pulumi-aws-kotlin/com.pulumi.aws.controltower.kotlin/ControlTowerControlArgs

ControlTowerControlArgs

data class ControlTowerControlArgs(val controlIdentifier: Output<String>? = null, val parameters: Output<List<ControlTowerControlParameterArgs>>? = null, val targetIdentifier: Output<String>? = null) : ConvertibleToJava<ControlTowerControlArgs>

Allows the application of pre-defined controls to organizational units. For more information on usage, please see the AWS Control Tower User Guide.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getRegion({});
const example = aws.organizations.getOrganization({});
const exampleGetOrganizationalUnits = example.then(example => aws.organizations.getOrganizationalUnits({
    parentId: example.roots?.[0]?.id,
}));
const exampleControlTowerControl = new aws.controltower.ControlTowerControl("example", {
    controlIdentifier: current.then(current => `arn:aws:controltower:${current.name}::control/AWS-GR_EC2_VOLUME_INUSE_CHECK`),
    targetIdentifier: exampleGetOrganizationalUnits.then(exampleGetOrganizationalUnits => .filter(x => x.name == "Infrastructure").map(x => (x.arn))[0]),
    parameters: [{
        key: "AllowedRegions",
        value: JSON.stringify(["us-east-1"]),
    }],
});

import pulumi
import json
import pulumi_aws as aws
current = aws.get_region()
example = aws.organizations.get_organization()
example_get_organizational_units = aws.organizations.get_organizational_units(parent_id=example.roots[0].id)
example_control_tower_control = aws.controltower.ControlTowerControl("example",
    control_identifier=f"arn:aws:controltower:{current.name}::control/AWS-GR_EC2_VOLUME_INUSE_CHECK",
    target_identifier=[x&#46;arn for x in example_get_organizational_units&#46;children if x&#46;name == "Infrastructure"][0],
    parameters=[{
        "key": "AllowedRegions",
        "value": json.dumps(["us-east-1"]),
    }])

using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var current = Aws.GetRegion.Invoke();
    var example = Aws.Organizations.GetOrganization.Invoke();
    var exampleGetOrganizationalUnits = Aws.Organizations.GetOrganizationalUnits.Invoke(new()
    {
        ParentId = example.Apply(getOrganizationResult => getOrganizationResult.Roots[0]?.Id),
    });
    var exampleControlTowerControl = new Aws.ControlTower.ControlTowerControl("example", new()
    {
        ControlIdentifier = $"arn:aws:controltower:{current.Apply(getRegionResult => getRegionResult.Name)}::control/AWS-GR_EC2_VOLUME_INUSE_CHECK",
        TargetIdentifier = .Where(x => x.Name == "Infrastructure").Select(x =>
        {
            return x.Arn;
        }).ToList()[0],
        Parameters = new[]
        {
            new Aws.ControlTower.Inputs.ControlTowerControlParameterArgs
            {
                Key = "AllowedRegions",
                Value = JsonSerializer.Serialize(new[]
                {
                    "us-east-1",
                }),
            },
        },
    });
});

Import

Using pulumi import, import Control Tower Controls using their organizational_unit_arn/control_identifier. For example:

$ pulumi import aws:controltower/controlTowerControl:ControlTowerControl example arn:aws:organizations::123456789101:ou/o-qqaejywet/ou-qg5o-ufbhdtv3,arn:aws:controltower:us-east-1::control/WTDSMKDKDNLE

Constructors

ControlTowerControlArgs

constructor(controlIdentifier: Output<String>? = null, parameters: Output<List<ControlTowerControlParameterArgs>>? = null, targetIdentifier: Output<String>? = null)

Properties

controlIdentifier

val controlIdentifier: Output<String>? = null

The ARN of the control. Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny guardrail.

parameters

val parameters: Output<List<ControlTowerControlParameterArgs>>? = null

Parameter values which are specified to configure the control when you enable it. See Parameters for more details.

targetIdentifier

val targetIdentifier: Output<String>? = null

The ARN of the organizational unit. The following arguments are optional:

Functions

toJava

open override fun toJava(): ControlTowerControlArgs