feat(client-controlcatalog): The GetControl API now surfaces a control's Severity, CreateTime, and Identifier for a control's Implementation. The ListControls API now surfaces a control's Behavior, Severity, CreateTime, and Identifier for a control's Implementation.

Author: awstools

clients/client-controlcatalog/src/commands/GetControlCommand.ts

@@ -46,6 +46,7 @@ export interface GetControlCommandOutput extends GetControlResponse, __MetadataB
  * //   Name: "STRING_VALUE", // required
  * //   Description: "STRING_VALUE", // required
  * //   Behavior: "PREVENTIVE" || "PROACTIVE" || "DETECTIVE", // required
+ * //   Severity: "LOW" || "MEDIUM" || "HIGH" || "CRITICAL",
  * //   RegionConfiguration: { // RegionConfiguration
  * //     Scope: "GLOBAL" || "REGIONAL", // required
  * //     DeployableRegions: [ // DeployableRegions
@@ -54,12 +55,14 @@ export interface GetControlCommandOutput extends GetControlResponse, __MetadataB
  * //   },
  * //   Implementation: { // ImplementationDetails
  * //     Type: "STRING_VALUE", // required
+ * //     Identifier: "STRING_VALUE",
  * //   },
  * //   Parameters: [ // ControlParameters
  * //     { // ControlParameter
  * //       Name: "STRING_VALUE", // required
  * //     },
  * //   ],
+ * //   CreateTime: new Date("TIMESTAMP"),
  * // };
  *
  * ```

clients/client-controlcatalog/src/commands/ListControlsCommand.ts

@@ -47,6 +47,13 @@ export interface ListControlsCommandOutput extends ListControlsResponse, __Metad
  * //       Arn: "STRING_VALUE", // required
  * //       Name: "STRING_VALUE", // required
  * //       Description: "STRING_VALUE", // required
+ * //       Behavior: "PREVENTIVE" || "PROACTIVE" || "DETECTIVE",
+ * //       Severity: "LOW" || "MEDIUM" || "HIGH" || "CRITICAL",
+ * //       Implementation: { // ImplementationSummary
+ * //         Type: "STRING_VALUE", // required
+ * //         Identifier: "STRING_VALUE",
+ * //       },
+ * //       CreateTime: new Date("TIMESTAMP"),
  * //     },
  * //   ],
  * //   NextToken: "STRING_VALUE",

clients/client-controlcatalog/src/models/models_0.ts

@@ -325,6 +325,12 @@ export interface ImplementationDetails {
    * @public
    */
   Type: string | undefined;
+
+  /**
+   * <p>A service-specific identifier for the control, assigned by the service that implemented the control. For example, this identifier could be an Amazon Web Services Config Rule ID or a Security Hub Control ID.</p>
+   * @public
+   */
+  Identifier?: string | undefined;
 }
 
 /**
@@ -437,6 +443,22 @@ export interface RegionConfiguration {
   DeployableRegions?: string[] | undefined;
 }
 
+/**
+ * @public
+ * @enum
+ */
+export const ControlSeverity = {
+  CRITICAL: "CRITICAL",
+  HIGH: "HIGH",
+  LOW: "LOW",
+  MEDIUM: "MEDIUM",
+} as const;
+
+/**
+ * @public
+ */
+export type ControlSeverity = (typeof ControlSeverity)[keyof typeof ControlSeverity];
+
 /**
  * @public
  */
@@ -466,6 +488,12 @@ export interface GetControlResponse {
    */
   Behavior: ControlBehavior | undefined;
 
+  /**
+   * <p>An enumerated type, with the following possible values:</p>
+   * @public
+   */
+  Severity?: ControlSeverity | undefined;
+
   /**
    * <p>Returns information about the control, including the scope of the control, if enabled, and the Regions in which the control currently is available for deployment. For more information about scope, see <a href="https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html">Global services</a>.</p>
    *          <p>If you are applying controls through an Amazon Web Services Control Tower landing zone environment, remember that the values returned in the <code>RegionConfiguration</code> API operation are not related to the governed Regions in your landing zone. For example, if you are governing Regions <code>A</code>,<code>B</code>,and <code>C</code> while the control is available in Regions <code>A</code>, <code>B</code>, C<code>,</code> and <code>D</code>, you'd see a response with <code>DeployableRegions</code> of <code>A</code>, <code>B</code>, <code>C</code>, and <code>D</code> for a control with <code>REGIONAL</code> scope, even though you may not intend to deploy the control in Region <code>D</code>, because you do not govern it through your landing zone.</p>
