend to deploy the control in Region <code>D</code>, because you do not govern it through your landing zone.</p>
+ * <p>Returns information about the control, including the scope of the control, if enabled, and the Regions in which the control is available for deployment. For more information about scope, see <a href="https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html">Global services</a>.</p> <p>If you are applying controls through an Amazon Web Services Control Tower landing zone environment, remember that the values returned in the <code>RegionConfiguration</code> API operation are not related to the governed Regions in your landing zone. For example, if you are governing Regions <code>A</code>,<code>B</code>,and <code>C</code> while the control is available in Regions <code>A</code>, <code>B</code>, C<code>,</code> and <code>D</code>, you'd see a response with <code>DeployableRegions</code> of <code>A</code>, <code>B</code>, <code>C</code>, and <code>D</code> for a control with <code>REGIONAL</code> scope, even though you may not intend to deploy the control in Region <code>D</code>, because you do not govern it through your landing zone.</p>
  * @public
  */
 export interface RegionConfiguration {
     /**
-     * <p>The coverage of the control, if deployed. Scope is an enumerated type, with value <code>Regional</code>, or <code>Global</code>. A control with Global scope is effective in all Amazon Web Services Regions, regardless of the Region from which it is enabled, or to which it is deployed. A control implemented by an SCP is usually Global in scope. A control with Regional scope has operations that are restricted specifically to the Region from which it is enabled and to which it is deployed. Controls implemented by Config rules and CloudFormation hooks usually are Regional in scope.  Security Hub controls usually are Regional in scope.</p>
+     * <p>The coverage of the control, if deployed. Scope is an enumerated type, with value <code>Regional</code>, or <code>Global</code>. A control with Global scope is effective in all Amazon Web Services Regions, regardless of the Region from which it is enabled, or to which it is deployed. A control implemented by an SCP is usually Global in scope. A control with Regional scope has operations that are restricted specifically to the Region from which it is enabled and to which it is deployed. Controls implemented by Config rules and CloudFormation hooks usually are Regional in scope. Security Hub controls usually are Regional in scope.</p>
      * @public
      */
     Scope: ControlScope | undefined;
@@ -399,6 +298,11 @@ export interface GetControlResponse {
      * @public
      */
     Arn: string | undefined;
+    /**
+     * <p>A list of alternative identifiers for the control. These are human-readable designators, such as <code>SH.S3.1</code>. Several aliases can refer to the same control across different Amazon Web Services services or compliance frameworks.</p>
+     * @public
+     */
+    Aliases?: string[] | undefined;
     /**
      * <p>The display name of the control.</p>
      * @public
@@ -410,8 +314,7 @@ export interface GetControlResponse {
      */
     Description: string | undefined;
     /**
-     * <p>A term that identifies the control's functional behavior. One of <code>Preventive</code>, <code>Detective</code>, <code>Proactive</code>
-     *          </p>
+     * <p>A term that identifies the control's functional behavior. One of <code>Preventive</code>, <code>Detective</code>, <code>Proactive</code> </p>
      * @public
      */
     Behavior: ControlBehavior | undefined;
@@ -421,8 +324,7 @@ export interface GetControlResponse {
      */
     Severity?: ControlSeverity | undefined;
     /**
-     * <p>Returns information about the control, including the scope of the control, if enabled, and the Regions in which the control currently is available for deployment. For more information about scope, see <a href="https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html">Global services</a>.</p>
-     *          <p>If you are applying controls through an Amazon Web Services Control Tower landing zone environment, remember that the values returned in the <code>RegionConfiguration</code> API operation are not related to the governed Regions in your landing zone. For example, if you are governing Regions <code>A</code>,<code>B</code>,and <code>C</code> while the control is available in Regions <code>A</code>, <code>B</code>, C<code>,</code> and <code>D</code>, you'd see a response with <code>DeployableRegions</code> of <code>A</code>, <code>B</code>, <code>C</code>, and <code>D</code> for a control with <code>REGIONAL</code> scope, even though you may not intend to deploy the control in Region <code>D</code>, because you do not govern it through your landing zone.</p>
+     * <p>Returns information about the control, including the scope of the control, if enabled, and the Regions in which the control is available for deployment. For more information about scope, see <a href="https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html">Global services</a>.</p> <p>If you are applying controls through an Amazon Web Services Control Tower landing zone environment, remember that the values returned in the <code>RegionConfiguration</code> API operation are not related to the governed Regions in your landing zone. For example, if you are governing Regions <code>A</code>,<code>B</code>,and <code>C</code> while the control is available in Regions <code>A</code>, <code>B</code>, C<code>,</code> and <code>D</code>, you'd see a response with <code>DeployableRegions</code> of <code>A</code>, <code>B</code>, <code>C</code>, and <code>D</code> for a control with <code>REGIONAL</code> scope, even though you may not intend to deploy the control in Region <code>D</code>, because you do not govern it through your landing zone.</p>
