Class ControlParameter

java.lang.Object
software.amazon.awssdk.services.controlcatalog.model.ControlParameter
All Implemented Interfaces:
Serializable, SdkPojo, ToCopyableBuilder<ControlParameter.Builder,ControlParameter>
@Generated("software.amazon.awssdk:codegen") public final class ControlParameter extends Object implements SdkPojo, Serializable, ToCopyableBuilder<ControlParameter.Builder,ControlParameter>

Five types of control parameters are supported.

  • AllowedRegions: List of Amazon Web Services Regions exempted from the control. Each string is expected to be an Amazon Web Services Region code. This parameter is mandatory for the OU Region deny control, CT.MULTISERVICE.PV.1.

    Example: ["us-east-1","us-west-2"]

  • ExemptedActions: List of Amazon Web Services IAM actions exempted from the control. Each string is expected to be an IAM action.

    Example: ["logs:DescribeLogGroups","logs:StartQuery","logs:GetQueryResults"]

  • ExemptedPrincipalArns: List of Amazon Web Services IAM principal ARNs exempted from the control. Each string is expected to be an IAM principal that follows the pattern ^arn:(aws|aws-us-gov):(iam|sts)::.+:.+$

    Example: ["arn:aws:iam::*:role/ReadOnly","arn:aws:sts::*:assumed-role/ReadOnly/*"]

  • ExemptedResourceArns: List of resource ARNs exempted from the control. Each string is expected to be a resource ARN.

    Example: ["arn:aws:s3:::my-bucket-name"]

  • ExemptAssumeRoot: A parameter that lets you choose whether to exempt requests made with AssumeRoot from this control, for this OU. For member accounts, the AssumeRoot property is included in requests initiated by IAM centralized root access. This parameter applies only to the AWS-GR_RESTRICT_ROOT_USER control. If you add the parameter when enabling the control, the AssumeRoot exemption is allowed. If you omit the parameter, the AssumeRoot exception is not permitted. The parameter does not accept False as a value.

    Example: Enabling the control and allowing AssumeRoot

    { "controlIdentifier": "arn:aws:controlcatalog:::control/5kvme4m5d2b4d7if2fs5yg2ui", "parameters": [ { "key": "ExemptAssumeRoot", "value": true } ], "targetIdentifier": "arn:aws:organizations::8633900XXXXX:ou/o-6jmn81636m/ou-qsah-jtiihcla" }

See Also:

  • Method Details

    • name

      public final String name()

      The parameter name. This name is the parameter key when you call EnableControl or UpdateEnabledControl .

      Returns:
      The parameter name. This name is the parameter key when you call EnableControl or UpdateEnabledControl .

    • toBuilder

      public ControlParameter.Builder toBuilder()
      Description copied from interface: ToCopyableBuilder
      Take this object and create a builder that contains all of the current property values of this object.
      Specified by:
      toBuilder in interface ToCopyableBuilder<ControlParameter.Builder,ControlParameter>
      Returns:
      a builder for type T

    • builder

      public static ControlParameter.Builder builder()

    • serializableBuilderClass

      public static Class<? extends ControlParameter.Builder> serializableBuilderClass()

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public final boolean equals(Object obj)
      Overrides:
      equals in class Object

    • equalsBySdkFields

      public final boolean equalsBySdkFields(Object obj)
      Description copied from interface: SdkPojo
      Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

      If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

      Specified by:
      equalsBySdkFields in interface SdkPojo
      Parameters:
      obj - the object to be compared with
      Returns:
      true if the other object equals to this object by sdk fields, false otherwise.

    • toString

      public final String toString()
      Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
      Overrides:
      toString in class Object

    • getValueForField

      public final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz)

    • sdkFields

      public final List<SdkField<?>> sdkFields()
      Specified by:
      sdkFields in interface SdkPojo
      Returns:
      List of SdkField in this POJO. May be empty list but should never be null.

    • sdkFieldNameToField

      public final Map<String,SdkField<?>> sdkFieldNameToField()
      Specified by:
      sdkFieldNameToField in interface SdkPojo
      Returns:
      The mapping between the field name and its corresponding field.