aws-iam-policy-types / Exports / AwsControltowerActions
All IAM policy actions for AWS Control Tower (CONTROLTOWER)
Extracted by aws-iam-policy
from
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscontroltower.html
2024-02-12T09:56:48.712Z
- CreateLandingZone
- CreateManagedAccount
- DeleteLandingZone
- DeregisterManagedAccount
- DeregisterOrganizationalUnit
- DescribeAccountFactoryConfig
- DescribeCoreService
- DescribeGuardrail
- DescribeGuardrailForTarget
- DescribeLandingZoneConfiguration
- DescribeManagedAccount
- DescribeManagedOrganizationalUnit
- DescribeRegisterOrganizationalUnitOperation
- DescribeSingleSignOn
- DisableControl
- DisableGuardrail
- EnableControl
- EnableGuardrail
- GetAccountInfo
- GetAvailableUpdates
- GetControlOperation
- GetEnabledControl
- GetGuardrailComplianceStatus
- GetHomeRegion
- GetLandingZone
- GetLandingZoneDriftStatus
- GetLandingZoneOperation
- GetLandingZoneStatus
- ListDirectoryGroups
- ListDriftDetails
- ListEnabledControls
- ListEnabledGuardrails
- ListExtendGovernancePrecheckDetails
- ListExternalConfigRuleCompliance
- ListGuardrailViolations
- ListGuardrails
- ListGuardrailsForTarget
- ListLandingZones
- ListManagedAccounts
- ListManagedAccountsForGuardrail
- ListManagedAccountsForParent
- ListManagedOrganizationalUnits
- ListManagedOrganizationalUnitsForGuardrail
- ListTagsForResource
- ManageOrganizationalUnit
- PerformPreLaunchChecks
- ResetLandingZone
- SetupLandingZone
- TagResource
- UntagResource
- UpdateAccountFactoryConfig
- UpdateEnabledControl
- UpdateLandingZone
• CreateLandingZone = "controltower:CreateLandingZone"
Grants permission to create a landing zone
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_CreateLandingZone.html
actions/controltower.ts:17
• CreateManagedAccount = "controltower:CreateManagedAccount"
Grants permission to create an account managed by AWS Control Tower
See https://docs.aws.amazon.com/controltower/latest/userguide/account-factory.html
actions/controltower.ts:23
• DeleteLandingZone = "controltower:DeleteLandingZone"
Grants permission to delete AWS Control Tower landing zone
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_DeleteLandingZone.html
actions/controltower.ts:29
• DeregisterManagedAccount = "controltower:DeregisterManagedAccount"
Grants permission to deregister an account created through the account factory from AWS Control Tower
See https://docs.aws.amazon.com/controltower/latest/userguide/account-factory.html
actions/controltower.ts:36
• DeregisterOrganizationalUnit = "controltower:DeregisterOrganizationalUnit"
Grants permission to deregister an organizational unit from AWS Control Tower m anagement
See https://docs.aws.amazon.com/controltower/latest/userguide/organizations.html
actions/controltower.ts:43
• DescribeAccountFactoryConfig = "controltower:DescribeAccountFactoryConfig"
Grants permission to describe the current account factory configuration
See https://docs.aws.amazon.com/controltower/latest/userguide/account-factory.html
actions/controltower.ts:49
• DescribeCoreService = "controltower:DescribeCoreService"
Grants permission to describe resources managed by core accounts in AWS Control Tower
See https://docs.aws.amazon.com/controltower/latest/userguide/how-control-tower-works.html#what-shared
actions/controltower.ts:56
• DescribeGuardrail = "controltower:DescribeGuardrail"
Grants permission to describe a guardrail
See https://docs.aws.amazon.com/controltower/latest/userguide/controls.html
actions/controltower.ts:62
• DescribeGuardrailForTarget = "controltower:DescribeGuardrailForTarget"
Grants permission to describe a guardrail for a organizational unit
See https://docs.aws.amazon.com/controltower/latest/userguide/controls.html
actions/controltower.ts:68
• DescribeLandingZoneConfiguration = "controltower:DescribeLandingZoneConfiguration"
Grants permission to describe the current Landing Zone configuration
See https://docs.aws.amazon.com/controltower/latest/userguide/step-two.html
actions/controltower.ts:74
• DescribeManagedAccount = "controltower:DescribeManagedAccount"
Grants permission to describe an account created through account factory
See https://docs.aws.amazon.com/controltower/latest/userguide/account-factory.html
actions/controltower.ts:80
• DescribeManagedOrganizationalUnit = "controltower:DescribeManagedOrganizationalUnit"
Grants permission to describe an AWS Organizations organizational unit managed by AWS Control Tower
See https://docs.aws.amazon.com/controltower/latest/userguide/organizations.html
actions/controltower.ts:87
• DescribeRegisterOrganizationalUnitOperation = "controltower:DescribeRegisterOrganizationalUnitOperation"
Grants permission to describe a Register Organizational Unit Operation
