aws · eodeyemi14 · Apr 18, 2025
diff --git a/awscli/examples/controltower/create-landing-zone.rst b/awscli/examples/controltower/create-landing-zone.rst
@@ -0,0 +1,16 @@
+**To Create Control Tower Landing Zone**
+
+The following ``create-landing-zone`` example creates AWS Control Tower Landing Zone ::
+
+    aws controltower create-landing-zone \
+        --landing-zone-version 3.3 \
+        --manifest "file://LandingZoneManifest.json"
+
+Output::
+
+    {
+        "arn": "arn:aws:controltower:us-east-1:123456789012:landingzone/13CJG46WZKXXX4X5",
+        "operationIdentifier": "55XXXXXX-e2XX-41XX-a7XX-446XXXXXXXXX"
+    }
+
+For more information, see `AWS Control Tower Getting Started <https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-with-control-tower.html>`__ in the *AWS Control Tower User Guide*.
diff --git a/awscli/examples/controltower/delete-landing-zone.rst b/awscli/examples/controltower/delete-landing-zone.rst
@@ -0,0 +1,13 @@
+**To Decommission Landing Zone**
+
+The following ``delete-landing-zone`` example decommissions the AWS Control Tower landing zone ::
+
+    aws controltower delete-landing-zone \
+        --landing-zone-identifier arn:aws:controltower:us-east-1:123456789012:landingzone/13CJG46WZKXXX4X5
+
+Output::
+
+    {
+        "operationIdentifier": "47XXXXXX-a6XX-82XX-c9XX-432XXXXXXXXX"
+    }
+For more information, see `Decommission a Landing Zone <https://docs.aws.amazon.com/controltower/latest/userguide/decommission-landing-zone.html>`__ in the *AWS Control Tower User Guide*.
diff --git a/awscli/examples/controltower/disable-baseline.rst b/awscli/examples/controltower/disable-baseline.rst
@@ -0,0 +1,14 @@
+**To Disable A Control Tower Baseline**
+
+The following ``disable-baseline`` example disables an AWS Control Tower baseline::
+
+    aws controltower disable-baseline \
+        --enabled-baseline-identifier arn:aws:controltower:us-east-1:123456789012:enabledbaseline/XOM12BEL4YD578CQ2
+
+Output::
+
+   {
+        "operationIdentifier": "b33486d7-5396-4ad0-9eae-3a57969fe8cd"
+   }
+
+For more information, see `AWS Control Tower Baselines <https://docs.aws.amazon.com/controltower/latest/userguide/types-of-baselines.html>`__ in the *AWS Control Tower User Guide*.
diff --git a/awscli/examples/controltower/disable-control.rst b/awscli/examples/controltower/disable-control.rst
@@ -0,0 +1,15 @@
+**To Disable Control Tower Control**
+
+The following ``disable-control`` example disables an AWS Control Tower enabled control::
+
+    aws controltower disable-control \
+        --control-identifier arn:aws:controlcatalog:::control/497wrm2xnk1wxlf4obrxxxxxx \
+        --target-identifier arn:aws:organizations::123456789012:ou/o-s64ryxxxxx/ou-oqxx-i5wnxxxx
+
+Output::
+
+    {
+        "operationIdentifier": "b8f0dxxx-08xx-43xx-a2xx-568e9922xxxx"
+    }
+
+For more information, see `AWS Control Tower Controls <https://docs.aws.amazon.com/controltower/latest/controlreference/controls.html>`__ in the *AWS Control Tower User Guide*.
diff --git a/awscli/examples/controltower/enable-baseline.rst b/awscli/examples/controltower/enable-baseline.rst
@@ -0,0 +1,32 @@
+**To Enable A Control Tower Baseline**
+
+The following ``enable-baseline`` example enables an AWS Control Tower baseline if baseline 'IdentityCenterBaseline' is **not** enabled::
+
+    aws controltower enable-baseline \
+        --baseline-identifier arn:aws:controltower:us-east-1::baseline/17BSJV3IGJ2QSGA2 \
+        --baseline-version 4.0 \
+        --target-identifier arn:aws:organizations::371737006705:ou/o-s64ryihwdd/ou-oq9f-i5wnx6zf
+
+Output::
+
+   {
+        "arn": "arn:aws:controltower:us-east-1:123456789012:enabledbaseline/XOM12BEL4YD578CQ2",
+        "operationIdentifier": "51e190ac-8a37-4f6d-b63c-fb5104b5db38"
+   }
+
+The following ``enable-baseline`` example enables an AWS Control Tower baseline if baseline 'IdentityCenterBaseline' is enabled::
+
+    aws controltower enable-baseline \
+        --baseline-identifier arn:aws:controltower:us-east-1::baseline/17BSJV3IGJ2QSGA2 \
+        --baseline-version 4.0 \
+        --target-identifier arn:aws:organizations::123456789012:ou/o-s64ryixxxx/ou-oqxx-i5wnxxxx \
+        --parameters '[{"key":"IdentityCenterEnabledBaselineArn","value":"arn:aws:controltower:us-east-1:123456789012:enabledbaseline/XAJNZNCBC1I386C7B"}]'
+
+Output::
+
+   {
+        "arn": "arn:aws:controltower:us-east-1:123456789012:enabledbaseline/XOM12BEL4YD578CQ2",
+        "operationIdentifier": "51e190ac-8a37-4f6d-b63c-fb5104b5db38"
+   }
+
+For more information, see `AWS Control Tower Baselines <https://docs.aws.amazon.com/controltower/latest/userguide/types-of-baselines.html>`__ in the *AWS Control Tower User Guide*.
