@aws-sdk/client-controltower 3.427.0 → 3.428.0

package/dist-types/ControlTowerClient.d.ts

@@ -11,6 +11,7 @@ import { BodyLengthCalculator as __BodyLengthCalculator, CheckOptionalClientConf
 import { DisableControlCommandInput, DisableControlCommandOutput } from "./commands/DisableControlCommand";
 import { EnableControlCommandInput, EnableControlCommandOutput } from "./commands/EnableControlCommand";
 import { GetControlOperationCommandInput, GetControlOperationCommandOutput } from "./commands/GetControlOperationCommand";
+import { GetEnabledControlCommandInput, GetEnabledControlCommandOutput } from "./commands/GetEnabledControlCommand";
 import { ListEnabledControlsCommandInput, ListEnabledControlsCommandOutput } from "./commands/ListEnabledControlsCommand";
 import { ClientInputEndpointParameters, ClientResolvedEndpointParameters, EndpointParameters } from "./endpoint/EndpointParameters";
 import { RuntimeExtension, RuntimeExtensionsConfig } from "./runtimeExtensions";
@@ -18,11 +19,11 @@ export { __Client };
 /**
  * @public
  */
-export type ServiceInputTypes = DisableControlCommandInput | EnableControlCommandInput | GetControlOperationCommandInput | ListEnabledControlsCommandInput;
+export type ServiceInputTypes = DisableControlCommandInput | EnableControlCommandInput | GetControlOperationCommandInput | GetEnabledControlCommandInput | ListEnabledControlsCommandInput;
 /**
  * @public
  */
-export type ServiceOutputTypes = DisableControlCommandOutput | EnableControlCommandOutput | GetControlOperationCommandOutput | ListEnabledControlsCommandOutput;
+export type ServiceOutputTypes = DisableControlCommandOutput | EnableControlCommandOutput | GetControlOperationCommandOutput | GetEnabledControlCommandOutput | ListEnabledControlsCommandOutput;
 /**
  * @public
  */
@@ -156,22 +157,31 @@ export interface ControlTowerClientResolvedConfig extends ControlTowerClientReso
 }
 /**
  * @public
- * <p>These interfaces allow you to apply the AWS library of pre-defined <i>controls</i> to your
- * organizational units, programmatically. In this context, controls are the same as AWS Control Tower guardrails.</p>
+ * <p>These interfaces allow you to apply the AWS library of pre-defined
+ *       <i>controls</i> to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms.   .</p>
  *          <p>To call these APIs, you'll need to know:</p>
  *          <ul>
  *             <li>
- *                <p>the <code>ControlARN</code> for the control--that is, the
- *         guardrail--you are targeting,</p>
+ *                <p>the <code>controlIdentifier</code> for the control--or guardrail--you are targeting.</p>
  *             </li>
  *             <li>
- *                <p>and the ARN associated with the target organizational unit (OU).</p>
+ *                <p>the ARN associated with the target organizational unit (OU), which we call the <code>targetIdentifier</code>.</p>
  *             </li>
  *          </ul>
  *          <p>
- *             <b>To get the <code>ControlARN</code> for your AWS Control Tower guardrail:</b>
+ *             <b>To get the <code>controlIdentifier</code> for your AWS Control Tower
+ *         control:</b>
  *          </p>
- *          <p>The <code>ControlARN</code> contains the control name which is specified in each guardrail. For a list of control names for <i>Strongly recommended</i> and <i>Elective</i> guardrails, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html.html">Resource identifiers for APIs and guardrails</a> in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/automating-tasks.html">Automating tasks section</a> of the AWS Control Tower User Guide. Remember that <i>Mandatory</i> guardrails cannot be added or removed.</p>
+ *          <p>The <code>controlIdentifier</code> is an ARN that is specified for each
+ *       control. You can view the <code>controlIdentifier</code> in the console on the <b>Control details</b> page, as well as in the documentation.</p>
+ *          <p>The <code>controlIdentifier</code> is unique in each AWS Region for each control. You can
+ *       find the <code>controlIdentifier</code> for each Region and control in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-metadata-tables.html">Tables of control metadata</a> in the <i>AWS Control Tower User Guide.</i>
+ *          </p>
+ *          <p>A quick-reference list of control identifers for the AWS Control Tower legacy <i>Strongly recommended</i> and
+ *         <i>Elective</i> controls is given in <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html.html">Resource identifiers for
+ *         APIs and guardrails</a> in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html">Controls reference guide section</a>
+ *       of the <i>AWS Control Tower User Guide</i>. Remember that <i>Mandatory</i> controls
+ *       cannot be added or removed.</p>
  *          <note>
  *             <p>
  *                <b>ARN format:</b>
@@ -185,8 +195,9 @@ export interface ControlTowerClientResolvedConfig extends ControlTowerClientReso
  *             </p>
  *          </note>
  *          <p>
- *             <b>To get the ARN for an OU:</b>
+ *             <b>To get the <code>targetIdentifier</code>:</b>
  *          </p>
+ *          <p>The <code>targetIdentifier</code> is the ARN for an OU.</p>
  *          <p>In the AWS Organizations console, you can find the ARN for the OU on the <b>Organizational unit details</b> page associated with that OU.</p>
  *          <note>
  *             <p>
@@ -202,17 +213,32 @@ export interface ControlTowerClientResolvedConfig extends ControlTowerClientReso
  *          <ul>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html">List of resource identifiers for APIs and guardrails</a>
+ *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html">Control API input and output examples with CLI</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/enable-controls.html">Enable controls with CloudFormation</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-metadata-tables.html">Control metadata tables</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html">List of identifiers for legacy controls</a>
  *                </p>
  *             </li>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/guardrail-api-examples-short.html">Guardrail API examples (CLI)</a>
+ *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/controls.html">Controls reference guide</a>
  *                </p>
  *             </li>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/enable-controls.html">Enable controls with AWS CloudFormation</a>
+ *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/controls-reference.html">Controls library groupings</a>
  *                </p>
  *             </li>
  *             <li>
@@ -226,7 +252,14 @@ export interface ControlTowerClientResolvedConfig extends ControlTowerClientReso
  *          <p>
  *             <b>Recording API Requests</b>
  *          </p>
- *          <p>AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the AWS Control Tower service received, who made the request and when, and so on. For more about AWS Control Tower and its support for CloudTrail, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/logging-using-cloudtrail.html">Logging AWS Control Tower Actions with AWS CloudTrail</a> in the AWS Control Tower User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.</p>
+ *          <p>AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your
+ *       AWS account and delivers log files to an Amazon S3 bucket. By using information collected by
+ *       CloudTrail, you can determine which requests the AWS Control Tower service received, who made
+ *       the request and when, and so on. For more about AWS Control Tower and its support for
+ *       CloudTrail, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/logging-using-cloudtrail.html">Logging AWS Control Tower
+ *         Actions with AWS CloudTrail</a> in the AWS Control Tower User Guide. To learn more about
+ *       CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User
+ *       Guide.</p>
  */
 export declare class ControlTowerClient extends __Client<__HttpHandlerOptions, ServiceInputTypes, ServiceOutputTypes, ControlTowerClientResolvedConfig> {
     /**