See https://docs.aws.amazon.com/controltower/latest/userguide/about-extending-governance.html
actions/controltower.ts:93
• DescribeSingleSignOn = "controltower:DescribeSingleSignOn"
Grants permission to describe the current AWS Control Tower &SSO; configuration
See https://docs.aws.amazon.com/controltower/latest/userguide/sso.html
actions/controltower.ts:99
• DisableControl = "controltower:DisableControl"
Grants permission to remove a control from an organizational unit
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_DisableControl.html
actions/controltower.ts:105
• DisableGuardrail = "controltower:DisableGuardrail"
Grants permission to disable a guardrail from an organizational unit
See https://docs.aws.amazon.com/controltower/latest/userguide/enable-controls-on-ou.html
actions/controltower.ts:111
• EnableControl = "controltower:EnableControl"
Grants permission to activate a control for an organizational unit
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_EnableControl.html
actions/controltower.ts:117
• EnableGuardrail = "controltower:EnableGuardrail"
Grants permission to enable a guardrail to an organizational unit
See https://docs.aws.amazon.com/controltower/latest/userguide/enable-controls-on-ou.html
actions/controltower.ts:123
• GetAccountInfo = "controltower:GetAccountInfo"
Grants permission to describe an account email and validate that it exists
See https://docs.aws.amazon.com/controltower/latest/userguide/accounts.html
actions/controltower.ts:129
• GetAvailableUpdates = "controltower:GetAvailableUpdates"
Grants permission to list available updates for the current AWS Control Tower d eployment
See https://docs.aws.amazon.com/controltower/latest/userguide/configuration-updates.html
actions/controltower.ts:136
• GetControlOperation = "controltower:GetControlOperation"
Grants permission to get the current status of a particular EnabledControl or D isableControl operation
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_GetControlOperation.html
actions/controltower.ts:143
• GetEnabledControl = "controltower:GetEnabledControl"
Grants permission to get an enabled control from an organizational unit
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_GetEnabledControl.html
actions/controltower.ts:149
• GetGuardrailComplianceStatus = "controltower:GetGuardrailComplianceStatus"
Grants permission to get the current compliance status of a guardrail
See https://docs.aws.amazon.com/controltower/latest/userguide/controls.html
actions/controltower.ts:155
• GetHomeRegion = "controltower:GetHomeRegion"
Grants permission to get the home region of the AWS Control Tower setup
See https://docs.aws.amazon.com/controltower/latest/userguide/how-control-tower-works.html#region-how
actions/controltower.ts:161
• GetLandingZone = "controltower:GetLandingZone"
Grants permission to get the current status of the landing zone setup
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_GetLandingZone.html
actions/controltower.ts:167
• GetLandingZoneDriftStatus = "controltower:GetLandingZoneDriftStatus"
Grants permission to get the current landing zone drift status
See https://docs.aws.amazon.com/controltower/latest/userguide/drift.html
actions/controltower.ts:173
• GetLandingZoneOperation = "controltower:GetLandingZoneOperation"
Grants permission to get the current status of a particular landing zone operat ion
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_GetLandingZoneOperation.html
actions/controltower.ts:180
• GetLandingZoneStatus = "controltower:GetLandingZoneStatus"
Grants permission to get the current status of the landing zone setup
actions/controltower.ts:186
• ListDirectoryGroups = "controltower:ListDirectoryGroups"
Grants permission to list the current directory groups available through &SSO;
See https://docs.aws.amazon.com/controltower/latest/userguide/sso.html
actions/controltower.ts:192
• ListDriftDetails = "controltower:ListDriftDetails"
Grants permission to list occurrences of drift in AWS Control Tower
See https://docs.aws.amazon.com/controltower/latest/userguide/drift.html
actions/controltower.ts:198
• ListEnabledControls = "controltower:ListEnabledControls"
Grants permission to list all enabled controls in a specified organizational un it
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_ListEnabledControls.html
actions/controltower.ts:205
• ListEnabledGuardrails = "controltower:ListEnabledGuardrails"
Grants permission to list currently enabled guardrails
See https://docs.aws.amazon.com/controltower/latest/userguide/controls.html
actions/controltower.ts:211
• ListExtendGovernancePrecheckDetails = "controltower:ListExtendGovernancePrecheckDetails"
Grants permission to list Precheck details for an Organizational Unit
