;
+ resetEnabledControl(
+ args: ResetEnabledControlCommandInput,
+ cb: (err: any, data?: ResetEnabledControlCommandOutput) => void
+ ): void;
+ resetEnabledControl(
+ args: ResetEnabledControlCommandInput,
+ options: __HttpHandlerOptions,
+ cb: (err: any, data?: ResetEnabledControlCommandOutput) => void
+ ): void;
+
/**
* @see {@link ResetLandingZoneCommand}
*/
diff --git a/clients/client-controltower/src/ControlTowerClient.ts b/clients/client-controltower/src/ControlTowerClient.ts
index a6cd429f4f97..8ca18e2f7446 100644
--- a/clients/client-controltower/src/ControlTowerClient.ts
+++ b/clients/client-controltower/src/ControlTowerClient.ts
@@ -101,6 +101,10 @@ import {
ResetEnabledBaselineCommandInput,
ResetEnabledBaselineCommandOutput,
} from "./commands/ResetEnabledBaselineCommand";
+import {
+ ResetEnabledControlCommandInput,
+ ResetEnabledControlCommandOutput,
+} from "./commands/ResetEnabledControlCommand";
import { ResetLandingZoneCommandInput, ResetLandingZoneCommandOutput } from "./commands/ResetLandingZoneCommand";
import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
@@ -149,6 +153,7 @@ export type ServiceInputTypes =
| ListLandingZonesCommandInput
| ListTagsForResourceCommandInput
| ResetEnabledBaselineCommandInput
+ | ResetEnabledControlCommandInput
| ResetLandingZoneCommandInput
| TagResourceCommandInput
| UntagResourceCommandInput
@@ -181,6 +186,7 @@ export type ServiceOutputTypes =
| ListLandingZonesCommandOutput
| ListTagsForResourceCommandOutput
| ResetEnabledBaselineCommandOutput
+ | ResetEnabledControlCommandOutput
| ResetLandingZoneCommandOutput
| TagResourceCommandOutput
| UntagResourceCommandOutput
diff --git a/clients/client-controltower/src/commands/GetControlOperationCommand.ts b/clients/client-controltower/src/commands/GetControlOperationCommand.ts
index 099bbdf8c5a6..faf7d0bc48f1 100644
--- a/clients/client-controltower/src/commands/GetControlOperationCommand.ts
+++ b/clients/client-controltower/src/commands/GetControlOperationCommand.ts
@@ -46,7 +46,7 @@ export interface GetControlOperationCommandOutput extends GetControlOperationOut
* const response = await client.send(command);
* // { // GetControlOperationOutput
* // controlOperation: { // ControlOperation
- * // operationType: "ENABLE_CONTROL" || "DISABLE_CONTROL" || "UPDATE_ENABLED_CONTROL",
+ * // operationType: "ENABLE_CONTROL" || "DISABLE_CONTROL" || "UPDATE_ENABLED_CONTROL" || "RESET_ENABLED_CONTROL",
* // startTime: new Date("TIMESTAMP"),
* // endTime: new Date("TIMESTAMP"),
* // status: "SUCCEEDED" || "FAILED" || "IN_PROGRESS",
diff --git a/clients/client-controltower/src/commands/ListControlOperationsCommand.ts b/clients/client-controltower/src/commands/ListControlOperationsCommand.ts
index e025ec896a46..00aa7287089d 100644
--- a/clients/client-controltower/src/commands/ListControlOperationsCommand.ts
+++ b/clients/client-controltower/src/commands/ListControlOperationsCommand.ts
@@ -50,7 +50,7 @@ export interface ListControlOperationsCommandOutput extends ListControlOperation
* "SUCCEEDED" || "FAILED" || "IN_PROGRESS",
* ],
* controlOperationTypes: [ // ControlOperationTypes
- * "ENABLE_CONTROL" || "DISABLE_CONTROL" || "UPDATE_ENABLED_CONTROL",
+ * "ENABLE_CONTROL" || "DISABLE_CONTROL" || "UPDATE_ENABLED_CONTROL" || "RESET_ENABLED_CONTROL",
* ],
* },
* nextToken: "STRING_VALUE",
@@ -61,7 +61,7 @@ export interface ListControlOperationsCommandOutput extends ListControlOperation
* // { // ListControlOperationsOutput
* // controlOperations: [ // ControlOperations // required
* // { // ControlOperationSummary
- * // operationType: "ENABLE_CONTROL" || "DISABLE_CONTROL" || "UPDATE_ENABLED_CONTROL",
