Doc AWS SDK Examples GitHub リポジトリには、他にも SDK の例があります。 AWS
翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
AWS Control TowerSDK for .NET (v4) を使用した例
次のコード例は、 で AWS SDK for .NET (v4) を使用してアクションを実行し、一般的なシナリオを実装する方法を示しています AWS Control Tower。
基本は、重要なオペレーションをサービス内で実行する方法を示すコード例です。
アクションはより大きなプログラムからのコードの抜粋であり、コンテキスト内で実行する必要があります。アクションは個々のサービス機能を呼び出す方法を示していますが、コンテキスト内のアクションは、関連するシナリオで確認できます。
各例には完全なソースコードへのリンクが含まれており、コードの設定方法と実行方法に関する手順を確認できます。
開始方法
次のコード例は、 AWS Control Towerの使用を開始する方法を示しています。
- SDK for .NET (v4)
-
注記
GitHub には、その他のリソースもあります。AWS コード例リポジトリ
で全く同じ例を見つけて、設定と実行の方法を確認してください。 using Amazon.ControlTower; using Amazon.ControlTower.Model; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging.Console; using Microsoft.Extensions.Logging.Debug; using LogLevel = Microsoft.Extensions.Logging.LogLevel; namespace ControlTowerActions; /// <summary> /// A class that introduces the AWS Control Tower by listing the /// available baselines for the account. /// </summary> public class HelloControlTower { private static ILogger logger = null!; static async Task Main(string[] args) { // Set up dependency injection for AWS Control Tower. using var host = Host.CreateDefaultBuilder(args) .ConfigureLogging(logging => logging.AddFilter("System", LogLevel.Debug) .AddFilter<DebugLoggerProvider>("Microsoft", LogLevel.Information) .AddFilter<ConsoleLoggerProvider>("Microsoft", LogLevel.Trace)) .ConfigureServices((_, services) => services.AddAWSService<IAmazonControlTower>() ) .Build(); logger = LoggerFactory.Create(builder => { builder.AddConsole(); }) .CreateLogger<HelloControlTower>(); var amazonClient = host.Services.GetRequiredService<IAmazonControlTower>(); Console.Clear(); Console.WriteLine("Hello, AWS Control Tower! Let's list available baselines:"); Console.WriteLine(); var baselines = new List<BaselineSummary>(); try { var baselinesPaginator = amazonClient.Paginators.ListBaselines(new ListBaselinesRequest()); await foreach (var response in baselinesPaginator.Responses) { baselines.AddRange(response.Baselines); } Console.WriteLine($"{baselines.Count} baseline(s) retrieved."); foreach (var baseline in baselines) { Console.WriteLine($"\t{baseline.Name}"); } } catch (Amazon.ControlTower.Model.AccessDeniedException) { Console.WriteLine("Access denied. Please ensure you have the necessary permissions."); } catch (Exception ex) { Console.WriteLine($"An error occurred: {ex.Message}"); } } }-
API の詳細については、AWS SDK for .NET 「 API リファレンス」のListBaselines」を参照してください。
-
基本
次のコードサンプルは、以下の操作方法を示しています。
ランディングゾーンを一覧表示します。
ベースラインを一覧表示、有効化、取得、リセット、無効化します。
コントロールを一覧表示、有効化、取得、無効化します。
- SDK for .NET (v4)
-
注記
GitHub には、その他のリソースもあります。AWS コード例リポジトリ
で全く同じ例を見つけて、設定と実行の方法を確認してください。 AWS Control Tower 機能を示すインタラクティブなシナリオを実行します。
using Amazon.ControlCatalog; using Amazon.ControlTower; using Amazon.ControlTower.Model; using Amazon.Organizations; using Amazon.Organizations.Model; using Amazon.SecurityToken; using Amazon.SecurityToken.Model; using ControlTowerActions; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Logging; namespace ControlTowerBasics; /// <summary> /// Scenario class for AWS Control Tower basics. /// </summary> public class ControlTowerBasics { public static bool isInteractive = true; public static ILogger logger = null!; public static IAmazonOrganizations? orgClient = null; public static IAmazonSecurityTokenService? stsClient = null; public static ControlTowerWrapper? wrapper = null; private static string? ouArn; private static bool useLandingZone = false; /// <summary> /// Main entry point for the AWS Control Tower basics scenario. /// </summary> /// <param name="args">Command line arguments.</param> public static async Task Main(string[] args) { using var host = Host.CreateDefaultBuilder(args) .ConfigureServices((_, services) => services.AddAWSService<IAmazonControlTower>() .AddAWSService<IAmazonControlCatalog>() .AddAWSService<IAmazonOrganizations>() .AddAWSService<IAmazonSecurityTokenService>() .AddTransient<ControlTowerWrapper>() ) .Build(); logger = LoggerFactory.Create(builder => { builder.AddConsole(); }) .CreateLogger<ControlTowerBasics>(); wrapper = host.Services.GetRequiredService<ControlTowerWrapper>(); orgClient = host.Services.GetRequiredService<IAmazonOrganizations>(); stsClient = host.Services.GetRequiredService<IAmazonSecurityTokenService>(); await RunScenario(); } /// <summary> /// Runs the example scenario. /// </summary> public static async Task RunScenario() { Console.WriteLine(new string('-', 88)); Console.WriteLine("\tWelcome to the AWS Control Tower with