See https://docs.aws.amazon.com/controltower/latest/userguide/about-extending-governance.html
actions/controltower.ts:217
• ListExternalConfigRuleCompliance = "controltower:ListExternalConfigRuleCompliance"
Grants permission to list the compliance of external AWS Config rules
See https://docs.aws.amazon.com/controltower/latest/userguide/review-compliance.html
actions/controltower.ts:223
• ListGuardrailViolations = "controltower:ListGuardrailViolations"
Grants permission to list existing guardrail violations
See https://docs.aws.amazon.com/controltower/latest/userguide/controls.html
actions/controltower.ts:229
• ListGuardrails = "controltower:ListGuardrails"
Grants permission to list all available guardrails
See https://docs.aws.amazon.com/controltower/latest/userguide/controls.html
actions/controltower.ts:235
• ListGuardrailsForTarget = "controltower:ListGuardrailsForTarget"
Grants permission to list guardrails and their current state for a organization al unit
See https://docs.aws.amazon.com/controltower/latest/userguide/controls.html
actions/controltower.ts:242
• ListLandingZones = "controltower:ListLandingZones"
Grants permission to list all landing zones
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_ListLandingZones.html
actions/controltower.ts:248
• ListManagedAccounts = "controltower:ListManagedAccounts"
Grants permission to list accounts managed through AWS Control Tower
See https://docs.aws.amazon.com/controltower/latest/userguide/account-factory.html
actions/controltower.ts:254
• ListManagedAccountsForGuardrail = "controltower:ListManagedAccountsForGuardrail"
Grants permission to list managed accounts with a specified guardrail applied
See https://docs.aws.amazon.com/controltower/latest/userguide/account-factory.html
actions/controltower.ts:260
• ListManagedAccountsForParent = "controltower:ListManagedAccountsForParent"
Grants permission to list managed accounts under an organizational unit
See https://docs.aws.amazon.com/controltower/latest/userguide/account-factory.html
actions/controltower.ts:266
• ListManagedOrganizationalUnits = "controltower:ListManagedOrganizationalUnits"
Grants permission to list organizational units managed by AWS Control Tower
See https://docs.aws.amazon.com/controltower/latest/userguide/organizations.html
actions/controltower.ts:272
• ListManagedOrganizationalUnitsForGuardrail = "controltower:ListManagedOrganizationalUnitsForGuardrail"
Grants permission to list managed organizational units that have a specified gu ardrail applied
See https://docs.aws.amazon.com/controltower/latest/userguide/organizations.html
actions/controltower.ts:279
• ListTagsForResource = "controltower:ListTagsForResource"
Grants permission to list the tags for a resource
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_ListTagsForResource.html
actions/controltower.ts:285
• ManageOrganizationalUnit = "controltower:ManageOrganizationalUnit"
Grants permission to set up an organizational unit to be managed by AWS Control Tower
See https://docs.aws.amazon.com/controltower/latest/userguide/organizations.html
actions/controltower.ts:292
• PerformPreLaunchChecks = "controltower:PerformPreLaunchChecks"
Grants permission to perform validations in an account
See https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-prereqs.html
actions/controltower.ts:298
• ResetLandingZone = "controltower:ResetLandingZone"
Grants permission to reset a landing zone
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_ResetLandingZone.html
actions/controltower.ts:304
• SetupLandingZone = "controltower:SetupLandingZone"
Grants permission to set up or update AWS Control Tower landing zone
actions/controltower.ts:310
• TagResource = "controltower:TagResource"
Grants permission to add tags to a resource
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_TagResource.html
actions/controltower.ts:316
• UntagResource = "controltower:UntagResource"
Grants permission to remove tags from a resource
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_UntagResource.html
actions/controltower.ts:322
• UpdateAccountFactoryConfig = "controltower:UpdateAccountFactoryConfig"
Grants permission to update the account factory configuration
See https://docs.aws.amazon.com/controltower/latest/userguide/account-factory.html
actions/controltower.ts:328
• UpdateEnabledControl = "controltower:UpdateEnabledControl"
Grants permission to update an enabled control for an organizational unit
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_UpdateEnabledControl.html
actions/controltower.ts:334
• UpdateLandingZone = "controltower:UpdateLandingZone"
Grants permission to update a landing zone
See https://docs.aws.amazon.com/controltower/latest/APIReference/API_UpdateLandingZone.html
actions/controltower.ts:340