Resource Type: AWS > Control Tower > Enabled Control

AWS Control Tower Enabled Control - A control (guardrail) that has been enabled on an organizational unit.

Enabled Controls enforce governance rules across all accounts within the target organizational unit. Each enabled control monitors compliance and can take preventive, detective, or proactive actions.

Resource Context

Enabled Control is a part of the Control Tower service.

Each Enabled Control lives under a Landing Zone.

Controls

The primary controls for AWS > Control Tower > Enabled Control are:

Quick Actions

In Your Workspace

Developers

Resource Type URI

tmod:@turbot/aws-controltower#/resource/types/enabledControl

Category URI

tmod:@turbot/turbot#/resource/categories/compliance

GraphQL

query resource(id: "tmod:@turbot/aws-controltower#/resource/types/enabledControl") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/aws-controltower#/resource/types/enabledControl'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/aws-controltower#/resource/types/enabledControl"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws-controltower#/resource/types/enabledControl';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws-controltower#/resource/types/enabledControl"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws-controltower#/resource/types/enabledControl' and notification_type in ('resource_updated', 'resource_created');