文件 AWS 開發套件範例 GitHub 儲存庫中有更多可用的 AWS SDK 範例
本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS Control Tower 使用 SDK for .NET (v4) 的範例
下列程式碼範例示範如何使用 AWS SDK for .NET (v4) 搭配 來執行動作和實作常見案例 AWS Control Tower。
基本概念是程式碼範例,這些範例說明如何在服務內執行基本操作。
Actions 是大型程式的程式碼摘錄,必須在內容中執行。雖然動作會告訴您如何呼叫個別服務函數,但您可以在其相關情境中查看內容中的動作。
每個範例均包含完整原始碼的連結,您可在連結中找到如何設定和執行內容中程式碼的相關指示。
開始使用
下列程式碼範例示範如何開始使用 AWS Control Tower。
- SDK for .NET (v4)
-
注意
GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 using Amazon.ControlTower; using Amazon.ControlTower.Model; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging.Console; using Microsoft.Extensions.Logging.Debug; using LogLevel = Microsoft.Extensions.Logging.LogLevel; namespace ControlTowerActions; /// <summary> /// A class that introduces the AWS Control Tower by listing the /// available baselines for the account. /// </summary> public class HelloControlTower { private static ILogger logger = null!; static async Task Main(string[] args) { // Set up dependency injection for AWS Control Tower. using var host = Host.CreateDefaultBuilder(args) .ConfigureLogging(logging => logging.AddFilter("System", LogLevel.Debug) .AddFilter<DebugLoggerProvider>("Microsoft", LogLevel.Information) .AddFilter<ConsoleLoggerProvider>("Microsoft", LogLevel.Trace)) .ConfigureServices((_, services) => services.AddAWSService<IAmazonControlTower>() ) .Build(); logger = LoggerFactory.Create(builder => { builder.AddConsole(); }) .CreateLogger<HelloControlTower>(); var amazonClient = host.Services.GetRequiredService<IAmazonControlTower>(); Console.Clear(); Console.WriteLine("Hello, AWS Control Tower! Let's list available baselines:"); Console.WriteLine(); var baselines = new List<BaselineSummary>(); try { var baselinesPaginator = amazonClient.Paginators.ListBaselines(new ListBaselinesRequest()); await foreach (var response in baselinesPaginator.Responses) { baselines.AddRange(response.Baselines); } Console.WriteLine($"{baselines.Count} baseline(s) retrieved."); foreach (var baseline in baselines) { Console.WriteLine($"\t{baseline.Name}"); } } catch (Amazon.ControlTower.Model.AccessDeniedException) { Console.WriteLine("Access denied. Please ensure you have the necessary permissions."); } catch (Exception ex) { Console.WriteLine($"An error occurred: {ex.Message}"); } } }-
如需 API 詳細資訊,請參閱《AWS SDK for .NET API 參考》中的 ListBaselines。
-
基本概念
以下程式碼範例顯示做法:
列出登陸區域。
列出、啟用、取得、重設和停用基準。
列出、啟用、取得和停用控制項。
- SDK for .NET (v4)
-
注意
GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 執行示範 AWS Control Tower 功能的互動式案例。
using Amazon.ControlCatalog; using Amazon.ControlTower; using Amazon.ControlTower.Model; using Amazon.Organizations; using Amazon.Organizations.Model; using Amazon.SecurityToken; using Amazon.SecurityToken.Model; using ControlTowerActions; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Logging; namespace ControlTowerBasics; /// <summary> /// Scenario class for AWS Control Tower basics. /// </summary> public class ControlTowerBasics { public static bool isInteractive = true; public static ILogger logger = null!; public static IAmazonOrganizations? orgClient = null; public static IAmazonSecurityTokenService? stsClient = null; public static ControlTowerWrapper? wrapper = null; private static string? ouArn; private static bool useLandingZone = false; /// <summary> /// Main entry point for the AWS Control Tower basics scenario. /// </summary> /// <param name="args">Command line arguments.</param> public static async Task Main(string[] args) { using var host = Host.CreateDefaultBuilder(args) .ConfigureServices((_, services) => services.AddAWSService<IAmazonControlTower>() .AddAWSService<IAmazonControlCatalog>() .AddAWSService<IAmazonOrganizations>() .AddAWSService<IAmazonSecurityTokenService>() .AddTransient<ControlTowerWrapper>() ) .Build(); logger = LoggerFactory.Create(builder => { builder.AddConsole(); }) .CreateLogger<ControlTowerBasics>(); wrapper = host.Services.GetRequiredService<ControlTowerWrapper>(); orgClient = host.Services.GetRequiredService<IAmazonOrganizations>(); stsClient = host.Services.GetRequiredService<IAmazonSecurityTokenService>(); await RunScenario(); } /// <summary> /// Runs the example scenario. /// </summary> public static async Task RunScenario() { Console.WriteLine(new string('-', 88)); Console.WriteLine("\tWelcome to the AWS Control Tower with ControlCatalog example scenario."); Console.WriteLine(new string('-', 88)); Console.WriteLine("This demo will walk you through working with AWS Control Tower for landing zones,"); Console.WriteLine("managing baselines, and working with controls."); try { var accountId = (await stsClient!.GetCallerIdentityAsync(new GetCallerIdentityRequest())).Account; Console.WriteLine($"\nAccount ID: {accountId}"); Console.WriteLine("\nSome demo operations require the use of a landing zone."); Console.WriteLine("You can use an existing landing zone or opt out of these operations in the demo."); Console.WriteLine("For instructions on how to set up a landing zone,"); Console.WriteLine("see https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-from-console.html"); // List available landing zones var landingZones = await wrapper!.ListLandingZonesAsync(); if (landingZones.Count > 0) { Console.WriteLine("\nAvailable Landing Zones:"); for (int i = 0; i < landingZones.Count; i++) { Console.WriteLine($"{i + 1}. {landingZones[i].Arn}"); } Console.Write($"\nDo you want to use the first landing zone in the list ({landingZones[0].Arn})? (y/n): "); if (GetUserConfirmation()) { useLandingZone = true; Console.WriteLine($"Using landing zone: {landingZones[0].Arn}"); ouArn = await SetupOrganizationAsync(); } } // Managing Baselines Console.WriteLine("\nManaging Baselines:"); var baselines = await wrapper.ListBaselinesAsync(); Console.WriteLine("\nListing available Baselines:"); BaselineSummary? controlTowerBaseline = null; foreach (var baseline in baselines) { if (baseline.Name == "AWSControlTowerBaseline") controlTowerBaseline = baseline; Console.WriteLine($" - {baseline.Name}"); } EnabledBaselineSummary? identityCenterBaseline = null; string? baselineArn = null; if (useLandingZone && ouArn != null) { Console.WriteLine("\nListing enabled baselines:"); var enabledBaselines = await wrapper.ListEnabledBaselinesAsync(); foreach (var baseline in enabledBaselines) { if (baseline.BaselineIdentifier.Contains("baseline/LN25R72TTG6IGPTQ")) identityCenterBaseline = baseline; Console.WriteLine($" - {baseline.BaselineIdentifier}"); } if (controlTowerBaseline != null) { Console.Write("\nDo you want to enable the Control Tower Baseline? (y/n): "); if (GetUserConfirmation()) { Console.WriteLine("\nEnabling Control Tower Baseline."); var icBaselineArn = identityCenterBaseline?.Arn; baselineArn = await wrapper.EnableBaselineAsync(ouArn, controlTowerBaseline.Arn, "5.0", icBaselineArn ?? ""); var alreadyEnabled = false; if (baselineArn != null) { Console.WriteLine($"Enabled baseline ARN: {baselineArn}"); } else { // Find the enabled baseline foreach (var enabled in enabledBaselines) { if (enabled.BaselineIdentifier == controlTowerBaseline.Arn) { baselineArn = enabled.Arn; alreadyEnabled = true; Console.WriteLine("No change, the selected baseline was already enabled."); break; } } } if (baselineArn != null) { Console.Write("\nDo you want to reset the Control Tower Baseline? (y/n): "); if (GetUserConfirmation()) { Console.WriteLine($"\nResetting Control Tower Baseline: {baselineArn}"); var operationId = await wrapper.ResetEnabledBaselineAsync(baselineArn); Console.WriteLine($"Reset baseline operation id: {operationId}"); } Console.Write("\nDo you want to disable the Control Tower Baseline? (y/n): "); if (GetUserConfirmation()) { Console.WriteLine($"Disabling baseline ARN: {baselineArn}"); var operationId = await wrapper.DisableBaselineAsync(baselineArn); Console.WriteLine($"Disabled baseline operation id: {operationId}"); if (alreadyEnabled) { Console.WriteLine($"\nRe-enabling Control Tower Baseline: {baselineArn}"); // Re-enable the Control Tower baseline if it was originally enabled. await wrapper.EnableBaselineAsync(ouArn, controlTowerBaseline.Arn, "5.0", icBaselineArn ?? ""); } } } } } } // Managing Controls Console.WriteLine("\nManaging Controls:"); var controls = await wrapper.ListControlsAsync(); Console.WriteLine("\nListing first 5 available Controls:"); for (int i = 0; i < Math.Min(5, controls.Count); i++) { Console.WriteLine($"{i + 1}. {controls[i].Name} - {controls[i].Arn}"); } if (useLandingZone && ouArn != null) { var enabledControls = await wrapper.ListEnabledControlsAsync(ouArn); Console.WriteLine("\nListing enabled controls:"); for (int i = 0; i < enabledControls.Count; i++) { Console.WriteLine($"{i + 1}. {enabledControls[i].ControlIdentifier}"); } // Find first non-enabled control var enabledControlArns = enabledControls.Select(c => c.Arn).ToHashSet(); var controlArn = controls.FirstOrDefault(c => !enabledControlArns.Contains(c.Arn))?.Arn; if (controlArn != null) { Console.Write($"\nDo you want to enable the control {controlArn}? (y/n): "); if (GetUserConfirmation()) { Console.WriteLine($"\nEnabling control: {controlArn}"); var operationId = await wrapper.EnableControlAsync(controlArn, ouArn); if (operationId != null) { Console.WriteLine($"Enabled control with operation id: {operationId}"); Console.Write("\nDo you want to disable the control? (y/n): "); if (GetUserConfirmation()) { Console.WriteLine("\nDisabling the control..."); var disableOpId = await wrapper.DisableControlAsync(controlArn, ouArn); Console.WriteLine($"Disable operation ID: {disableOpId}"); } } } } } Console.WriteLine("\nThis concludes the example scenario."); Console.WriteLine("Thanks for watching!"); Console.WriteLine(new string('-', 88)); } catch (Exception ex) { logger.LogError(ex, "An error occurred during the Control Tower scenario."); Console.WriteLine($"An error occurred: {ex.Message}"); } } /// <summary> /// Sets up AWS Organizations and creates or finds a Sandbox OU. /// </summary> /// <returns>The ARN of the Sandbox organizational unit.