@@ -485,6 +513,12 @@ export interface GetControlResponse {
    * @public
    */
   Parameters?: ControlParameter[] | undefined;
+
+  /**
+   * <p>A timestamp that notes the time when the control was released (start of its life) as a governance capability in Amazon Web Services.</p>
+   * @public
+   */
+  CreateTime?: Date | undefined;
 }
 
 /**
@@ -526,6 +560,24 @@ export interface ListControlsRequest {
   MaxResults?: number | undefined;
 }
 
+/**
+ * <p>A summary of how the control is implemented, including the Amazon Web Services service that enforces the control and its service-specific identifier. For example, the value of this field could indicate that the control is implemented as an Amazon Web Services Config Rule or an Amazon Web Services Security Hub control.</p>
+ * @public
+ */
+export interface ImplementationSummary {
+  /**
+   * <p>A string that represents the Amazon Web Services service that implements this control. For example, a value of <code>AWS::Config::ConfigRule</code> indicates that the control is implemented by Amazon Web Services Config, and <code>AWS::SecurityHub::SecurityControl</code> indicates implementation by Amazon Web Services Security Hub.</p>
+   * @public
+   */
+  Type: string | undefined;
+
+  /**
+   * <p>The identifier originally assigned by the Amazon Web Services service that implements the control. For example, <code>CODEPIPELINE_DEPLOYMENT_COUNT_CHECK</code>.</p>
+   * @public
+   */
+  Identifier?: string | undefined;
+}
+
 /**
  * <p>Overview of information about a control.</p>
  * @public
@@ -548,6 +600,30 @@ export interface ControlSummary {
    * @public
    */
   Description: string | undefined;
+
+  /**
+   * <p>An enumerated type, with the following possible values:</p>
+   * @public
+   */
+  Behavior?: ControlBehavior | undefined;
+
+  /**
+   * <p>An enumerated type, with the following possible values:</p>
+   * @public
+   */
+  Severity?: ControlSeverity | undefined;
+
+  /**
+   * <p>An object of type <code>ImplementationSummary</code> that describes how the control is implemented.</p>
+   * @public
+   */
+  Implementation?: ImplementationSummary | undefined;
+
+  /**
+   * <p>A timestamp that notes the time when the control was released (start of its life) as a governance capability in Amazon Web Services.</p>
+   * @public
+   */
+  CreateTime?: Date | undefined;
 }
 
 /**

clients/client-controlcatalog/src/protocols/Aws_restJson1.ts

@@ -32,6 +32,7 @@ import {
   AccessDeniedException,
   CommonControlFilter,
   CommonControlSummary,
+  ControlSummary,
   DomainResourceFilter,
   DomainSummary,
   InternalServerException,
@@ -172,11 +173,13 @@ export const de_GetControlCommand = async (
   const doc = take(data, {
     Arn: __expectString,
     Behavior: __expectString,
+    CreateTime: (_) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
     Description: __expectString,
     Implementation: _json,
     Name: __expectString,
     Parameters: _json,
     RegionConfiguration: _json,
+    Severity: __expectString,
   });
   Object.assign(contents, doc);
   return contents;
@@ -219,7 +222,7 @@ export const de_ListControlsCommand = async (
   });
   const data: Record<string, any> = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body");
   const doc = take(data, {
-    Controls: _json,
+    Controls: (_) => de_Controls(_, context),
     NextToken: __expectString,
   });
   Object.assign(contents, doc);
@@ -447,9 +450,32 @@ const de_CommonControlSummaryList = (output: any, context: __SerdeContext): Comm
 
 // de_ControlParameters omitted.
