AWS Control Tower (controltower)

Additions

Actions

• CreateLandingZone
  
  • Description:  Grants permission to create a landing zone
  • Access:  Write
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

  • Dependents: 

    controltower:TagResource

• GetLandingZone
  
  • Description:  Grants permission to get the current status of the landing zone setup
  • Access:  Read
  • Resources: 

    Name: LandingZone

    Required: Yes

• GetLandingZoneOperation
  
  • Description:  Grants permission to get the current status of a particular landing zone operation
  • Access:  Read
• ListLandingZones
  
  • Description:  Grants permission to list all landing zones
  • Access:  List
• ResetLandingZone
  
  • Description:  Grants permission to reset a landing zone
  • Access:  Write
  • Resources: 

    Name: LandingZone

    Required: Yes

• UpdateEnabledControl
  
  • Description:  Grants permission to update an enabled control for an organizational unit
  • Access:  Write
  • Resources: 

    Name: EnabledControl

    Required: Yes

• UpdateLandingZone
  
  • Description:  Grants permission to update a landing zone
  • Access:  Write
  • Resources: 

    Name: LandingZone

    Required: Yes

Resources

• LandingZone
  
  • Arn:  arn:${Partition}:controltower:${Region}:${Account}:landingzone/${LandingZoneId}
  • Conditions: 

    aws:ResourceTag/${TagKey}

Updates

Actions

• DeleteLandingZone
  
  Resources
  
  • ＋ LandingZone
• TagResource
  
  Resources
  

  • New_value: No

    Old_value: Yes

  • ＋ LandingZone
• UntagResource
  
  Resources
  

  • New_value: No

    Old_value: Yes

  • ＋ LandingZone
• ListTagsForResource
  
  Resources
  
  • ＋ LandingZone