+ * // operationType: "ENABLE_CONTROL" || "DISABLE_CONTROL" || "UPDATE_ENABLED_CONTROL" || "RESET_ENABLED_CONTROL",
* // startTime: new Date("TIMESTAMP"),
* // endTime: new Date("TIMESTAMP"),
* // status: "SUCCEEDED" || "FAILED" || "IN_PROGRESS",
diff --git a/clients/client-controltower/src/commands/ResetEnabledControlCommand.ts b/clients/client-controltower/src/commands/ResetEnabledControlCommand.ts
new file mode 100644
index 000000000000..9ed42e33d3a9
--- /dev/null
+++ b/clients/client-controltower/src/commands/ResetEnabledControlCommand.ts
@@ -0,0 +1,113 @@
+// smithy-typescript generated code
+import { getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { getSerdePlugin } from "@smithy/middleware-serde";
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+
+import { ControlTowerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../ControlTowerClient";
+import { commonParams } from "../endpoint/EndpointParameters";
+import { ResetEnabledControlInput, ResetEnabledControlOutput } from "../models/models_0";
+import { de_ResetEnabledControlCommand, se_ResetEnabledControlCommand } from "../protocols/Aws_restJson1";
+
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link ResetEnabledControlCommand}.
+ */
+export interface ResetEnabledControlCommandInput extends ResetEnabledControlInput {}
+/**
+ * @public
+ *
+ * The output of {@link ResetEnabledControlCommand}.
+ */
+export interface ResetEnabledControlCommandOutput extends ResetEnabledControlOutput, __MetadataBearer {}
+
+/**
+ * Resets an enabled control.
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { ControlTowerClient, ResetEnabledControlCommand } from "@aws-sdk/client-controltower"; // ES Modules import
+ * // const { ControlTowerClient, ResetEnabledControlCommand } = require("@aws-sdk/client-controltower"); // CommonJS import
+ * const client = new ControlTowerClient(config);
+ * const input = { // ResetEnabledControlInput
+ * enabledControlIdentifier: "STRING_VALUE", // required
+ * };
+ * const command = new ResetEnabledControlCommand(input);
+ * const response = await client.send(command);
+ * // { // ResetEnabledControlOutput
+ * // operationIdentifier: "STRING_VALUE", // required
+ * // };
+ *
+ * ```
+ *
+ * @param ResetEnabledControlCommandInput - {@link ResetEnabledControlCommandInput}
+ * @returns {@link ResetEnabledControlCommandOutput}
+ * @see {@link ResetEnabledControlCommandInput} for command's `input` shape.
+ * @see {@link ResetEnabledControlCommandOutput} for command's `response` shape.
+ * @see {@link ControlTowerClientResolvedConfig | config} for ControlTowerClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ * You do not have sufficient access to perform this action.
+ *
+ * @throws {@link ConflictException} (client fault)
+ * Updating or deleting the resource can cause an inconsistent state.
+ *
+ * @throws {@link InternalServerException} (server fault)
+ * An unexpected error occurred during processing of a request.
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ * The request references a resource that does not exist.
+ *
+ * @throws {@link ServiceQuotaExceededException} (client fault)
+ * The request would cause a service quota to be exceeded. The limit is 10 concurrent operations.
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ * The request was denied due to request throttling.
+ *
+ * @throws {@link ValidationException} (client fault)
+ * The input does not satisfy the constraints specified by an Amazon Web Services service.
+ *
+ * @throws {@link ControlTowerServiceException}
+ * Base exception class for all service exceptions from ControlTower service.