package/dist-types/commands/DisableControlCommand.d.ts

@@ -23,9 +23,11 @@ export interface DisableControlCommandOutput extends DisableControlOutput, __Met
 }
 /**
  * @public
- * <p>This API call turns off a control. It starts an asynchronous operation that deletes AWS resources on the specified
- *         organizational unit and the accounts it contains. The resources will vary according to the
- *         control that you specify.</p>
+ * <p>This API call turns off a control. It starts an asynchronous operation that deletes AWS
+ *       resources on the specified organizational unit and the accounts it contains. The resources
+ *       will vary according to the control that you specify. For usage examples, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html">
+ *                <i>the AWS Control Tower User Guide</i>
+ *             </a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -51,8 +53,7 @@ export interface DisableControlCommandOutput extends DisableControlOutput, __Met
  * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape.
  *
  * @throws {@link AccessDeniedException} (client fault)
- *  <p>User does not have sufficient access to perform this action.
- *       </p>
+ *  <p>User does not have sufficient access to perform this action.</p>
  *
  * @throws {@link ConflictException} (client fault)
  *  <p>Updating or deleting a resource can cause an inconsistent state.</p>
@@ -64,7 +65,7 @@ export interface DisableControlCommandOutput extends DisableControlOutput, __Met
  *  <p>Request references a resource which does not exist.</p>
  *
  * @throws {@link ServiceQuotaExceededException} (client fault)
- *  <p>Request would cause a service quota to be exceeded. The limit is 10 concurrent operations. </p>
+ *  <p>Request would cause a service quota to be exceeded. The limit is 10 concurrent operations.</p>
  *
  * @throws {@link ThrottlingException} (client fault)
  *  <p> Request was denied due to request throttling.</p>