ControlCatalog example scenario."); Console.WriteLine(new string('-', 88)); Console.WriteLine("This demo will walk you through working with AWS Control Tower for landing zones,"); Console.WriteLine("managing baselines, and working with controls."); try { var accountId = (await stsClient!.GetCallerIdentityAsync(new GetCallerIdentityRequest())).Account; Console.WriteLine($"\nAccount ID: {accountId}"); Console.WriteLine("\nSome demo operations require the use of a landing zone."); Console.WriteLine("You can use an existing landing zone or opt out of these operations in the demo."); Console.WriteLine("For instructions on how to set up a landing zone,"); Console.WriteLine("see https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-from-console.html"); // List available landing zones var landingZones = await wrapper!.ListLandingZonesAsync(); if (landingZones.Count > 0) { Console.WriteLine("\nAvailable Landing Zones:"); for (int i = 0; i < landingZones.Count; i++) { Console.WriteLine($"{i + 1}. {landingZones[i].Arn}"); } Console.Write($"\nDo you want to use the first landing zone in the list ({landingZones[0].Arn})? (y/n): "); if (GetUserConfirmation()) { useLandingZone = true; Console.WriteLine($"Using landing zone: {landingZones[0].Arn}"); ouArn = await SetupOrganizationAsync(); } } // Managing Baselines Console.WriteLine("\nManaging Baselines:"); var baselines = await wrapper.ListBaselinesAsync(); Console.WriteLine("\nListing available Baselines:"); BaselineSummary? controlTowerBaseline = null; foreach (var baseline in baselines) { if (baseline.Name == "AWSControlTowerBaseline") controlTowerBaseline = baseline; Console.WriteLine($" - {baseline.Name}"); } EnabledBaselineSummary? identityCenterBaseline = null; string? baselineArn = null; if (useLandingZone && ouArn != null) { Console.WriteLine("\nListing enabled baselines:"); var enabledBaselines = await wrapper.ListEnabledBaselinesAsync(); foreach (var baseline in enabledBaselines) { if (baseline.BaselineIdentifier.Contains("baseline/LN25R72TTG6IGPTQ")) identityCenterBaseline = baseline; Console.WriteLine($" - {baseline.BaselineIdentifier}"); } if (controlTowerBaseline != null) { Console.Write("\nDo you want to enable the Control Tower Baseline? (y/n): "); if (GetUserConfirmation()) { Console.WriteLine("\nEnabling Control Tower Baseline."); var icBaselineArn = identityCenterBaseline?.Arn; baselineArn = await wrapper.EnableBaselineAsync(ouArn, controlTowerBaseline.Arn, "4.0", icBaselineArn ?? ""); var alreadyEnabled = false; if (baselineArn != null) { Console.WriteLine($"Enabled baseline ARN: {baselineArn}"); } else { // Find the enabled baseline foreach (var enabled in enabledBaselines) { if (enabled.BaselineIdentifier == controlTowerBaseline.Arn) { baselineArn = enabled.Arn; break; } } alreadyEnabled = true; Console.WriteLine("No change, the selected baseline was already enabled."); } if (baselineArn != null) { Console.Write("\nDo you want to reset the Control Tower Baseline? (y/n): "); if (GetUserConfirmation()) { Console.WriteLine($"\nResetting Control Tower Baseline: {baselineArn}"); var operationId = await wrapper.ResetEnabledBaselineAsync(baselineArn); Console.WriteLine($"Reset baseline operation id: {operationId}"); } Console.Write("\nDo you want to disable the Control Tower Baseline? (y/n): "); if (GetUserConfirmation()) { Console.WriteLine($"Disabling baseline ARN: {baselineArn}"); var operationId = await wrapper.DisableBaselineAsync(baselineArn); Console.WriteLine($"Disabled baseline operation id: {operationId}"); if (alreadyEnabled) { Console.WriteLine($"\nRe-enabling Control Tower Baseline: {baselineArn}"); // Re-enable the Control Tower baseline if it was originally enabled. await wrapper.EnableBaselineAsync(ouArn, controlTowerBaseline.Arn, "4.0", icBaselineArn ?? ""); } } } } } } // Managing Controls Console.WriteLine("\nManaging Controls:"); var controls = await wrapper.ListControlsAsync(); Console.WriteLine("\nListing first 5 available Controls:"); for (int i = 0; i < Math.Min(5, controls.Count); i++) { Console.WriteLine($"{i + 1}. {controls[i].Name} - {controls[i].Arn}"); } if (useLandingZone && ouArn != null) { var enabledControls = await wrapper.ListEnabledControlsAsync(ouArn); Console.WriteLine("\nListing enabled controls:"); for (int i = 0; i < enabledControls.Count; i++) { Console.WriteLine($"{i + 1}. {enabledControls[i].ControlIdentifier}"); } // Find first non-enabled control var enabledControlArns = enabledControls.Select(c => c.Arn).ToHashSet(); var controlArn = controls.FirstOrDefault(c => !enabledControlArns.Contains(c.Arn))?.Arn; if (controlArn != null) { Console.Write($"\nDo you want to enable the control {controlArn}? (y/n): "); if (GetUserConfirmation()) { Console.WriteLine($"\nEnabling control: {controlArn}"); var operationId = await wrapper.EnableControlAsync(controlArn, ouArn); if (operationId != null) { Console.WriteLine($"Enabled control with operation id: {operationId}"); Console.Write("\nDo you want to disable the control? (y/n): "); if (GetUserConfirmation()) { Console.WriteLine("\nDisabling the control..."); var disableOpId = await wrapper.DisableControlAsync(controlArn, ouArn); Console.WriteLine($"Disable operation ID: {disableOpId}"); } } } } } Console.WriteLine("\nThis concludes the example scenario."); Console.WriteLine("Thanks for watching!"); Console.WriteLine(new string('-', 88)); } catch (Exception ex) { logger.LogError(ex, "An error occurred during the Control Tower scenario."); Console.WriteLine($"An error occurred: {ex.Message}"); } } /// <summary> /// Sets up AWS Organizations and creates or finds a Sandbox OU. /// </summary> /// <returns>The ARN of the Sandbox organizational unit.</returns> private static async Task<string> SetupOrganizationAsync() { Console.WriteLine("\nChecking organization status..."); try { var orgResponse = await orgClient!.DescribeOrganizationAsync(new DescribeOrganizationRequest()); var orgId = orgResponse.Organization.Id; Console.WriteLine($"Account is part of organization: {orgId}"); } catch (AWSOrganizationsNotInUseException) { Console.WriteLine("No organization found. Creating a new organization..."); var createResponse = await orgClient!.CreateOrganizationAsync(new CreateOrganizationRequest { FeatureSet = OrganizationFeatureSet.ALL }); var orgId = createResponse.Organization.Id; Console.WriteLine($"Created new organization: {orgId}"); } // Look for Sandbox OU var roots = await orgClient.ListRootsAsync(new ListRootsRequest()); var rootId = roots.Roots[0].Id; Console.WriteLine("Checking for Sandbox OU..."); var ous = await orgClient.ListOrganizationalUnitsForParentAsync(new ListOrganizationalUnitsForParentRequest { ParentId = rootId }); var sandboxOu = ous.OrganizationalUnits.FirstOrDefault(ou => ou.Name == "Sandbox"); if (sandboxOu == null) { Console.WriteLine("Creating Sandbox OU..."); var createOuResponse = await orgClient.CreateOrganizationalUnitAsync(new CreateOrganizationalUnitRequest { ParentId = rootId, Name = "Sandbox" }); sandboxOu = createOuResponse.OrganizationalUnit; Console.WriteLine($"Created new Sandbox OU: {sandboxOu.Id}"); } else { Console.WriteLine($"Found existing Sandbox OU: {sandboxOu.Id}"); } return sandboxOu.Arn; } /// <summary> /// Gets user confirmation by waiting for input or returning true if not interactive. /// </summary> /// <returns>True if user enters 'y' or if isInteractive is false, otherwise false.</returns> private static bool GetUserConfirmation() { return Console.ReadLine()?.ToLower() == "y" || !isInteractive; } }Aurora アクションを管理するためにシナリオによって呼び出されるラッパーメソッド。
using Amazon.ControlCatalog; using Amazon.ControlCatalog.Model; using Amazon.ControlTower; using Amazon.ControlTower.Model; using ValidationException = Amazon.ControlTower.Model.ValidationException; namespace ControlTowerActions; /// <summary> /// Methods to perform AWS Control Tower actions. /// </summary> public class ControlTowerWrapper { private readonly IAmazonControlTower _controlTowerService; private readonly IAmazonControlCatalog _controlCatalogService; /// <summary> /// Constructor for the wrapper class containing AWS Control Tower actions. /// </summary> /// <param name="controlTowerService">The AWS Control Tower client object.</param> /// <param name="controlCatalogService">The AWS Control Catalog client object.</param> public ControlTowerWrapper(IAmazonControlTower controlTowerService, IAmazonControlCatalog controlCatalogService) { _controlTowerService = controlTowerService; _controlCatalogService = controlCatalogService; } /// <summary> /// List the AWS Control Tower landing zones for an account. /// </summary> /// <returns>A list of LandingZoneSummary objects.</returns> public async Task<List<LandingZoneSummary>> ListLandingZonesAsync() { try { var landingZones = new List<LandingZoneSummary>(); var landingZonesPaginator = _controlTowerService.Paginators.ListLandingZones(new ListLandingZonesRequest()); await foreach (var response in landingZonesPaginator.Responses) { landingZones.AddRange(response.LandingZones); } return landingZones; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list landing zones. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// List all baselines. /// </summary> /// <returns>A list of baseline summaries.</returns> public async Task<List<BaselineSummary>> ListBaselinesAsync() { try { var baselines = new List<BaselineSummary>(); var baselinesPaginator = _controlTowerService.Paginators.ListBaselines(new ListBaselinesRequest()); await foreach (var response in baselinesPaginator.Responses) { baselines.AddRange(response.Baselines); } return baselines; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list baselines. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// List all enabled baselines. /// </summary> /// <returns>A list of enabled baseline summaries.</returns> public async Task<List<EnabledBaselineSummary>> ListEnabledBaselinesAsync() { try { var enabledBaselines = new List<EnabledBaselineSummary>(); var enabledBaselinesPaginator = _controlTowerService.Paginators.ListEnabledBaselines(new ListEnabledBaselinesRequest()); await foreach (var response in enabledBaselinesPaginator.Responses) { enabledBaselines.AddRange(response.EnabledBaselines); } return enabledBaselines; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list enabled baselines. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// Enable a baseline for the specified target. /// </summary> /// <param name="targetIdentifier">The ARN of the target.</param> /// <param name="baselineIdentifier">The identifier of baseline to enable.</param> /// <param name="baselineVersion">The version of baseline to enable.</param> /// <param name="identityCenterBaseline">The identifier of identity center baseline if it is enabled.</param> /// <returns>The enabled baseline ARN or null if already enabled.</returns> public async Task<string?> EnableBaselineAsync(string targetIdentifier, string baselineIdentifier, string baselineVersion, string identityCenterBaseline) { try { var parameters = new List<EnabledBaselineParameter> { new EnabledBaselineParameter { Key = "IdentityCenterEnabledBaselineArn", Value = identityCenterBaseline } }; var request = new EnableBaselineRequest { BaselineIdentifier = baselineIdentifier, BaselineVersion = baselineVersion, TargetIdentifier = targetIdentifier, Parameters = parameters }; var response = await _controlTowerService.EnableBaselineAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetBaselineOperationAsync(operationId); Console.WriteLine($"Baseline operation status: {status}"); if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return response.Arn; } catch (ValidationException ex) when (ex.Message.Contains("already enabled")) { Console.WriteLine("Baseline is already enabled for this target"); return null; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't enable baseline. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// Disable a baseline for a specific target and wait for the operation to complete. /// </summary> /// <param name="enabledBaselineIdentifier">The identifier of the baseline to disable.</param> /// <returns>The operation ID or null if there was a conflict.</returns> public async Task<string?> DisableBaselineAsync(string enabledBaselineIdentifier) { try { var request = new DisableBaselineRequest { EnabledBaselineIdentifier = enabledBaselineIdentifier }; var response = await _controlTowerService.DisableBaselineAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetBaselineOperationAsync(operationId); Console.WriteLine($"Baseline operation status: {status}"); if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (ConflictException ex) { Console.WriteLine($"Conflict disabling baseline: {ex.Message}. Skipping disable step."); return null; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't disable baseline. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// Reset an enabled baseline for a specific target. /// </summary> /// <param name="enabledBaselineIdentifier">The identifier of the enabled baseline to reset.</param> /// <returns>The operation ID.</returns> public async Task<string> ResetEnabledBaselineAsync(string enabledBaselineIdentifier) { try { var request = new ResetEnabledBaselineRequest { EnabledBaselineIdentifier = enabledBaselineIdentifier }; var response = await _controlTowerService.ResetEnabledBaselineAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetBaselineOperationAsync(operationId); Console.WriteLine($"Baseline operation status: {status}"); if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Target not found, unable to reset enabled baseline."