 
-// de_Controls omitted.
+/**
+ * deserializeAws_restJson1Controls
+ */
+const de_Controls = (output: any, context: __SerdeContext): ControlSummary[] => {
+  const retVal = (output || [])
+    .filter((e: any) => e != null)
+    .map((entry: any) => {
+      return de_ControlSummary(entry, context);
+    });
+  return retVal;
+};
 
-// de_ControlSummary omitted.
+/**
+ * deserializeAws_restJson1ControlSummary
+ */
+const de_ControlSummary = (output: any, context: __SerdeContext): ControlSummary => {
+  return take(output, {
+    Arn: __expectString,
+    Behavior: __expectString,
+    CreateTime: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
+    Description: __expectString,
+    Implementation: _json,
+    Name: __expectString,
+    Severity: __expectString,
+  }) as any;
+};
 
 // de_DeployableRegions omitted.
 
@@ -480,6 +506,8 @@ const de_DomainSummaryList = (output: any, context: __SerdeContext): DomainSumma
 
 // de_ImplementationDetails omitted.
 
+// de_ImplementationSummary omitted.
+
 /**
  * deserializeAws_restJson1ObjectiveSummary
  */

codegen/sdk-codegen/aws-models/controlcatalog.json

@@ -974,6 +974,35 @@
         }
       }
     },
+    "com.amazonaws.controlcatalog#ControlSeverity": {
+      "type": "enum",
+      "members": {
+        "LOW": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "LOW"
+          }
+        },
+        "MEDIUM": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "MEDIUM"
+          }
+        },
+        "HIGH": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "HIGH"
+          }
+        },
+        "CRITICAL": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "CRITICAL"
+          }
+        }
+      }
+    },
     "com.amazonaws.controlcatalog#ControlSummary": {
       "type": "structure",
       "members": {
@@ -997,6 +1026,30 @@
             "smithy.api#documentation": "<p>A description of the control, as it may appear in the console. Describes the functionality of the control.</p>",
             "smithy.api#required": {}
           }
+        },
+        "Behavior": {
+          "target": "com.amazonaws.controlcatalog#ControlBehavior",
+          "traits": {
+            "smithy.api#documentation": "<p>An enumerated type, with the following possible values:</p>"
+          }
+        },
+        "Severity": {
+          "target": "com.amazonaws.controlcatalog#ControlSeverity",
+          "traits": {
+            "smithy.api#documentation": "<p>An enumerated type, with the following possible values:</p>"
+          }
+        },
+        "Implementation": {
+          "target": "com.amazonaws.controlcatalog#ImplementationSummary",
+          "traits": {
+            "smithy.api#documentation": "<p>An object of type <code>ImplementationSummary</code> that describes how the control is implemented.</p>"
+          }
+        },
+        "CreateTime": {
+          "target": "smithy.api#Timestamp",
+          "traits": {
+            "smithy.api#documentation": "<p>A timestamp that notes the time when the control was released (start of its life) as a governance capability in Amazon Web Services.</p>"
+          }
         }
       },
       "traits": {
@@ -1197,6 +1250,12 @@
             "smithy.api#required": {}
           }
         },
+        "Severity": {
+          "target": "com.amazonaws.controlcatalog#ControlSeverity",
+          "traits": {
+            "smithy.api#documentation": "<p>An enumerated type, with the following possible values:</p>"
+          }
+        },
         "RegionConfiguration": {
           "target": "com.amazonaws.controlcatalog#RegionConfiguration",
           "traits": {
@@ -1214,6 +1273,12 @@
           "traits": {
             "smithy.api#documentation": "<p>Returns an array of <code>ControlParameter</code> objects that specify the parameters a control supports. An empty list is returned for controls that don’t support parameters.\n    </p>"
           }
+        },
+        "CreateTime": {
+          "target": "smithy.api#Timestamp",
+          "traits": {