diff --git a/awscli/examples/controltower/enable-control.rst b/awscli/examples/controltower/enable-control.rst
@@ -0,0 +1,16 @@
+**To Enable Control Tower Control**
+
+The following ``enable-control`` example enables an AWS Control Tower control::
+
+    aws controltower enable-control \
+        --control-identifier arn:aws:controlcatalog:::control/497wrm2xnk1wxlf4obrxxxxxx \
+        --target-identifier arn:aws:organizations::123456789012:ou/o-s64ryxxxxx/ou-oqxx-i5wnxxxx
+
+Output::
+
+    {
+        "arn": "arn:aws:controltower:us-east-1:123456789012:enabledcontrol/18J5KBJ3W3VTIRLV",
+        "operationIdentifier": "7691fc5a-de87-4540-8c95-b0aabd56382c"
+    }
+
+For more information, see `AWS Control Tower Controls <https://docs.aws.amazon.com/controltower/latest/controlreference/controls.html>`__ in the *AWS Control Tower User Guide*.
diff --git a/awscli/examples/controltower/get-baseline-operation.rst b/awscli/examples/controltower/get-baseline-operation.rst
@@ -0,0 +1,21 @@
+**To Get A Control Tower Baseline Operation**
+
+The following ``get-baseline-operation`` example get details of an AWS Control Tower baseline operation::
+
+    aws controltower get-baseline-operation \
+        --operation-identifier "51e190ac-8a37-4f6d-b63c-fb5104b5db38"
+
+Output::
+
+    {
+        "baselineOperation": {
+            "endTime": "2025-04-17T23:48:46+00:00",
+            "operationIdentifier": "51e190ac-8a37-4f6d-b63c-fb5104b5db38",
+            "operationType": "ENABLE_BASELINE",
+            "startTime": "2025-04-17T23:46:37+00:00",
+            "status": "SUCCEEDED",
+            "statusMessage": "AWS Control Tower completed the baseline operation successfully."
+        }
+    }
+
+For more information, see `AWS Control Tower Baselines <https://docs.aws.amazon.com/controltower/latest/userguide/types-of-baselines.html>`__ in the *AWS Control Tower User Guide*.
diff --git a/awscli/examples/controltower/get-baseline.rst b/awscli/examples/controltower/get-baseline.rst
@@ -0,0 +1,16 @@
+**To Get A Control Tower Baseline**
+
+The following ``get-baseline`` example gets details of an AWS Control Tower baseline::
+
+    aws controltower get-baseline \
+        --baseline-identifier arn:aws:controltower:us-east-1::baseline/LN25R72TTG6IGPTQ
+
+Output::
+
+    {
+        "arn": "arn:aws:controltower:us-east-1::baseline/LN25R72TTG6IGPTQ",
+        "description": "Sets up shared resources for AWS Identity Center, which prepares the AWSControlTowerBaseline to set up Identity Center access for accounts.",
+        "name": "IdentityCenterBaseline"
+    }
+
+For more information, see `AWS Control Tower Baselines <https://docs.aws.amazon.com/controltower/latest/userguide/types-of-baselines.html>`__ in the *AWS Control Tower User Guide*.
