ControlCatalog / Client / list_controls

list_controls

ControlCatalog.Client.list_controls(**kwargs)

Returns a paginated list of all available controls in the Control Catalog library. Allows you to discover available controls. The list of controls is given as structures of type controlSummary. The ARN is returned in the global controlcatalog format, as shown in the examples.

See also: AWS API Documentation

Request Syntax

response = client.list_controls(
    NextToken='string',
    MaxResults=123,
    Filter={
        'Implementations': {
            'Types': [
                'string',
            ],
            'Identifiers': [
                'string',
            ]
        }
    }
)

Parameters:

• NextToken (string) – The pagination token that’s used to fetch the next set of results.

• MaxResults (integer) – The maximum number of results on a page or for an API request call.

• Filter (dict) –

  An optional filter that narrows the results to controls with specific implementation types or identifiers. If you don’t provide a filter, the operation returns all available controls.

  • Implementations (dict) –

    A filter that narrows the results to controls with specific implementation types or identifiers. This field allows you to find controls that are implemented by specific Amazon Web Services services or with specific service identifiers.

    • Types (list) –

      A list of implementation types that can serve as filters. For example, you can filter for controls implemented as Amazon Web Services Config Rules by specifying AWS::Config::ConfigRule as a type.

      • (string) –

    • Identifiers (list) –

      A list of service-specific identifiers that can serve as filters. For example, you can filter for controls with specific Amazon Web Services Config Rule IDs or Security Hub Control IDs.

      • (string) –

Return type:

dict

Returns:

Response Syntax

{
    'Controls': [
        {
            'Arn': 'string',
            'Aliases': [
                'string',
            ],
            'Name': 'string',
            'Description': 'string',
            'Behavior': 'PREVENTIVE'|'PROACTIVE'|'DETECTIVE',
            'Severity': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
            'Implementation': {
                'Type': 'string',
                'Identifier': 'string'
            },
            'CreateTime': datetime(2015, 1, 1),
            'GovernedResources': [
                'string',
            ]
        },
    ],
    'NextToken': 'string'
}

Response Structure

• (dict) –

  • Controls (list) –

    Returns a list of controls, given as structures of type controlSummary.

    • (dict) –

      Overview of information about a control.

      • Arn (string) –

        The Amazon Resource Name (ARN) of the control.

      • Aliases (list) –

        A list of alternative identifiers for the control. These are human-readable designators, such as SH.S3.1. Several aliases can refer to the same control across different Amazon Web Services services or compliance frameworks.

        • (string) –

      • Name (string) –

        The display name of the control.

      • Description (string) –

        A description of the control, as it may appear in the console. Describes the functionality of the control.

      • Behavior (string) –

        An enumerated type, with the following possible values:

      • Severity (string) –

        An enumerated type, with the following possible values:

      • Implementation (dict) –

        An object of type ImplementationSummary that describes how the control is implemented.

        • Type (string) –

          A string that represents the Amazon Web Services service that implements this control. For example, a value of AWS::Config::ConfigRule indicates that the control is implemented by Amazon Web Services Config, and AWS::SecurityHub::SecurityControl indicates implementation by Amazon Web Services Security Hub.

        • Identifier (string) –

          The identifier originally assigned by the Amazon Web Services service that implements the control. For example, CODEPIPELINE_DEPLOYMENT_COUNT_CHECK.

      • CreateTime (datetime) –

        A timestamp that notes the time when the control was released (start of its life) as a governance capability in Amazon Web Services.

      • GovernedResources (list) –

        A list of Amazon Web Services resource types that are governed by this control. This information helps you understand which controls can govern certain types of resources, and conversely, which resources are affected when the control is implemented. The resources are represented as Amazon Web Services CloudFormation resource types. If GovernedResources cannot be represented by available CloudFormation resource types, it’s returned as an empty list.

        • (string) –

  • NextToken (string) –

    The pagination token that’s used to fetch the next set of results.

Exceptions

• ControlCatalog.Client.exceptions.AccessDeniedException

• ControlCatalog.Client.exceptions.InternalServerException

• ControlCatalog.Client.exceptions.ValidationException

• ControlCatalog.Client.exceptions.ThrottlingException