      * @public
      */
     RegionConfiguration: RegionConfiguration | undefined;
@@ -432,8 +334,7 @@ export interface GetControlResponse {
      */
     Implementation?: ImplementationDetails | undefined;
     /**
-     * <p>Returns an array of <code>ControlParameter</code> objects that specify the parameters a control supports. An empty list is returned for controls that don’t support parameters.
-     *     </p>
+     * <p>Returns an array of <code>ControlParameter</code> objects that specify the parameters a control supports. An empty list is returned for controls that don’t support parameters. </p>
      * @public
      */
     Parameters?: ControlParameter[] | undefined;
@@ -442,6 +343,11 @@ export interface GetControlResponse {
      * @public
      */
     CreateTime?: Date | undefined;
+    /**
+     * <p>A list of Amazon Web Services resource types that are governed by this control. This information helps you understand which controls can govern certain types of resources, and conversely, which resources are affected when the control is implemented. The resources are represented as Amazon Web Services CloudFormation resource types. If <code>GovernedResources</code> cannot be represented by available CloudFormation resource types, it’s returned as an empty list.</p>
+     * @public
+     */
+    GovernedResources?: string[] | undefined;
 }
 /**
  * <p>The requested resource does not exist.</p>
@@ -456,6 +362,33 @@ export declare class ResourceNotFoundException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<ResourceNotFoundException, __BaseException>);
 }
+/**
+ * <p>A structure that defines filtering criteria for control implementations. You can use this filter to find controls that are implemented by specific Amazon Web Services services or with specific service identifiers.</p>
+ * @public
+ */
+export interface ImplementationFilter {
+    /**
+     * <p>A list of implementation types that can serve as filters. For example, you can filter for controls implemented as Amazon Web Services Config Rules by specifying AWS::Config::ConfigRule as a type.</p>
+     * @public
+     */
+    Types?: string[] | undefined;
+    /**
+     * <p>A list of service-specific identifiers that can serve as filters. For example, you can filter for controls with specific Amazon Web Services Config Rule IDs or Security Hub Control IDs.</p>
+     * @public
+     */
+    Identifiers?: string[] | undefined;
+}
+/**
+ * <p>A structure that defines filtering criteria for the ListControls operation. You can use this filter to narrow down the list of controls based on their implementation details.</p>
+ * @public
+ */
+export interface ControlFilter {
+    /**
+     * <p>A filter that narrows the results to controls with specific implementation types or identifiers. This field allows you to find controls that are implemented by specific Amazon Web Services services or with specific service identifiers.</p>
+     * @public
+     */
+    Implementations?: ImplementationFilter | undefined;
+}
 /**
  * @public
  */
@@ -470,6 +403,11 @@ export interface ListControlsRequest {
      * @public
      */
     MaxResults?: number | undefined;
+    /**
+     * <p>An optional filter that narrows the results to controls with specific implementation types or identifiers. If you don't provide a filter, the operation returns all available controls.</p>
+     * @public
+     */
+    Filter?: ControlFilter | undefined;
 }
 /**
  * <p>A summary of how the control is implemented, including the Amazon Web Services service that enforces the control and its service-specific identifier. For example, the value of this field could indicate that the control is implemented as an Amazon Web Services Config Rule or an Amazon Web Services Security Hub control.</p>
@@ -497,6 +435,11 @@ export interface ControlSummary {
      * @public
      */
     Arn: string | undefined;
+    /**
+     * <p>A list of alternative identifiers for the control. These are human-readable designators, such as <code>SH.S3.1</code>. Several aliases can refer to the same control across different Amazon Web Services services or compliance frameworks.</p>
+     * @public
+     */
+    Aliases?: string[] | undefined;
     /**
      * <p>The display name of the control.</p>
      * @public
@@ -527,6 +470,11 @@ export interface ControlSummary {
      * @public
      */
     CreateTime?: Date | undefined;
+    /**
+     * <p>A list of Amazon Web Services resource types that are governed by this control. This information helps you understand which controls can govern certain types of resources, and conversely, which resources are affected when the control is implemented. The resources are represented as Amazon Web Services CloudFormation resource types. If <code>GovernedResources</code> cannot be represented by available CloudFormation resource types, it’s returned as an empty list.</p>
+     * @public
+     */
+    GovernedResources?: string[] | undefined;
 }
 /**
  * @public
@@ -604,6 +552,153 @@ export interface ListDomainsResponse {
      */
     NextToken?: string | undefined;
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const MappingType: {
+    readonly COMMON_CONTROL: "COMMON_CONTROL";
+    readonly FRAMEWORK: "FRAMEWORK";
+};
+/**
+ * @public
+ */
+export type MappingType = (typeof MappingType)[keyof typeof MappingType];
+/**
+ * <p>A structure that defines filtering criteria for the ListControlMappings operation. You can use this filter to narrow down the list of control mappings based on control ARNs, common control ARNs, or mapping types.</p>
