controltower:*AWS AWS Control Tower IAM Actions
65 IAM actions for controltower:*
Actions
65 actions available. Filter by access level or search by name.
Filter:
| Action | Access Level |
|---|---|
controltower:CreateLandingZone | Write |
controltower:CreateManagedAccount | Write |
controltower:DeleteLandingZone | Write |
controltower:DeregisterManagedAccount | Write |
controltower:DeregisterOrganizationalUnit | Write |
controltower:DescribeAccountFactoryConfig | Read |
controltower:DescribeCoreService | Read |
controltower:DescribeGuardrail | Read |
controltower:DescribeGuardrailForTarget | Read |
controltower:DescribeLandingZoneConfiguration | Read |
controltower:DescribeManagedAccount | Read |
controltower:DescribeManagedOrganizationalUnit | Read |
controltower:DescribeRegisterOrganizationalUnitOperation | Read |
controltower:DescribeSingleSignOn | Read |
controltower:DisableBaseline | Write |
controltower:DisableControl | Write |
controltower:DisableGuardrail | Write |
controltower:EnableBaseline | Write |
controltower:EnableControl | Write |
controltower:EnableGuardrail | Write |
controltower:GetAccountInfo | Read |
controltower:GetAvailableUpdates | Read |
controltower:GetBaseline | Read |
controltower:GetBaselineOperation | Read |
controltower:GetControlOperation | Read |
controltower:GetEnabledBaseline | Read |
controltower:GetEnabledControl | Read |
controltower:GetGuardrailComplianceStatus | Read |
controltower:GetHomeRegion | Read |
controltower:GetLandingZone | Read |
controltower:GetLandingZoneDriftStatus | Read |
controltower:GetLandingZoneOperation | Read |
controltower:GetLandingZoneStatus | Read |
controltower:ListBaselines | List |
controltower:ListControlOperations | List |
controltower:ListDirectoryGroups | List |
controltower:ListDriftDetails | List |
controltower:ListEnabledBaselines | List |
controltower:ListEnabledControls | List |
controltower:ListEnabledGuardrails | List |
controltower:ListExtendGovernancePrecheckDetails | List |
controltower:ListExternalConfigRuleCompliance | List |
controltower:ListGuardrails | List |
controltower:ListGuardrailsForTarget | List |
controltower:ListGuardrailViolations | List |
controltower:ListLandingZoneOperations | List |
controltower:ListLandingZones | List |
controltower:ListManagedAccounts | List |
controltower:ListManagedAccountsForGuardrail | List |
controltower:ListManagedAccountsForParent | List |
controltower:ListManagedOrganizationalUnits | List |
controltower:ListManagedOrganizationalUnitsForGuardrail | List |
controltower:ListTagsForResource | Tagging |
controltower:ManageOrganizationalUnit | Read |
controltower:PerformPreLaunchChecks | Read |
controltower:ResetEnabledBaseline | Write |
controltower:ResetEnabledControl | Write |
controltower:ResetLandingZone | Write |
controltower:SetupLandingZone | Write |
controltower:TagResource | Tagging |
controltower:UntagResource | Tagging |
controltower:UpdateAccountFactoryConfig | Write |
controltower:UpdateEnabledBaseline | Write |
controltower:UpdateEnabledControl | Write |
controltower:UpdateLandingZone | Write |
Resource Types
ARN patterns for resources in this service.
| Resource | ARN Pattern |
|---|---|
${ResourceType} | arn:aws:controltower:${Region}:${Account}:${ResourceType}/${ResourceName} |
Condition Keys
Condition keys you can use in IAM policy conditions for this service.
aws:RequestTag/${TagKey}aws:ResourceTag/${TagKey}aws:TagKeysLearn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to NewsletterLearn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to NewsletterQuick Facts
Total Actions65
Prefix
controltowerResource Types1
Condition Keys3
Access Level Breakdown
Read24
Write19
List19
Tagging3