package/dist-types/commands/EnableControlCommand.d.ts

@@ -23,9 +23,12 @@ export interface EnableControlCommandOutput extends EnableControlOutput, __Metad
 }
 /**
  * @public
- * <p>This API call activates a control. It starts an asynchronous operation that creates AWS resources on the specified
- *       organizational unit and the accounts it contains. The resources created will vary according to
- *       the control that you specify.</p>
+ * <p>This API call activates a control. It starts an asynchronous operation that creates AWS
+ *       resources on the specified organizational unit and the accounts it contains. The resources
+ *       created will vary according to the control that you specify. For usage examples, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html">
+ *                <i>the AWS Control Tower User Guide</i>
+ *             </a>
+ *          </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -51,8 +54,7 @@ export interface EnableControlCommandOutput extends EnableControlOutput, __Metad
  * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape.
  *
  * @throws {@link AccessDeniedException} (client fault)
- *  <p>User does not have sufficient access to perform this action.
- *       </p>
+ *  <p>User does not have sufficient access to perform this action.</p>
  *
  * @throws {@link ConflictException} (client fault)
  *  <p>Updating or deleting a resource can cause an inconsistent state.</p>
@@ -64,7 +66,7 @@ export interface EnableControlCommandOutput extends EnableControlOutput, __Metad
  *  <p>Request references a resource which does not exist.</p>
  *
  * @throws {@link ServiceQuotaExceededException} (client fault)
- *  <p>Request would cause a service quota to be exceeded. The limit is 10 concurrent operations. </p>
+ *  <p>Request would cause a service quota to be exceeded. The limit is 10 concurrent operations.</p>
  *
  * @throws {@link ThrottlingException} (client fault)
  *  <p> Request was denied due to request throttling.</p>

package/dist-types/commands/GetControlOperationCommand.d.ts

@@ -24,8 +24,11 @@ export interface GetControlOperationCommandOutput extends GetControlOperationOut
 /**
  * @public
  * <p>Returns the status of a particular <code>EnableControl</code> or
- *         <code>DisableControl</code> operation. Displays a message in case of error.
- *       Details for an operation are available for 90 days.</p>
+ *         <code>DisableControl</code> operation. Displays a message in case of error. Details for an
+ *       operation are available for 90 days. For usage examples, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html">
+ *                <i>the AWS Control Tower User Guide</i>
+ *             </a>
+ *          </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -56,8 +59,7 @@ export interface GetControlOperationCommandOutput extends GetControlOperationOut
  * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape.
  *
  * @throws {@link AccessDeniedException} (client fault)
- *  <p>User does not have sufficient access to perform this action.
- *       </p>
+ *  <p>User does not have sufficient access to perform this action.</p>
  *
  * @throws {@link InternalServerException} (server fault)
  *  <p>Unexpected error during processing of request.</p>