diff --git a/awscli/examples/controltower/get-control-operation.rst b/awscli/examples/controltower/get-control-operation.rst
@@ -0,0 +1,24 @@
+**To Get Control Tower Control Operations**
+
+The following ``get-control-operation`` example get details of an AWS Control Tower control operation::
+
+    aws controltower get-control-operation \
+        --operation-identifier "7691fc5a-de87-4540-8c95-b0aabd56382c"
+
+Output::
+
+    {
+        "controlOperation": {
+            "controlIdentifier": "arn:aws:controlcatalog:::control/497wrm2xnk1wxlf4obrdo7mej",
+            "enabledControlIdentifier": "arn:aws:controltower:us-east-1:123456789012:enabledcontrol/18J5KBJ3W3VTIRLV",
+            "endTime": "2025-04-17T03:08:55+00:00",
+            "operationIdentifier": "7691fc5a-de87-4540-8c95-b0aabd56382c",
+            "operationType": "ENABLE_CONTROL",
+            "startTime": "2025-04-17T03:07:52+00:00",
+            "status": "SUCCEEDED",
+            "statusMessage": "Operation was successful.",
+            "targetIdentifier": "arn:aws:organizations::123456789012:ou/o-s64ryixxxx/ou-oqxx-i5wnxxxx"
+        }
+    }
+
+For more information, see `AWS Control Tower Controls <https://docs.aws.amazon.com/controltower/latest/controlreference/controls.html>`__ in the *AWS Control Tower User Guide*.
diff --git a/awscli/examples/controltower/get-enabled-baseline.rst b/awscli/examples/controltower/get-enabled-baseline.rst
@@ -0,0 +1,29 @@
+**To Get A Control Tower Enabled Baseline**
+
+The following ``get-enabled-baseline`` example get details of an AWS Control Tower enabled baseline::
+
+    aws controltower get-enabled-baseline \
+        --enabled-baseline-identifier arn:aws:controltower:us-east-1:123456789012:enabledbaseline/XOM12BEL4YD578CQ2
+
+Output::
+
+    {
+        "enabledBaselineDetails": {
+            "arn": "arn:aws:controltower:us-east-1:123456789012:enabledbaseline/XOM12BEL4YD578CQ2",
+            "baselineIdentifier": "arn:aws:controltower:us-east-1::baseline/17BSJV3IGJ2QSGA2",
+            "baselineVersion": "4.0",
+            "parameters": [
+                {
+                    "key": "IdentityCenterEnabledBaselineArn",
+                    "value": "arn:aws:controltower:us-east-1:123456789012:enabledbaseline/XAJNZNCBC1I386C7B"
+                }
+            ],
+            "statusSummary": {
+                "lastOperationIdentifier": "51e190ac-8a37-4f6d-b63c-fb5104b5db38",
+                "status": "SUCCEEDED"
+            },
+            "targetIdentifier": "arn:aws:organizations::123456789012:ou/o-3onqfufxxx/ou-g8xx-5kluxxxx"
+        }
+    }
+
+For more information, see `AWS Control Tower Baselines <https://docs.aws.amazon.com/controltower/latest/userguide/types-of-baselines.html>`__ in the *AWS Control Tower User Guide*.
diff --git a/awscli/examples/controltower/get-enabled-control.rst b/awscli/examples/controltower/get-enabled-control.rst
@@ -0,0 +1,39 @@
+**To Get Control Tower Enabled Control**
+
+The following ``get-enabled-control`` example get details of an AWS Control Tower enabled control::
+
+    aws controltower get-enabled-control \
+        --enabled-control-identifier arn:aws:controltower:us-east-1:123456789012:enabledcontrol/26RGJRSLXCP1KW8D
+
+Output::
+
+    {
+        "enabledControlDetails": {
+            "arn": "arn:aws:controltower:us-east-1:123456789012:enabledcontrol/26RGJRSLXCP1KW8D",
+            "controlIdentifier": "arn:aws:controltower:us-east-1::control/AWS-GR_CLOUDTRAIL_CHANGE_PROHIBITED",
+            "driftStatusSummary": {
+                 "driftStatus": "NOT_CHECKING"
+            },
+            "parameters": [],
+            "statusSummary": {
+                "status": "SUCCEEDED"
+            },
+            "targetIdentifier": "arn:aws:organizations::123456789012:ou/o-s64ryixxxx/ou-oqxx-i5wnxxxx",
+            "targetRegions": [
+                {
+                    "name": "ap-south-2"
+                },
+                {
+                    "name": "ap-south-1"
+                },
+                {
+                    "name": "eu-south-1"
+                },
+                {
+                    "name": "us-east-1"
+                }
+            ]
+        }
+    }
+
+For more information, see `AWS Control Tower Controls <https://docs.aws.amazon.com/controltower/latest/controlreference/controls.html>`__ in the *AWS Control Tower User Guide*.
diff --git a/awscli/examples/controltower/get-landing-zone-operation.rst b/awscli/examples/controltower/get-landing-zone-operation.rst
@@ -0,0 +1,19 @@
+**To Get Control Tower Landing Zone Operation**
+
+The following ``get-landing-zone-operation`` example get details of an AWS Control Tower landing zone operation::
+
+    aws controltower get-landing-zone-operation \
+        --operation-identifier ee9d0d2d-6532-42d8-9b85-3fbb0700a606
+
+Output::
+
+    {
+        "operationDetails": {
+            "operationIdentifier": "ee9d0d2d-6532-42d8-9b85-3fbb0700a606",
+            "operationType": "RESET",
+            "startTime": "2025-04-17T03:19:33+00:00",
+            "status": "IN_PROGRESS"
+        }
+    }
+
+For more information, see `AWS Control Tower Getting Started <https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-with-control-tower.html>`__ in the *AWS Control Tower User Guide*.