+ *
+ * @public
+ */
+export class ResetEnabledControlCommand extends $Command
+ .classBuilder<
+ ResetEnabledControlCommandInput,
+ ResetEnabledControlCommandOutput,
+ ControlTowerClientResolvedConfig,
+ ServiceInputTypes,
+ ServiceOutputTypes
+ >()
+ .ep(commonParams)
+ .m(function (this: any, Command: any, cs: any, config: ControlTowerClientResolvedConfig, o: any) {
+ return [
+ getSerdePlugin(config, this.serialize, this.deserialize),
+ getEndpointPlugin(config, Command.getEndpointParameterInstructions()),
+ ];
+ })
+ .s("AWSControlTowerApis", "ResetEnabledControl", {})
+ .n("ControlTowerClient", "ResetEnabledControlCommand")
+ .f(void 0, void 0)
+ .ser(se_ResetEnabledControlCommand)
+ .de(de_ResetEnabledControlCommand)
+ .build() {
+ /** @internal type navigation helper, not in runtime. */
+ protected declare static __types: {
+ api: {
+ input: ResetEnabledControlInput;
+ output: ResetEnabledControlOutput;
+ };
+ sdk: {
+ input: ResetEnabledControlCommandInput;
+ output: ResetEnabledControlCommandOutput;
+ };
+ };
+}
diff --git a/clients/client-controltower/src/commands/UpdateEnabledControlCommand.ts b/clients/client-controltower/src/commands/UpdateEnabledControlCommand.ts
index 0214430f8302..1cec831f92a2 100644
--- a/clients/client-controltower/src/commands/UpdateEnabledControlCommand.ts
+++ b/clients/client-controltower/src/commands/UpdateEnabledControlCommand.ts
@@ -32,7 +32,7 @@ export interface UpdateEnabledControlCommandOutput extends UpdateEnabledControlO
* Updates the configuration of an already enabled control.
* If the enabled control shows an EnablementStatus of SUCCEEDED, supply parameters that are different from the currently configured parameters. Otherwise, Amazon Web Services Control Tower will not accept the request.
* If the enabled control shows an EnablementStatus of FAILED, Amazon Web Services Control Tower updates the control to match any valid parameters that you supply.
- * If the DriftSummary status for the control shows as DRIFTED, you cannot call this API. Instead, you can update the control by calling DisableControl and again calling EnableControl, or you can run an extending governance operation. For usage examples, see the
+ * If the DriftSummary status for the control shows as DRIFTED, you cannot call this API. Instead, you can update the control by calling the ResetEnabledControl API. Alternatively, you can call DisableControl and then call EnableControl again. Also, you can run an extending governance operation to repair drift. For usage examples, see the
* Controls Reference Guide
* .
*
diff --git a/clients/client-controltower/src/commands/index.ts b/clients/client-controltower/src/commands/index.ts
index 068af0cd7f74..97a4ea297d3f 100644
--- a/clients/client-controltower/src/commands/index.ts
+++ b/clients/client-controltower/src/commands/index.ts
@@ -20,6 +20,7 @@ export * from "./ListLandingZoneOperationsCommand";
export * from "./ListLandingZonesCommand";
export * from "./ListTagsForResourceCommand";
export * from "./ResetEnabledBaselineCommand";
+export * from "./ResetEnabledControlCommand";
export * from "./ResetLandingZoneCommand";
export * from "./TagResourceCommand";
export * from "./UntagResourceCommand";
diff --git a/clients/client-controltower/src/models/models_0.ts b/clients/client-controltower/src/models/models_0.ts
index e6dc69d099ef..ec3790a3f4ad 100644
--- a/clients/client-controltower/src/models/models_0.ts
+++ b/clients/client-controltower/src/models/models_0.ts
@@ -336,6 +336,7 @@ export interface GetControlOperationInput {
export const ControlOperationType = {
DISABLE_CONTROL: "DISABLE_CONTROL",
ENABLE_CONTROL: "ENABLE_CONTROL",
+ RESET_ENABLED_CONTROL: "RESET_ENABLED_CONTROL",
UPDATE_ENABLED_CONTROL: "UPDATE_ENABLED_CONTROL",
} as const;
@@ -1342,6 +1343,28 @@ export interface ListEnabledControlsOutput {
nextToken?: string;
}
+/**
+ * @public
+ */
+export interface ResetEnabledControlInput {
+ /**
+ * The ARN of the enabled control to be reset.
