Module Awso_controlcatalog_asyncSource

include module type of struct include Awso_controlcatalog.Values end
Sourceval service : Awso.Service.t
Sourceval apiVersion : string
Sourceval endpointPrefix : string
Sourceval serviceFullName : string
Sourceval signatureVersion : string
Sourceval protocol : string
Sourceval globalEndpoint : string
Sourceval simple_to_json : ('a -> Awso__Botodata.value) -> 'a -> Yojson.Safe.t
Sourceval composed_to_json : ('a -> Awso__Botodata.value) -> 'a -> Yojson.Safe.t
Sourceval to_query : ('a -> Awso.Client.Query.value) -> 'a -> Awso.Client.Query.t
Sourceval structure_to_value_aux : ('a * 'b option) list -> f:(('a * 'b) list -> 'c) -> [> `Structure of 'c ]
Sourceval structure_to_value : ('a * 'b option) list -> [> `Structure of ('a * 'b) list ]
Sourceval structure_to_wrapped_value : wrapper:'a -> response:'a -> ('b * 'c option) list -> [> `Structure of ('a * [> `Structure of ('b * 'c) list ]) list ]
Sourcemodule String_ = Awso_controlcatalog.Values.String_

A structure that contains details about a common control mapping. In particular, it returns the Amazon Resource Name (ARN) of the common control.

A structure that contains details about a framework mapping, including the framework name and specific item within the framework that the control maps to.

A structure that describes a control's relationship status with other controls.

A summary of the domain that a common control or an objective belongs to.

The domain resource that's being used as a filter.

A summary of how the control is implemented, including the Amazon Web Services service that enforces the control and its service-specific identifier. For example, the value of this field could indicate that the control is implemented as an Amazon Web Services Config Rule or an Amazon Web Services Security Hub control.

A structure that contains the details of a mapping relationship, which can be either to a framework or to a common control.

A summary of the objective that a common control supports.

The objective resource that's being used as a filter.

A summary of metadata for an objective.

A summary of metadata for a domain.

Overview of information about a control.

A structure that defines filtering criteria for control implementations. You can use this filter to find controls that are implemented by specific Amazon Web Services services or with specific service identifiers.

A structure that contains information about a control mapping, including the control ARN, mapping type, and mapping details.

A summary of metadata for a common control.

Five types of control parameters are supported. AllowedRegions: List of Amazon Web Services Regions exempted from the control. Each string is expected to be an Amazon Web Services Region code. This parameter is mandatory for the OU Region deny control, CT.MULTISERVICE.PV.1. Example: ["us-east-1","us-west-2"] ExemptedActions: List of Amazon Web Services IAM actions exempted from the control. Each string is expected to be an IAM action. Example: ["logs:DescribeLogGroups","logs:StartQuery","logs:GetQueryResults"] ExemptedPrincipalArns: List of Amazon Web Services IAM principal ARNs exempted from the control. Each string is expected to be an IAM principal that follows the format arn:partition:service::account:resource Example: ["arn:aws:iam::*:role/ReadOnly","arn:aws:sts::*:assumed-role/ReadOnly/*"] ExemptedResourceArns: List of resource ARNs exempted from the control. Each string is expected to be a resource ARN. Example: ["arn:aws:s3:::my-bucket-name"] ExemptAssumeRoot: A parameter that lets you choose whether to exempt requests made with AssumeRoot from this control, for this OU. For member accounts, the AssumeRoot property is included in requests initiated by IAM centralized root access. This parameter applies only to the AWS-GR_RESTRICT_ROOT_USER control. If you add the parameter when enabling the control, the AssumeRoot exemption is allowed. If you omit the parameter, the AssumeRoot exception is not permitted. The parameter does not accept False as a value. Example: Enabling the control and allowing AssumeRoot { "controlIdentifier": "arn:aws:controlcatalog:::control/5kvme4m5d2b4d7if2fs5yg2ui", "parameters": [ { "key": "ExemptAssumeRoot", "value": true } ], "targetIdentifier": "arn:aws:organizations::8633900XXXXX:ou/o-6jmn81636m/ou-qsah-jtiihcla" }

You do not have sufficient access to perform this action.

An internal service error occurred during the processing of your request. Try again later.