diff --git a/awscli/examples/controltower/get-landing-zone.rst b/awscli/examples/controltower/get-landing-zone.rst
@@ -0,0 +1,51 @@
+**To Describe A Control Tower Landing Zone**
+
+The following ``get-landing-zone`` example get details of AWS Control Tower Landing Zone::
+
+    aws controltower get-landing-zone \
+        --landing-zone-identifier arn:aws:controltower:us-east-1:123456789012:landingzone/13CJG46WZKXXX4X5
+
+Output::
+
+    {
+        "landingZone": {
+            "arn": "arn:aws:controltower:us-east-1:123456789012:landingzone/13CJG46WZKXXX4X5",
+            "driftStatus": {
+                "status": "IN_SYNC"
+            },
+            "latestAvailableVersion": "3.3",
+            "manifest": {
+                "accessManagement": {
+                    "enabled": true
+                },
+                "securityRoles": {
+                    "accountId": "098765432101"
+                },
+                "governedRegions": [
+                    "us-east-1",
+                    "us-west-2"
+                ],
+                "organizationStructure": {
+                    "security": {
+                        "name": "Security"
+                    }
+                },
+                "centralizedLogging": {
+                    "accountId": "543210987654",
+                    "configurations": {
+                        "loggingBucket": {
+                            "retentionDays": 365
+                        },
+                        "kmsKeyArn": "<arn_of_kms_key",
+                        "accessLoggingBucket": {
+                            "retentionDays": 3650
+                        }
+                    },
+                    "enabled": true
+                }
+            },
+            "status": "ACTIVE",
+            "version": "3.3"
+        }
+    }
+For more information, see `AWS Control Tower Getting Started <https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-with-control-tower.html>`__ in the *AWS Control Tower User Guide*.
diff --git a/awscli/examples/controltower/list-baselines.rst b/awscli/examples/controltower/list-baselines.rst
@@ -0,0 +1,49 @@
+**To List Control Tower Baselines**
+
+The following ``list-baselines`` example lists all available AWS Control Tower baselines::
+
+    aws controltower list-baselines
+
+Output::
+
+    {
+        "baselines": [
+            {
+                "arn": "arn:aws:controltower:us-east-1::baseline/4T4HA1KMO10S6311",
+                "description": "Sets up resources to monitor security and compliance of accounts in your organization.",
+                "name": "AuditBaseline"
+            },
+            {
+                "arn": "arn:aws:controltower:us-east-1::baseline/J8HX46AHS5MIKQPD",
+                "description": "Sets up a central repository for logs of API activities and resource configurations from accounts in your organization.",
+                "name": "LogArchiveBaseline"
+            },
+            {
+                "arn": "arn:aws:controltower:us-east-1::baseline/LN25R72TTG6IGPTQ",
+                "description": "Sets up shared resources for AWS Identity Center, which prepares the AWSControlTowerBaseline to set up Identity Center access for accounts.",
+                "name": "IdentityCenterBaseline"
+            },
+            {
+                "arn": "arn:aws:controltower:us-east-1::baseline/17BSJV3IGJ2QSGA2",
+                "description": "Sets up resources and mandatory controls for member accounts within the target OU, required for AWS Control Tower governance.",
+                "name": "AWSControlTowerBaseline"
+            },
+            {
+                "arn": "arn:aws:controltower:us-east-1::baseline/3WPD0NA6TJ9AOMU2",
+                "description": "Sets up a central AWS Backup vault in your organization.",
+                "name": "BackupCentralVaultBaseline"
+            },
+            {
+                "arn": "arn:aws:controltower:us-east-1::baseline/H6C5JFCJJ3CPU3J5",
+                "description": "Sets up AWS Backup Audit Manager.",
+                "name": "BackupAdminBaseline"
+            },
+            {
+                "arn": "arn:aws:controltower:us-east-1::baseline/APO9ATVPBKFRRGLK",
+                "description": "Sets up a local AWS Backup vault and attaches multiple AWS Backup plans.",
+                "name": "BackupBaseline"
+            }
+        ]
+    }
+
+For more information, see `AWS Control Tower Baselines <https://docs.aws.amazon.com/controltower/latest/userguide/types-of-baselines.html>`__ in the *AWS Control Tower User Guide*.