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't reset enabled baseline. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// Get the status of a baseline operation. /// </summary> /// <param name="operationId">The ID of the baseline operation.</param> /// <returns>The operation status.</returns> public async Task<BaselineOperationStatus> GetBaselineOperationAsync(string operationId) { try { var request = new GetBaselineOperationRequest { OperationIdentifier = operationId }; var response = await _controlTowerService.GetBaselineOperationAsync(request); return response.BaselineOperation.Status; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Operation not found."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't get baseline operation status. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// List enabled controls for a target organizational unit. /// </summary> /// <param name="targetIdentifier">The target organizational unit identifier.</param> /// <returns>A list of enabled control summaries.</returns> public async Task<List<EnabledControlSummary>> ListEnabledControlsAsync(string targetIdentifier) { try { var request = new ListEnabledControlsRequest { TargetIdentifier = targetIdentifier }; var enabledControls = new List<EnabledControlSummary>(); var enabledControlsPaginator = _controlTowerService.Paginators.ListEnabledControls(request); await foreach (var response in enabledControlsPaginator.Responses) { enabledControls.AddRange(response.EnabledControls); } return enabledControls; } catch (Amazon.ControlTower.Model.ResourceNotFoundException ex) when (ex.Message.Contains("not registered with AWS Control Tower")) { Console.WriteLine("AWS Control Tower must be enabled to work with enabling controls."); return new List<EnabledControlSummary>(); } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list enabled controls. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// Enable a control for a specified target. /// </summary> /// <param name="controlArn">The ARN of the control to enable.</param> /// <param name="targetIdentifier">The identifier of the target (e.g., OU ARN).</param> /// <returns>The operation ID or null if already enabled.</returns> public async Task<string?> EnableControlAsync(string controlArn, string targetIdentifier) { try { Console.WriteLine(controlArn); Console.WriteLine(targetIdentifier); var request = new EnableControlRequest { ControlIdentifier = controlArn, TargetIdentifier = targetIdentifier }; var response = await _controlTowerService.EnableControlAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetControlOperationAsync(operationId); Console.WriteLine($"Control operation status: {status}"); if (status == ControlOperationStatus.SUCCEEDED || status == ControlOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (Amazon.ControlTower.Model.ValidationException ex) when (ex.Message.Contains("already enabled")) { Console.WriteLine("Control is already enabled for this target"); return null; } catch (Amazon.ControlTower.Model.ResourceNotFoundException ex) when (ex.Message.Contains("not registered with AWS Control Tower")) { Console.WriteLine("AWS Control Tower must be enabled to work with enabling controls."); return null; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't enable control. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// Disable a control for a specified target. /// </summary> /// <param name="controlArn">The ARN of the control to disable.</param> /// <param name="targetIdentifier">The identifier of the target (e.g., OU ARN).</param> /// <returns>The operation ID.</returns> public async Task<string> DisableControlAsync(string controlArn, string targetIdentifier) { try { var request = new DisableControlRequest { ControlIdentifier = controlArn, TargetIdentifier = targetIdentifier }; var response = await _controlTowerService.DisableControlAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetControlOperationAsync(operationId); Console.WriteLine($"Control operation status: {status}"); if (status == ControlOperationStatus.SUCCEEDED || status == ControlOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Control not found."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't disable control. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// Get the status of a control operation. /// </summary> /// <param name="operationId">The ID of the control operation.</param> /// <returns>The operation status.