+            "smithy.api#documentation": "<p>A timestamp that notes the time when the control was released (start of its life) as a governance capability in Amazon Web Services.</p>"
+          }
         }
       },
       "traits": {
@@ -1229,12 +1294,49 @@
             "smithy.api#documentation": "<p>A string that describes a control's implementation type.</p>",
             "smithy.api#required": {}
           }
+        },
+        "Identifier": {
+          "target": "com.amazonaws.controlcatalog#ImplementationIdentifier",
+          "traits": {
+            "smithy.api#documentation": "<p>A service-specific identifier for the control, assigned by the service that implemented the control. For example, this identifier could be an Amazon Web Services Config Rule ID or a Security Hub Control ID.</p>"
+          }
         }
       },
       "traits": {
         "smithy.api#documentation": "<p>An object that describes the implementation type for a control.</p>\n         <p>Our <code>ImplementationDetails</code>\n            <code>Type</code> format has three required segments:</p>\n         <ul>\n            <li>\n               <p>\n                  <code>SERVICE-PROVIDER::SERVICE-NAME::RESOURCE-NAME</code>\n               </p>\n            </li>\n         </ul>\n         <p>For example, <code>AWS::Config::ConfigRule</code>\n            <b>or</b>\n            <code>AWS::SecurityHub::SecurityControl</code> resources have the format with three required segments.</p>\n         <p>Our <code>ImplementationDetails</code>\n            <code>Type</code> format has an optional fourth segment, which is present for applicable \n      implementation types. The format is as follows: </p>\n         <ul>\n            <li>\n               <p>\n                  <code>SERVICE-PROVIDER::SERVICE-NAME::RESOURCE-NAME::RESOURCE-TYPE-DESCRIPTION</code>\n               </p>\n            </li>\n         </ul>\n         <p>For example, <code>AWS::Organizations::Policy::SERVICE_CONTROL_POLICY</code>\n            <b>or</b>\n            <code>AWS::CloudFormation::Type::HOOK</code> have the format with four segments.</p>\n         <p>Although the format is similar, the values for the <code>Type</code> field do not match any Amazon Web Services CloudFormation values.</p>"
       }
     },
+    "com.amazonaws.controlcatalog#ImplementationIdentifier": {
+      "type": "string",
+      "traits": {
+        "smithy.api#length": {
+          "min": 1,
+          "max": 256
+        },
+        "smithy.api#pattern": "^[a-z0-9-]+$"
+      }
+    },
+    "com.amazonaws.controlcatalog#ImplementationSummary": {
+      "type": "structure",
+      "members": {
+        "Type": {
+          "target": "com.amazonaws.controlcatalog#ImplementationType",
+          "traits": {
+            "smithy.api#documentation": "<p>A string that represents the Amazon Web Services service that implements this control. For example, a value of <code>AWS::Config::ConfigRule</code> indicates that the control is implemented by Amazon Web Services Config, and <code>AWS::SecurityHub::SecurityControl</code> indicates implementation by Amazon Web Services Security Hub.</p>",
+            "smithy.api#required": {}
+          }
+        },
+        "Identifier": {
+          "target": "com.amazonaws.controlcatalog#ImplementationIdentifier",
+          "traits": {
+            "smithy.api#documentation": "<p>The identifier originally assigned by the Amazon Web Services service that implements the control. For example, <code>CODEPIPELINE_DEPLOYMENT_COUNT_CHECK</code>.</p>"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>A summary of how the control is implemented, including the Amazon Web Services service that enforces the control and its service-specific identifier. For example, the value of this field could indicate that the control is implemented as an Amazon Web Services Config Rule or an Amazon Web Services Security Hub control.</p>"
+      }
+    },
     "com.amazonaws.controlcatalog#ImplementationType": {
       "type": "string",
       "traits": {