+ * @public
+ */
+export interface ControlMappingFilter {
+    /**
+     * <p>A list of control ARNs to filter the mappings. When specified, only mappings associated with these controls are returned.</p>
+     * @public
+     */
+    ControlArns?: string[] | undefined;
+    /**
+     * <p>A list of common control ARNs to filter the mappings. When specified, only mappings associated with these common controls are returned.</p>
+     * @public
+     */
+    CommonControlArns?: string[] | undefined;
+    /**
+     * <p>A list of mapping types to filter the mappings. When specified, only mappings of these types are returned.</p>
+     * @public
+     */
+    MappingTypes?: MappingType[] | undefined;
+}
+/**
+ * @public
+ */
+export interface ListControlMappingsRequest {
+    /**
+     * <p>The pagination token that's used to fetch the next set of results.</p>
+     * @public
+     */
+    NextToken?: string | undefined;
+    /**
+     * <p>The maximum number of results on a page or for an API request call.</p>
+     * @public
+     */
+    MaxResults?: number | undefined;
+    /**
+     * <p>An optional filter that narrows the results to specific control mappings based on control ARNs, common control ARNs, or mapping types.</p>
+     * @public
+     */
+    Filter?: ControlMappingFilter | undefined;
+}
+/**
+ * <p>A structure that contains details about a framework mapping, including the framework name and specific item within the framework that the control maps to.</p>
+ * @public
+ */
+export interface FrameworkMappingDetails {
+    /**
+     * <p>The name of the compliance framework that the control maps to.</p>
+     * @public
+     */
+    Name: string | undefined;
+    /**
+     * <p>The specific item or requirement within the framework that the control maps to.</p>
+     * @public
+     */
+    Item: string | undefined;
+}
+/**
+ * <p>A structure that contains the details of a mapping relationship, which can be either to a framework or to a common control.</p>
+ * @public
+ */
+export type Mapping = Mapping.CommonControlMember | Mapping.FrameworkMember | Mapping.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace Mapping {
+    /**
+     * <p>The framework mapping details when the mapping type relates to a compliance framework.</p>
+     * @public
+     */
+    interface FrameworkMember {
+        Framework: FrameworkMappingDetails;
+        CommonControl?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>The common control mapping details when the mapping type relates to a common control.</p>
+     * @public
+     */
+    interface CommonControlMember {
+        Framework?: never;
+        CommonControl: CommonControlMappingDetails;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        Framework?: never;
+        CommonControl?: never;
+        $unknown: [string, any];
+    }
+    interface Visitor<T> {
+        Framework: (value: FrameworkMappingDetails) => T;
+        CommonControl: (value: CommonControlMappingDetails) => T;
+        _: (name: string, value: any) => T;
+    }
+    const visit: <T>(value: Mapping, visitor: Visitor<T>) => T;
+}
+/**
+ * <p>A structure that contains information about a control mapping, including the control ARN, mapping type, and mapping details.</p>
+ * @public
+ */
+export interface ControlMapping {
+    /**
+     * <p>The Amazon Resource Name (ARN) that identifies the control in the mapping.</p>
+     * @public
+     */
+    ControlArn: string | undefined;
+    /**
+     * <p>The type of mapping relationship between the control and other entities. Indicates whether the mapping is to a framework or common control.</p>
+     * @public
+     */
+    MappingType: MappingType | undefined;
+    /**
+     * <p>The details of the mapping relationship, containing either framework or common control information.</p>
+     * @public
+     */
+    Mapping: Mapping | undefined;
+}
+/**
+ * @public
+ */
+export interface ListControlMappingsResponse {
+    /**
+     * <p>The list of control mappings that the ListControlMappings API returns.</p>
+     * @public
+     */
+    ControlMappings: ControlMapping[] | undefined;
+    /**
+     * <p>The pagination token that's used to fetch the next set of results.</p>
+     * @public
+     */
+    NextToken?: string | undefined;
+}
 /**
  * <p>The domain resource that's being used as a filter.</p>
  * @public
@@ -621,9 +716,7 @@ export interface DomainResourceFilter {
  */
 export interface ObjectiveFilter {
     /**
-     * <p>The domain that's used as filter criteria.</p>
-     *          <p>You can use this parameter to specify one domain ARN at a time. Passing multiple ARNs in
-     *       the <code>ObjectiveFilter</code> isn’t currently supported.</p>
+     * <p>The domain that's used as filter criteria.</p> <p>You can use this parameter to specify one domain ARN at a time. Passing multiple ARNs in the <code>ObjectiveFilter</code> isn’t supported.</p>
      * @public
      */
     Domains?: DomainResourceFilter[] | undefined;
@@ -643,9 +736,7 @@ export interface ListObjectivesRequest {
      */
     NextToken?: string | undefined;
     /**
-     * <p>An optional filter that narrows the results to a specific domain.</p>
-     *          <p>This filter allows you to specify one domain ARN at a time.
-     *       Passing multiple ARNs in the <code>ObjectiveFilter</code> isn’t currently supported.</p>
+     * <p>An optional filter that narrows the results to a specific domain.</p> <p>This filter allows you to specify one domain ARN at a time. Passing multiple ARNs in the <code>ObjectiveFilter</code> isn’t supported.</p>
      * @public
      */
     ObjectiveFilter?: ObjectiveFilter | undefined;

