AWS Fundamentals Logo
AWS Fundamentals
AWS::ControlTower::EnabledControl

ControlTower EnabledControl

Enables a control on a specified target.

Properties

4 configurable properties. 2 required. Click a row to see details.

Filter:
PropertyTypeFlags
ControlIdentifier
string
RequiredCreate-only
TargetIdentifier
string
RequiredCreate-only
Parameters
Array<EnabledControlParameter>
Tags
Array<Tag>

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::ControlTower::EnabledControl

Resources:
  MyResource:
    Type: AWS::ControlTower::EnabledControl
    Properties:
      TargetIdentifier: "my-targetidentifier"
      ControlIdentifier: "my-controlidentifier"
      Tags:
        - Key: Environment
          Value: Production

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

controltower:ListEnabledControlscontroltower:GetEnabledControlcontroltower:GetControlOperationcontroltower:EnableControlcontroltower:TagResourceorganizations:UpdatePolicyorganizations:CreatePolicyorganizations:AttachPolicy

update

controltower:ListEnabledControlscontroltower:GetEnabledControlcontroltower:GetControlOperationcontroltower:UpdateEnabledControlcontroltower:UntagResourcecontroltower:TagResourceorganizations:UpdatePolicyorganizations:CreatePolicy

delete

controltower:ListEnabledControlscontroltower:GetEnabledControlcontroltower:GetControlOperationcontroltower:DisableControlorganizations:UpdatePolicyorganizations:DeletePolicyorganizations:CreatePolicyorganizations:AttachPolicy

read

controltower:ListEnabledControlscontroltower:GetEnabledControlcontroltower:ListTagsForResource

list

controltower:ListEnabledControls

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceControlTower
Properties4
Required2
TaggingSupported
Primary IDTargetIdentifier

Supported Operations

CreateUpdateDeleteReadList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

TargetIdentifierControlIdentifier

Related Resources

External Links