AWS Control Tower launches the ability to resolve drift for optional controls

Posted on: Nov 13, 2024

AWS Control Tower customers can now use the ResetEnabledControl API to programmatically resolve the control drift or re-deploy the control to its intended configuration. A control drift occurs when the AWS Control Tower managed control is modified outside the AWS Control Tower governance. Resolving drift helps you to adhere to your governance and compliance requirements. You can use this API with all AWS Control Tower optional controls except service control policies(SCPs) based preventive controls. AWS Control Tower APIs enhance the end-to-end developer experience by enabling automation for integrated workflows and managing workloads at scale.

Below is the list of AWS Control Tower control APIs that are now supported in the regions where AWS Control Tower is available. Please visit the AWS Control Tower API reference for more information.

  • AWS Control Tower Control APIs - EnableControl, DisableControl, GetControlOperation, GetEnabledControl, ListEnabledControls, UpdateEnabledControl, TagResource, UnTagResource, ListTagsForResource, ResetEnabledControl API.

To learn more, visit the AWS Control Tower homepage. For more information about the AWS Regions where AWS Control Tower is available, see the AWS Region table.