+ * @public
+ */
+ enabledControlIdentifier: string | undefined;
+}
+
+/**
+ * @public
+ */
+export interface ResetEnabledControlOutput {
+ /**
+ * The operation identifier for this ResetEnabledControl operation.
+ * @public
+ */
+ operationIdentifier: string | undefined;
+}
+
/**
* @public
*/
diff --git a/clients/client-controltower/src/protocols/Aws_restJson1.ts b/clients/client-controltower/src/protocols/Aws_restJson1.ts
index 7adbe985665b..c4719b6aa984 100644
--- a/clients/client-controltower/src/protocols/Aws_restJson1.ts
+++ b/clients/client-controltower/src/protocols/Aws_restJson1.ts
@@ -72,6 +72,10 @@ import {
ResetEnabledBaselineCommandInput,
ResetEnabledBaselineCommandOutput,
} from "../commands/ResetEnabledBaselineCommand";
+import {
+ ResetEnabledControlCommandInput,
+ ResetEnabledControlCommandOutput,
+} from "../commands/ResetEnabledControlCommand";
import { ResetLandingZoneCommandInput, ResetLandingZoneCommandOutput } from "../commands/ResetLandingZoneCommand";
import { TagResourceCommandInput, TagResourceCommandOutput } from "../commands/TagResourceCommand";
import { UntagResourceCommandInput, UntagResourceCommandOutput } from "../commands/UntagResourceCommand";
@@ -593,6 +597,28 @@ export const se_ResetEnabledBaselineCommand = async (
return b.build();
};
+/**
+ * serializeAws_restJson1ResetEnabledControlCommand
+ */
+export const se_ResetEnabledControlCommand = async (
+ input: ResetEnabledControlCommandInput,
+ context: __SerdeContext
+): Promise<__HttpRequest> => {
+ const b = rb(input, context);
+ const headers: any = {
+ "content-type": "application/json",
+ };
+ b.bp("/reset-enabled-control");
+ let body: any;
+ body = JSON.stringify(
+ take(input, {
+ enabledControlIdentifier: [],
+ })
+ );
+ b.m("POST").h(headers).b(body);
+ return b.build();
+};
+
/**
* serializeAws_restJson1ResetLandingZoneCommand
*/
@@ -1180,6 +1206,27 @@ export const de_ResetEnabledBaselineCommand = async (
return contents;
};
+/**
+ * deserializeAws_restJson1ResetEnabledControlCommand
+ */
+export const de_ResetEnabledControlCommand = async (
+ output: __HttpResponse,
+ context: __SerdeContext
+): Promise => {
+ if (output.statusCode !== 200 && output.statusCode >= 300) {
+ return de_CommandError(output, context);
+ }
+ const contents: any = map({
+ $metadata: deserializeMetadata(output),
+ });
+ const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body");
+ const doc = take(data, {
+ operationIdentifier: __expectString,
+ });
+ Object.assign(contents, doc);
+ return contents;
+};
+
/**
* deserializeAws_restJson1ResetLandingZoneCommand
*/
diff --git a/codegen/sdk-codegen/aws-models/controltower.json b/codegen/sdk-codegen/aws-models/controltower.json
index 556b338c13ba..9750d30c9c97 100644
--- a/codegen/sdk-codegen/aws-models/controltower.json
+++ b/codegen/sdk-codegen/aws-models/controltower.json
@@ -1386,6 +1386,12 @@
"traits": {
"smithy.api#enumValue": "UPDATE_ENABLED_CONTROL"
}
+ },
+ "RESET_ENABLED_CONTROL": {
+ "target": "smithy.api#Unit",
+ "traits": {
+ "smithy.api#enumValue": "RESET_ENABLED_CONTROL"
+ }
}
}
},
@@ -2353,7 +2359,12 @@
},
"list": {
"target": "com.amazonaws.controltower#ListEnabledControls"
- }
+ },
+ "operations": [
+ {
+ "target": "com.amazonaws.controltower#ResetEnabledControl"
+ }
+ ]
},
"com.amazonaws.controltower#EnabledControlSummary": {
"type": "structure",
@@ -4031,6 +4042,76 @@
"smithy.api#output": {}
}
},
+ "com.amazonaws.controltower#ResetEnabledControl": {