package/dist-types/pagination/ListControlMappingsPaginator.d.ts

@@ -0,0 +1,7 @@
+import { Paginator } from "@smithy/types";
+import { ListControlMappingsCommandInput, ListControlMappingsCommandOutput } from "../commands/ListControlMappingsCommand";
+import { ControlCatalogPaginationConfiguration } from "./Interfaces";
+/**
+ * @public
+ */
+export declare const paginateListControlMappings: (config: ControlCatalogPaginationConfiguration, input: ListControlMappingsCommandInput, ...rest: any[]) => Paginator<ListControlMappingsCommandOutput>;

package/dist-types/pagination/index.d.ts

@@ -1,5 +1,6 @@
 export * from "./Interfaces";
 export * from "./ListCommonControlsPaginator";
+export * from "./ListControlMappingsPaginator";
 export * from "./ListControlsPaginator";
 export * from "./ListDomainsPaginator";
 export * from "./ListObjectivesPaginator";

package/dist-types/protocols/Aws_restJson1.d.ts

@@ -2,6 +2,7 @@ import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@s
 import { SerdeContext as __SerdeContext } from "@smithy/types";
 import { GetControlCommandInput, GetControlCommandOutput } from "../commands/GetControlCommand";
 import { ListCommonControlsCommandInput, ListCommonControlsCommandOutput } from "../commands/ListCommonControlsCommand";
+import { ListControlMappingsCommandInput, ListControlMappingsCommandOutput } from "../commands/ListControlMappingsCommand";
 import { ListControlsCommandInput, ListControlsCommandOutput } from "../commands/ListControlsCommand";
 import { ListDomainsCommandInput, ListDomainsCommandOutput } from "../commands/ListDomainsCommand";
 import { ListObjectivesCommandInput, ListObjectivesCommandOutput } from "../commands/ListObjectivesCommand";
@@ -13,6 +14,10 @@ export declare const se_GetControlCommand: (input: GetControlCommandInput, conte
  * serializeAws_restJson1ListCommonControlsCommand
  */
 export declare const se_ListCommonControlsCommand: (input: ListCommonControlsCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
+/**
+ * serializeAws_restJson1ListControlMappingsCommand
+ */
+export declare const se_ListControlMappingsCommand: (input: ListControlMappingsCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 /**
  * serializeAws_restJson1ListControlsCommand
  */
@@ -33,6 +38,10 @@ export declare const de_GetControlCommand: (output: __HttpResponse, context: __S
  * deserializeAws_restJson1ListCommonControlsCommand
  */
 export declare const de_ListCommonControlsCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<ListCommonControlsCommandOutput>;
+/**
+ * deserializeAws_restJson1ListControlMappingsCommand
+ */
+export declare const de_ListControlMappingsCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<ListControlMappingsCommandOutput>;
 /**
  * deserializeAws_restJson1ListControlsCommand
  */