package/dist-types/commands/GetEnabledControlCommand.d.ts

@@ -0,0 +1,121 @@
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
+import { ControlTowerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../ControlTowerClient";
+import { GetEnabledControlInput, GetEnabledControlOutput } from "../models/models_0";
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link GetEnabledControlCommand}.
+ */
+export interface GetEnabledControlCommandInput extends GetEnabledControlInput {
+}
+/**
+ * @public
+ *
+ * The output of {@link GetEnabledControlCommand}.
+ */
+export interface GetEnabledControlCommandOutput extends GetEnabledControlOutput, __MetadataBearer {
+}
+/**
+ * @public
+ * <p>
+ *         Provides details about the enabled control. For usage examples, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html">
+ *                <i>the AWS Control Tower User Guide</i>
+ *             </a>.</p>
+ *          <p class="title">
+ *             <b>Returned values</b>
+ *          </p>
+ *          <ul>
+ *             <li>
+ *                <p>TargetRegions: Shows target AWS Regions where the enabled control is available to be deployed.</p>
+ *             </li>
+ *             <li>
+ *                <p>StatusSummary: Provides a detailed summary of the deployment status.</p>
+ *             </li>
+ *             <li>
+ *                <p>DriftSummary: Provides a detailed summary of the drifted status.</p>
+ *             </li>
+ *          </ul>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { ControlTowerClient, GetEnabledControlCommand } from "@aws-sdk/client-controltower"; // ES Modules import
+ * // const { ControlTowerClient, GetEnabledControlCommand } = require("@aws-sdk/client-controltower"); // CommonJS import
+ * const client = new ControlTowerClient(config);
+ * const input = { // GetEnabledControlInput
+ *   enabledControlIdentifier: "STRING_VALUE", // required
+ * };
+ * const command = new GetEnabledControlCommand(input);
+ * const response = await client.send(command);
+ * // { // GetEnabledControlOutput
+ * //   enabledControlDetails: { // EnabledControlDetails
+ * //     arn: "STRING_VALUE",
+ * //     controlIdentifier: "STRING_VALUE",
+ * //     targetIdentifier: "STRING_VALUE",
+ * //     targetRegions: [ // TargetRegions
+ * //       { // Region
+ * //         name: "STRING_VALUE",
+ * //       },
+ * //     ],
+ * //     statusSummary: { // EnablementStatusSummary
+ * //       status: "STRING_VALUE",
+ * //       lastOperationIdentifier: "STRING_VALUE",
+ * //     },
+ * //     driftStatusSummary: { // DriftStatusSummary
+ * //       driftStatus: "STRING_VALUE",
+ * //     },
+ * //   },
+ * // };
+ *
+ * ```
+ *
+ * @param GetEnabledControlCommandInput - {@link GetEnabledControlCommandInput}
+ * @returns {@link GetEnabledControlCommandOutput}
+ * @see {@link GetEnabledControlCommandInput} for command's `input` shape.
+ * @see {@link GetEnabledControlCommandOutput} for command's `response` shape.
+ * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>User does not have sufficient access to perform this action.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>Unexpected error during processing of request.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>Request references a resource which does not exist.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p> Request was denied due to request throttling.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>The input fails to satisfy the constraints specified by an AWS service.</p>
+ *
+ * @throws {@link ControlTowerServiceException}
+ * <p>Base exception class for all service exceptions from ControlTower service.</p>
+ *
+ */
+export declare class GetEnabledControlCommand extends $Command<GetEnabledControlCommandInput, GetEnabledControlCommandOutput, ControlTowerClientResolvedConfig> {
+    readonly input: GetEnabledControlCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: GetEnabledControlCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: ControlTowerClientResolvedConfig, options?: __HttpHandlerOptions): Handler<GetEnabledControlCommandInput, GetEnabledControlCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}

package/dist-types/commands/ListEnabledControlsCommand.d.ts

@@ -24,7 +24,10 @@ export interface ListEnabledControlsCommandOutput extends ListEnabledControlsOut
 /**
  * @public
  * <p>Lists the controls enabled by AWS Control Tower on the specified organizational unit and
- *       the accounts it contains.</p>
+ *       the accounts it contains. For usage examples, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html">
+ *                <i>the AWS Control Tower User Guide</i>
+ *             </a>
+ *          </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -42,6 +45,15 @@ export interface ListEnabledControlsCommandOutput extends ListEnabledControlsOut
  * //   enabledControls: [ // EnabledControls // required
  * //     { // EnabledControlSummary
  * //       controlIdentifier: "STRING_VALUE",
+ * //       arn: "STRING_VALUE",
+ * //       targetIdentifier: "STRING_VALUE",
+ * //       statusSummary: { // EnablementStatusSummary
+ * //         status: "STRING_VALUE",
+ * //         lastOperationIdentifier: "STRING_VALUE",
+ * //       },
+ * //       driftStatusSummary: { // DriftStatusSummary
+ * //         driftStatus: "STRING_VALUE",
+ * //       },
  * //     },
  * //   ],
  * //   nextToken: "STRING_VALUE",
@@ -56,8 +68,7 @@ export interface ListEnabledControlsCommandOutput extends ListEnabledControlsOut
  * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape.
  *
  * @throws {@link AccessDeniedException} (client fault)
- *  <p>User does not have sufficient access to perform this action.
- *       </p>
+ *  <p>User does not have sufficient access to perform this action.</p>
  *
  * @throws {@link InternalServerException} (server fault)
  *  <p>Unexpected error during processing of request.</p>

package/dist-types/commands/index.d.ts

@@ -1,4 +1,5 @@
 export * from "./DisableControlCommand";
 export * from "./EnableControlCommand";
 export * from "./GetControlOperationCommand";
+export * from "./GetEnabledControlCommand";
 export * from "./ListEnabledControlsCommand";