</returns> public async Task<ControlOperationStatus> GetControlOperationAsync(string operationId) { try { var request = new GetControlOperationRequest { OperationIdentifier = operationId }; var response = await _controlTowerService.GetControlOperationAsync(request); return response.ControlOperation.Status; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Operation not found."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't get control operation status. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// List all controls in the Control Tower control catalog. /// </summary> /// <returns>A list of control summaries.</returns> public async Task<List<ControlSummary>> ListControlsAsync() { try { var controls = new List<ControlSummary>(); var controlsPaginator = _controlCatalogService.Paginators.ListControls(new Amazon.ControlCatalog.Model.ListControlsRequest()); await foreach (var response in controlsPaginator.Responses) { controls.AddRange(response.Controls); } return controls; } catch (AmazonControlCatalogException ex) { Console.WriteLine($"Couldn't list controls. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } }-
API の詳細については、「AWS SDK for .NET API リファレンス」の以下のトピックを参照してください。
-
アクション
次の例は、DisableBaseline を使用する方法を説明しています。
- SDK for .NET (v4)
-
注記
GitHub には、その他のリソースもあります。AWS コード例リポジトリ
で全く同じ例を見つけて、設定と実行の方法を確認してください。 /// <summary> /// Disable a baseline for a specific target and wait for the operation to complete. /// </summary> /// <param name="enabledBaselineIdentifier">The identifier of the baseline to disable.</param> /// <returns>The operation ID or null if there was a conflict.</returns> public async Task<string?> DisableBaselineAsync(string enabledBaselineIdentifier) { try { var request = new DisableBaselineRequest { EnabledBaselineIdentifier = enabledBaselineIdentifier }; var response = await _controlTowerService.DisableBaselineAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetBaselineOperationAsync(operationId); Console.WriteLine($"Baseline operation status: {status}"); if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (ConflictException ex) { Console.WriteLine($"Conflict disabling baseline: {ex.Message}. Skipping disable step."); return null; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't disable baseline. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
API の詳細については、AWS SDK for .NET 「 API リファレンス」のDisableBaseline」を参照してください。
-
次の例は、DisableControl を使用する方法を説明しています。
- SDK for .NET (v4)
-
注記
GitHub には、その他のリソースもあります。AWS コード例リポジトリ
で全く同じ例を見つけて、設定と実行の方法を確認してください。 /// <summary> /// Disable a control for a specified target. /// </summary> /// <param name="controlArn">The ARN of the control to disable.</param> /// <param name="targetIdentifier">The identifier of the target (e.g., OU ARN).</param> /// <returns>The operation ID.</returns> public async Task<string> DisableControlAsync(string controlArn, string targetIdentifier) { try { var request = new DisableControlRequest { ControlIdentifier = controlArn, TargetIdentifier = targetIdentifier }; var response = await _controlTowerService.DisableControlAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetControlOperationAsync(operationId); Console.WriteLine($"Control operation status: {status}"); if (status == ControlOperationStatus.SUCCEEDED || status == ControlOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Control not found."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't disable control. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
API の詳細については、AWS SDK for .NET 「 API リファレンス」のDisableControl」を参照してください。
-
次の例は、EnableBaseline を使用する方法を説明しています。
- SDK for .NET (v4)
-
注記
GitHub には、その他のリソースもあります。AWS コード例リポジトリ
で全く同じ例を見つけて、設定と実行の方法を確認してください。 /// <summary> /// Enable a baseline for the specified target. /// </summary> /// <param name="targetIdentifier">The ARN of the target.</param> /// <param name="baselineIdentifier">The identifier of baseline to enable.</param> /// <param name="baselineVersion">The version of baseline to enable.</param> /// <param name="identityCenterBaseline">The identifier of identity center baseline if it is enabled.</param> /// <returns>The enabled baseline ARN or null if already enabled.</returns> public async Task<string?> EnableBaselineAsync(string targetIdentifier, string baselineIdentifier, string baselineVersion, string identityCenterBaseline) { try { var parameters = new List<EnabledBaselineParameter> { new EnabledBaselineParameter { Key = "IdentityCenterEnabledBaselineArn", Value = identityCenterBaseline } }; var request = new EnableBaselineRequest { BaselineIdentifier = baselineIdentifier, BaselineVersion = baselineVersion, TargetIdentifier = targetIdentifier, Parameters = parameters }; var response = await _controlTowerService.EnableBaselineAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetBaselineOperationAsync(operationId); Console.WriteLine($"Baseline operation status: {status}"); if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return response.Arn; } catch (ValidationException ex) when (ex.Message.Contains("already enabled")) { Console.WriteLine("Baseline is already enabled for this target"); return null; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't enable baseline. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
