pulumi-aws-kotlin/com.pulumi.aws.controltower.kotlin/ControlTowerControlArgs

ControlTowerControlArgs

data class ControlTowerControlArgs(val controlIdentifier: Output<String>? = null, val targetIdentifier: Output<String>? = null) : ConvertibleToJava<ControlTowerControlArgs>

Allows the application of pre-defined controls to organizational units. For more information on usage, please see the AWS Control Tower User Guide.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getRegion({});
const example = aws.organizations.getOrganization({});
const exampleGetOrganizationalUnits = example.then(example => aws.organizations.getOrganizationalUnits({
    parentId: example.roots?.[0]?.id,
}));
const exampleControlTowerControl = new aws.controltower.ControlTowerControl("example", {
    controlIdentifier: current.then(current => `arn:aws:controltower:${current.name}::control/AWS-GR_EC2_VOLUME_INUSE_CHECK`),
    targetIdentifier: exampleGetOrganizationalUnits.then(exampleGetOrganizationalUnits => .filter(x => x.name == "Infrastructure").map(x => (x.arn))[0]),
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
current = aws.get_region()
example = aws.organizations.get_organization()
example_get_organizational_units = aws.organizations.get_organizational_units(parent_id=example.roots[0].id)
example_control_tower_control = aws.controltower.ControlTowerControl("example",
    control_identifier=f"arn:aws:controltower:{current.name}::control/AWS-GR_EC2_VOLUME_INUSE_CHECK",
    target_identifier=[x&#46;arn for x in example_get_organizational_units&#46;children if x&#46;name == "Infrastructure"][0])
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var current = Aws.GetRegion.Invoke();
    var example = Aws.Organizations.GetOrganization.Invoke();
    var exampleGetOrganizationalUnits = Aws.Organizations.GetOrganizationalUnits.Invoke(new()
    {
        ParentId = example.Apply(getOrganizationResult => getOrganizationResult.Roots[0]?.Id),
    });
    var exampleControlTowerControl = new Aws.ControlTower.ControlTowerControl("example", new()
    {
        ControlIdentifier = $"arn:aws:controltower:{current.Apply(getRegionResult => getRegionResult.Name)}::control/AWS-GR_EC2_VOLUME_INUSE_CHECK",
        TargetIdentifier = .Where(x => x.Name == "Infrastructure").Select(x =>
        {
            return x.Arn;
        }).ToList()[0],
    });
});
Content copied to clipboard

Import

Using pulumi import, import Control Tower Controls using their organizational_unit_arn/control_identifier. For example:

$ pulumi import aws:controltower/controlTowerControl:ControlTowerControl example arn:aws:organizations::123456789101:ou/o-qqaejywet/ou-qg5o-ufbhdtv3,arn:aws:controltower:us-east-1::control/WTDSMKDKDNLE
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(controlIdentifier: Output<String>? = null, targetIdentifier: Output<String>? = null)

Properties

Link copied to clipboard
val controlIdentifier: Output<String>? = null

The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny guardrail.

Link copied to clipboard
val targetIdentifier: Output<String>? = null

The ARN of the organizational unit.

Functions

Link copied to clipboard
open override fun toJava(): ControlTowerControlArgs