The request was denied due to request throttling.

The request has invalid or missing parameters.

An optional filter that narrows the list of objectives to a specific domain.

A structure that defines filtering criteria for the ListControls operation. You can use this filter to narrow down the list of controls based on their implementation details.

A structure that defines filtering criteria for the ListControlMappings operation. You can use this filter to narrow down the list of control mappings based on control ARNs, common control ARNs, or mapping types.

An optional filter that narrows the results to a specific objective.

An object that describes the implementation type for a control. Our ImplementationDetails Type format has three required segments: SERVICE-PROVIDER::SERVICE-NAME::RESOURCE-NAME For example, AWS::Config::ConfigRule or AWS::SecurityHub::SecurityControl resources have the format with three required segments. Our ImplementationDetails Type format has an optional fourth segment, which is present for applicable implementation types. The format is as follows: SERVICE-PROVIDER::SERVICE-NAME::RESOURCE-NAME::RESOURCE-TYPE-DESCRIPTION For example, AWS::Organizations::Policy::SERVICE_CONTROL_POLICY or AWS::CloudFormation::Type::HOOK have the format with four segments. Although the format is similar, the values for the Type field do not match any Amazon Web Services CloudFormation values.

Returns information about the control, including the scope of the control, if enabled, and the Regions in which the control is available for deployment. For more information about scope, see Global services. If you are applying controls through an Amazon Web Services Control Tower landing zone environment, remember that the values returned in the RegionConfiguration API operation are not related to the governed Regions in your landing zone. For example, if you are governing Regions A,B,and C while the control is available in Regions A, B, C, and D, you'd see a response with DeployableRegions of A, B, C, and D for a control with REGIONAL scope, even though you may not intend to deploy the control in Region D, because you do not govern it through your landing zone.

The requested resource does not exist.

Returns a paginated list of objectives from the Control Catalog. You can apply an optional filter to see the objectives that belong to a specific domain. If you don’t provide a filter, the operation returns all objectives.

Returns a paginated list of objectives from the Control Catalog. You can apply an optional filter to see the objectives that belong to a specific domain. If you don’t provide a filter, the operation returns all objectives.

Returns a paginated list of domains from the Control Catalog.

Returns a paginated list of domains from the Control Catalog.

Returns a paginated list of all available controls in the Control Catalog library. Allows you to discover available controls. The list of controls is given as structures of type controlSummary. The ARN is returned in the global controlcatalog format, as shown in the examples.

Returns a paginated list of all available controls in the Control Catalog library. Allows you to discover available controls. The list of controls is given as structures of type controlSummary. The ARN is returned in the global controlcatalog format, as shown in the examples.

Returns a paginated list of control mappings from the Control Catalog. Control mappings show relationships between controls and other entities, such as common controls or compliance frameworks.

Returns a paginated list of control mappings from the Control Catalog. Control mappings show relationships between controls and other entities, such as common controls or compliance frameworks.

Returns a paginated list of common controls from the Amazon Web Services Control Catalog. You can apply an optional filter to see common controls that have a specific objective. If you don’t provide a filter, the operation returns all common controls.

Returns a paginated list of common controls from the Amazon Web Services Control Catalog. You can apply an optional filter to see common controls that have a specific objective. If you don’t provide a filter, the operation returns all common controls.

Returns details about a specific control, most notably a list of Amazon Web Services Regions where this control is supported. Input a value for the ControlArn parameter, in ARN form. GetControl accepts controltower or controlcatalog control ARNs as input. Returns a controlcatalog ARN format. In the API response, controls that have the value GLOBAL in the Scope field do not show the DeployableRegions field, because it does not apply. Controls that have the value REGIONAL in the Scope field return a value for the DeployableRegions field, as shown in the example.

Returns details about a specific control, most notably a list of Amazon Web Services Regions where this control is supported. Input a value for the ControlArn parameter, in ARN form. GetControl accepts controltower or controlcatalog control ARNs as input. Returns a controlcatalog ARN format. In the API response, controls that have the value GLOBAL in the Scope field do not show the DeployableRegions field, because it does not apply. Controls that have the value REGIONAL in the Scope field return a value for the DeployableRegions field, as shown in the example.

Sourcemodule Cli : sig ... end