API の詳細については、AWS SDK for .NET 「 API リファレンス」のEnableBaseline」を参照してください。
-
次の例は、EnableControl を使用する方法を説明しています。
- SDK for .NET (v4)
-
注記
GitHub には、その他のリソースもあります。AWS コード例リポジトリ
で全く同じ例を見つけて、設定と実行の方法を確認してください。 /// <summary> /// Enable a control for a specified target. /// </summary> /// <param name="controlArn">The ARN of the control to enable.</param> /// <param name="targetIdentifier">The identifier of the target (e.g., OU ARN).</param> /// <returns>The operation ID or null if already enabled.</returns> public async Task<string?> EnableControlAsync(string controlArn, string targetIdentifier) { try { Console.WriteLine(controlArn); Console.WriteLine(targetIdentifier); var request = new EnableControlRequest { ControlIdentifier = controlArn, TargetIdentifier = targetIdentifier }; var response = await _controlTowerService.EnableControlAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetControlOperationAsync(operationId); Console.WriteLine($"Control operation status: {status}"); if (status == ControlOperationStatus.SUCCEEDED || status == ControlOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (Amazon.ControlTower.Model.ValidationException ex) when (ex.Message.Contains("already enabled")) { Console.WriteLine("Control is already enabled for this target"); return null; } catch (Amazon.ControlTower.Model.ResourceNotFoundException ex) when (ex.Message.Contains("not registered with AWS Control Tower")) { Console.WriteLine("AWS Control Tower must be enabled to work with enabling controls."); return null; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't enable control. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
API の詳細については、AWS SDK for .NET 「 API リファレンス」のEnableControl」を参照してください。
-
次の例は、GetBaselineOperation を使用する方法を説明しています。
- SDK for .NET (v4)
-
注記
GitHub には、その他のリソースもあります。AWS コード例リポジトリ
で全く同じ例を見つけて、設定と実行の方法を確認してください。 /// <summary> /// Get the status of a baseline operation. /// </summary> /// <param name="operationId">The ID of the baseline operation.</param> /// <returns>The operation status.</returns> public async Task<BaselineOperationStatus> GetBaselineOperationAsync(string operationId) { try { var request = new GetBaselineOperationRequest { OperationIdentifier = operationId }; var response = await _controlTowerService.GetBaselineOperationAsync(request); return response.BaselineOperation.Status; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Operation not found."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't get baseline operation status. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
API の詳細については、AWS SDK for .NET 「 API リファレンス」のGetBaselineOperation」を参照してください。
-
次の例は、GetControlOperation を使用する方法を説明しています。
- SDK for .NET (v4)
-
注記
GitHub には、その他のリソースもあります。AWS コード例リポジトリ
で全く同じ例を見つけて、設定と実行の方法を確認してください。 /// <summary> /// Get the status of a control operation. /// </summary> /// <param name="operationId">The ID of the control operation.</param> /// <returns>The operation status.</returns> public async Task<ControlOperationStatus> GetControlOperationAsync(string operationId) { try { var request = new GetControlOperationRequest { OperationIdentifier = operationId }; var response = await _controlTowerService.GetControlOperationAsync(request); return response.ControlOperation.Status; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Operation not found."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't get control operation status. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
API の詳細については、AWS SDK for .NET 「 API リファレンス」のGetControlOperation」を参照してください。
-
次の例は、ListBaselines を使用する方法を説明しています。
- SDK for .NET (v4)
-
注記
GitHub には、その他のリソースもあります。AWS コード例リポジトリ