package/dist-types/ts3.4/ControlCatalog.d.ts

@@ -7,6 +7,10 @@ import {
   ListCommonControlsCommandInput,
   ListCommonControlsCommandOutput,
 } from "./commands/ListCommonControlsCommand";
+import {
+  ListControlMappingsCommandInput,
+  ListControlMappingsCommandOutput,
+} from "./commands/ListControlMappingsCommand";
 import {
   ListControlsCommandInput,
   ListControlsCommandOutput,
@@ -48,6 +52,20 @@ export interface ControlCatalog {
     options: __HttpHandlerOptions,
     cb: (err: any, data?: ListCommonControlsCommandOutput) => void
   ): void;
+  listControlMappings(): Promise<ListControlMappingsCommandOutput>;
+  listControlMappings(
+    args: ListControlMappingsCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<ListControlMappingsCommandOutput>;
+  listControlMappings(
+    args: ListControlMappingsCommandInput,
+    cb: (err: any, data?: ListControlMappingsCommandOutput) => void
+  ): void;
+  listControlMappings(
+    args: ListControlMappingsCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: ListControlMappingsCommandOutput) => void
+  ): void;
   listControls(): Promise<ListControlsCommandOutput>;
   listControls(
     args: ListControlsCommandInput,

package/dist-types/ts3.4/ControlCatalogClient.d.ts

@@ -53,6 +53,10 @@ import {
   ListCommonControlsCommandInput,
   ListCommonControlsCommandOutput,
 } from "./commands/ListCommonControlsCommand";
+import {
+  ListControlMappingsCommandInput,
+  ListControlMappingsCommandOutput,
+} from "./commands/ListControlMappingsCommand";
 import {
   ListControlsCommandInput,
   ListControlsCommandOutput,
@@ -75,12 +79,14 @@ export { __Client };
 export type ServiceInputTypes =
   | GetControlCommandInput
   | ListCommonControlsCommandInput
+  | ListControlMappingsCommandInput
   | ListControlsCommandInput
   | ListDomainsCommandInput
   | ListObjectivesCommandInput;
 export type ServiceOutputTypes =
   | GetControlCommandOutput
   | ListCommonControlsCommandOutput
+  | ListControlMappingsCommandOutput
   | ListControlsCommandOutput
   | ListDomainsCommandOutput
   | ListObjectivesCommandOutput;

package/dist-types/ts3.4/commands/ListControlMappingsCommand.d.ts

@@ -0,0 +1,51 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import {
+  ControlCatalogClientResolvedConfig,
+  ServiceInputTypes,
+  ServiceOutputTypes,
+} from "../ControlCatalogClient";
+import {
+  ListControlMappingsRequest,
+  ListControlMappingsResponse,
+} from "../models/models_0";
+export { __MetadataBearer };
+export { $Command };
+export interface ListControlMappingsCommandInput
+  extends ListControlMappingsRequest {}
+export interface ListControlMappingsCommandOutput
+  extends ListControlMappingsResponse,
+    __MetadataBearer {}
+declare const ListControlMappingsCommand_base: {
+  new (
+    input: ListControlMappingsCommandInput
+  ): import("@smithy/smithy-client").CommandImpl<
+    ListControlMappingsCommandInput,
+    ListControlMappingsCommandOutput,
+    ControlCatalogClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >;
+  new (
+    ...[input]: [] | [ListControlMappingsCommandInput]
+  ): import("@smithy/smithy-client").CommandImpl<
+    ListControlMappingsCommandInput,
+    ListControlMappingsCommandOutput,
+    ControlCatalogClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >;
+  getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+export declare class ListControlMappingsCommand extends ListControlMappingsCommand_base {
+  protected static __types: {
+    api: {
+      input: ListControlMappingsRequest;
+      output: ListControlMappingsResponse;
+    };
+    sdk: {
+      input: ListControlMappingsCommandInput;
+      output: ListControlMappingsCommandOutput;
+    };
+  };
+}