package/dist-types/index.d.ts

@@ -1,20 +1,29 @@
 /**
- * <p>These interfaces allow you to apply the AWS library of pre-defined <i>controls</i> to your
- * organizational units, programmatically. In this context, controls are the same as AWS Control Tower guardrails.</p>
+ * <p>These interfaces allow you to apply the AWS library of pre-defined
+ *       <i>controls</i> to your organizational units, programmatically. In AWS Control Tower, the terms "control" and "guardrail" are synonyms.   .</p>
  *          <p>To call these APIs, you'll need to know:</p>
  *          <ul>
  *             <li>
- *                <p>the <code>ControlARN</code> for the control--that is, the
- *         guardrail--you are targeting,</p>
+ *                <p>the <code>controlIdentifier</code> for the control--or guardrail--you are targeting.</p>
  *             </li>
  *             <li>
- *                <p>and the ARN associated with the target organizational unit (OU).</p>
+ *                <p>the ARN associated with the target organizational unit (OU), which we call the <code>targetIdentifier</code>.</p>
  *             </li>
  *          </ul>
  *          <p>
- *             <b>To get the <code>ControlARN</code> for your AWS Control Tower guardrail:</b>
+ *             <b>To get the <code>controlIdentifier</code> for your AWS Control Tower
+ *         control:</b>
  *          </p>
- *          <p>The <code>ControlARN</code> contains the control name which is specified in each guardrail. For a list of control names for <i>Strongly recommended</i> and <i>Elective</i> guardrails, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html.html">Resource identifiers for APIs and guardrails</a> in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/automating-tasks.html">Automating tasks section</a> of the AWS Control Tower User Guide. Remember that <i>Mandatory</i> guardrails cannot be added or removed.</p>
+ *          <p>The <code>controlIdentifier</code> is an ARN that is specified for each
+ *       control. You can view the <code>controlIdentifier</code> in the console on the <b>Control details</b> page, as well as in the documentation.</p>
+ *          <p>The <code>controlIdentifier</code> is unique in each AWS Region for each control. You can
+ *       find the <code>controlIdentifier</code> for each Region and control in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-metadata-tables.html">Tables of control metadata</a> in the <i>AWS Control Tower User Guide.</i>
+ *          </p>
+ *          <p>A quick-reference list of control identifers for the AWS Control Tower legacy <i>Strongly recommended</i> and
+ *         <i>Elective</i> controls is given in <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html.html">Resource identifiers for
+ *         APIs and guardrails</a> in the <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html">Controls reference guide section</a>
+ *       of the <i>AWS Control Tower User Guide</i>. Remember that <i>Mandatory</i> controls
+ *       cannot be added or removed.</p>
  *          <note>
  *             <p>
  *                <b>ARN format:</b>
@@ -28,8 +37,9 @@
  *             </p>
  *          </note>
  *          <p>
- *             <b>To get the ARN for an OU:</b>
+ *             <b>To get the <code>targetIdentifier</code>:</b>
  *          </p>
+ *          <p>The <code>targetIdentifier</code> is the ARN for an OU.</p>
  *          <p>In the AWS Organizations console, you can find the ARN for the OU on the <b>Organizational unit details</b> page associated with that OU.</p>
  *          <note>
  *             <p>
@@ -45,17 +55,32 @@
  *          <ul>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html">List of resource identifiers for APIs and guardrails</a>
+ *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-api-examples-short.html">Control API input and output examples with CLI</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/enable-controls.html">Enable controls with CloudFormation</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-metadata-tables.html">Control metadata tables</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/control-identifiers.html">List of identifiers for legacy controls</a>
  *                </p>
  *             </li>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/guardrail-api-examples-short.html">Guardrail API examples (CLI)</a>
+ *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/controls.html">Controls reference guide</a>
  *                </p>
  *             </li>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/enable-controls.html">Enable controls with AWS CloudFormation</a>
+ *                   <a href="https://docs.aws.amazon.com/controltower/latest/userguide/controls-reference.html">Controls library groupings</a>
  *                </p>
  *             </li>
  *             <li>
@@ -69,7 +94,14 @@
  *          <p>
  *             <b>Recording API Requests</b>
  *          </p>
- *          <p>AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the AWS Control Tower service received, who made the request and when, and so on. For more about AWS Control Tower and its support for CloudTrail, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/logging-using-cloudtrail.html">Logging AWS Control Tower Actions with AWS CloudTrail</a> in the AWS Control Tower User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.</p>
+ *          <p>AWS Control Tower supports AWS CloudTrail, a service that records AWS API calls for your
+ *       AWS account and delivers log files to an Amazon S3 bucket. By using information collected by
+ *       CloudTrail, you can determine which requests the AWS Control Tower service received, who made
+ *       the request and when, and so on. For more about AWS Control Tower and its support for
+ *       CloudTrail, see <a href="https://docs.aws.amazon.com/controltower/latest/userguide/logging-using-cloudtrail.html">Logging AWS Control Tower
+ *         Actions with AWS CloudTrail</a> in the AWS Control Tower User Guide. To learn more about
+ *       CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User
+ *       Guide.</p>
  *
  * @packageDocumentation
  */