で全く同じ例を見つけて、設定と実行の方法を確認してください。 /// <summary> /// List all baselines. /// </summary> /// <returns>A list of baseline summaries.</returns> public async Task<List<BaselineSummary>> ListBaselinesAsync() { try { var baselines = new List<BaselineSummary>(); var baselinesPaginator = _controlTowerService.Paginators.ListBaselines(new ListBaselinesRequest()); await foreach (var response in baselinesPaginator.Responses) { baselines.AddRange(response.Baselines); } return baselines; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list baselines. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
API の詳細については、AWS SDK for .NET 「 API リファレンス」のListBaselines」を参照してください。
-
次の例は、ListEnabledBaselines を使用する方法を説明しています。
- SDK for .NET (v4)
-
注記
GitHub には、その他のリソースもあります。AWS コード例リポジトリ
で全く同じ例を見つけて、設定と実行の方法を確認してください。 /// <summary> /// List all enabled baselines. /// </summary> /// <returns>A list of enabled baseline summaries.</returns> public async Task<List<EnabledBaselineSummary>> ListEnabledBaselinesAsync() { try { var enabledBaselines = new List<EnabledBaselineSummary>(); var enabledBaselinesPaginator = _controlTowerService.Paginators.ListEnabledBaselines(new ListEnabledBaselinesRequest()); await foreach (var response in enabledBaselinesPaginator.Responses) { enabledBaselines.AddRange(response.EnabledBaselines); } return enabledBaselines; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list enabled baselines. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
API の詳細については、AWS SDK for .NET 「 API リファレンス」のListEnabledBaselines」を参照してください。
-
次の例は、ListEnabledControls を使用する方法を説明しています。
- SDK for .NET (v4)
-
注記
GitHub には、その他のリソースもあります。AWS コード例リポジトリ
で全く同じ例を見つけて、設定と実行の方法を確認してください。 /// <summary> /// List enabled controls for a target organizational unit. /// </summary> /// <param name="targetIdentifier">The target organizational unit identifier.</param> /// <returns>A list of enabled control summaries.</returns> public async Task<List<EnabledControlSummary>> ListEnabledControlsAsync(string targetIdentifier) { try { var request = new ListEnabledControlsRequest { TargetIdentifier = targetIdentifier }; var enabledControls = new List<EnabledControlSummary>(); var enabledControlsPaginator = _controlTowerService.Paginators.ListEnabledControls(request); await foreach (var response in enabledControlsPaginator.Responses) { enabledControls.AddRange(response.EnabledControls); } return enabledControls; } catch (Amazon.ControlTower.Model.ResourceNotFoundException ex) when (ex.Message.Contains("not registered with AWS Control Tower")) { Console.WriteLine("AWS Control Tower must be enabled to work with enabling controls."); return new List<EnabledControlSummary>(); } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list enabled controls. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
API の詳細については、AWS SDK for .NET 「 API リファレンス」のListEnabledControls」を参照してください。
-
次の例は、ListLandingZones を使用する方法を説明しています。
- SDK for .NET (v4)
-
注記
GitHub には、その他のリソースもあります。AWS コード例リポジトリ
で全く同じ例を見つけて、設定と実行の方法を確認してください。 /// <summary> /// List the AWS Control Tower landing zones for an account. /// </summary> /// <returns>A list of LandingZoneSummary objects.</returns> public async Task<List<LandingZoneSummary>> ListLandingZonesAsync() { try { var landingZones = new List<LandingZoneSummary>(); var landingZonesPaginator = _controlTowerService.Paginators.ListLandingZones(new ListLandingZonesRequest()); await foreach (var response in landingZonesPaginator.Responses) { landingZones.AddRange(response.LandingZones); } return landingZones; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list landing zones. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
API の詳細については、AWS SDK for .NET 「 API リファレンス」のListLandingZones」を参照してください。
-
次の例は、ResetEnabledBaseline を使用する方法を説明しています。
- SDK for .NET (v4)
-
注記
GitHub には、その他のリソースもあります。AWS コード例リポジトリ
で全く同じ例を見つけて、設定と実行の方法を確認してください。 /// <summary> /// Reset an enabled baseline for a specific target. /// </summary> /// <param name="enabledBaselineIdentifier">The identifier of the enabled baseline to reset.</param> /// <returns>The operation ID.</returns> public async Task<string> ResetEnabledBaselineAsync(string enabledBaselineIdentifier) { try { var request = new ResetEnabledBaselineRequest { EnabledBaselineIdentifier = enabledBaselineIdentifier }; var response = await _controlTowerService.ResetEnabledBaselineAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetBaselineOperationAsync(operationId); Console.WriteLine($"Baseline operation status: {status}"); if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Target not found, unable to reset enabled baseline."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't reset enabled baseline. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
API の詳細については、AWS SDK for .NET 「 API リファレンス」のResetEnabledBaseline」を参照してください。
-