+ "type": "operation",
+ "input": {
+ "target": "com.amazonaws.controltower#ResetEnabledControlInput"
+ },
+ "output": {
+ "target": "com.amazonaws.controltower#ResetEnabledControlOutput"
+ },
+ "errors": [
+ {
+ "target": "com.amazonaws.controltower#AccessDeniedException"
+ },
+ {
+ "target": "com.amazonaws.controltower#ConflictException"
+ },
+ {
+ "target": "com.amazonaws.controltower#InternalServerException"
+ },
+ {
+ "target": "com.amazonaws.controltower#ResourceNotFoundException"
+ },
+ {
+ "target": "com.amazonaws.controltower#ServiceQuotaExceededException"
+ },
+ {
+ "target": "com.amazonaws.controltower#ThrottlingException"
+ },
+ {
+ "target": "com.amazonaws.controltower#ValidationException"
+ }
+ ],
+ "traits": {
+ "smithy.api#documentation": "Resets an enabled control.
",
+ "smithy.api#http": {
+ "code": 200,
+ "method": "POST",
+ "uri": "/reset-enabled-control"
+ }
+ }
+ },
+ "com.amazonaws.controltower#ResetEnabledControlInput": {
+ "type": "structure",
+ "members": {
+ "enabledControlIdentifier": {
+ "target": "com.amazonaws.controltower#Arn",
+ "traits": {
+ "smithy.api#documentation": "The ARN of the enabled control to be reset.
",
+ "smithy.api#required": {}
+ }
+ }
+ },
+ "traits": {
+ "smithy.api#input": {}
+ }
+ },
+ "com.amazonaws.controltower#ResetEnabledControlOutput": {
+ "type": "structure",
+ "members": {
+ "operationIdentifier": {
+ "target": "com.amazonaws.controltower#OperationIdentifier",
+ "traits": {
+ "smithy.api#documentation": " The operation identifier for this ResetEnabledControl operation.
",
+ "smithy.api#required": {}
+ }
+ }
+ },
+ "traits": {
+ "smithy.api#output": {}
+ }
+ },
"com.amazonaws.controltower#ResetLandingZone": {
"type": "operation",
"input": {
@@ -4498,7 +4579,7 @@
}
],
"traits": {
- "smithy.api#documentation": "\n Updates the configuration of an already enabled control.
\n If the enabled control shows an EnablementStatus of SUCCEEDED, supply parameters that are different from the currently configured parameters. Otherwise, Amazon Web Services Control Tower will not accept the request.
\n If the enabled control shows an EnablementStatus of FAILED, Amazon Web Services Control Tower updates the control to match any valid parameters that you supply.
\n If the DriftSummary status for the control shows as DRIFTED, you cannot call this API. Instead, you can update the control by calling DisableControl and again calling EnableControl, or you can run an extending governance operation. For usage examples, see the \n Controls Reference Guide\n .\n
",
+ "smithy.api#documentation": "\n Updates the configuration of an already enabled control.
\n If the enabled control shows an EnablementStatus of SUCCEEDED, supply parameters that are different from the currently configured parameters. Otherwise, Amazon Web Services Control Tower will not accept the request.
\n If the enabled control shows an EnablementStatus of FAILED, Amazon Web Services Control Tower updates the control to match any valid parameters that you supply.
\n If the DriftSummary status for the control shows as DRIFTED, you cannot call this API. Instead, you can update the control by calling the ResetEnabledControl API. Alternatively, you can call DisableControl and then call EnableControl again. Also, you can run an extending governance operation to repair drift. For usage examples, see the \n Controls Reference Guide\n .\n
",
"smithy.api#http": {
"code": 200,
"method": "POST",