</returns> private static async Task<string> SetupOrganizationAsync() { Console.WriteLine("\nChecking organization status..."); try { var orgResponse = await orgClient!.DescribeOrganizationAsync(new DescribeOrganizationRequest()); var orgId = orgResponse.Organization.Id; Console.WriteLine($"Account is part of organization: {orgId}"); } catch (AWSOrganizationsNotInUseException) { Console.WriteLine("No organization found. Creating a new organization..."); var createResponse = await orgClient!.CreateOrganizationAsync(new CreateOrganizationRequest { FeatureSet = OrganizationFeatureSet.ALL }); var orgId = createResponse.Organization.Id; Console.WriteLine($"Created new organization: {orgId}"); } // Look for Sandbox OU var roots = await orgClient.ListRootsAsync(new ListRootsRequest()); var rootId = roots.Roots[0].Id; Console.WriteLine("Checking for Sandbox OU..."); var ous = await orgClient.ListOrganizationalUnitsForParentAsync(new ListOrganizationalUnitsForParentRequest { ParentId = rootId }); var sandboxOu = ous.OrganizationalUnits.FirstOrDefault(ou => ou.Name == "Sandbox"); if (sandboxOu == null) { Console.WriteLine("Creating Sandbox OU..."); var createOuResponse = await orgClient.CreateOrganizationalUnitAsync(new CreateOrganizationalUnitRequest { ParentId = rootId, Name = "Sandbox" }); sandboxOu = createOuResponse.OrganizationalUnit; Console.WriteLine($"Created new Sandbox OU: {sandboxOu.Id}"); } else { Console.WriteLine($"Found existing Sandbox OU: {sandboxOu.Id}"); } return sandboxOu.Arn; } /// <summary> /// Gets user confirmation by waiting for input or returning true if not interactive. /// </summary> /// <returns>True if user enters 'y' or if isInteractive is false, otherwise false.</returns> private static bool GetUserConfirmation() { return Console.ReadLine()?.ToLower() == "y" || !isInteractive; } }案例呼叫用以管理 Aurora 動作的包裝函式方式。
using Amazon.ControlCatalog; using Amazon.ControlCatalog.Model; using Amazon.ControlTower; using Amazon.ControlTower.Model; using ValidationException = Amazon.ControlTower.Model.ValidationException; namespace ControlTowerActions; /// <summary> /// Methods to perform AWS Control Tower actions. /// </summary> public class ControlTowerWrapper { private readonly IAmazonControlTower _controlTowerService; private readonly IAmazonControlCatalog _controlCatalogService; /// <summary> /// Constructor for the wrapper class containing AWS Control Tower actions. /// </summary> /// <param name="controlTowerService">The AWS Control Tower client object.</param> /// <param name="controlCatalogService">The AWS Control Catalog client object.</param> public ControlTowerWrapper(IAmazonControlTower controlTowerService, IAmazonControlCatalog controlCatalogService) { _controlTowerService = controlTowerService; _controlCatalogService = controlCatalogService; } /// <summary> /// List the AWS Control Tower landing zones for an account. /// </summary> /// <returns>A list of LandingZoneSummary objects.</returns> public async Task<List<LandingZoneSummary>> ListLandingZonesAsync() { try { var landingZones = new List<LandingZoneSummary>(); var landingZonesPaginator = _controlTowerService.Paginators.ListLandingZones(new ListLandingZonesRequest()); await foreach (var response in landingZonesPaginator.Responses) { landingZones.AddRange(response.LandingZones); } return landingZones; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list landing zones. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// List all baselines. /// </summary> /// <returns>A list of baseline summaries.</returns> public async Task<List<BaselineSummary>> ListBaselinesAsync() { try { var baselines = new List<BaselineSummary>(); var baselinesPaginator = _controlTowerService.Paginators.ListBaselines(new ListBaselinesRequest()); await foreach (var response in baselinesPaginator.Responses) { baselines.AddRange(response.Baselines); } return baselines; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list baselines. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// List all enabled baselines. /// </summary> /// <returns>A list of enabled baseline summaries.</returns> public async Task<List<EnabledBaselineSummary>> ListEnabledBaselinesAsync() { try { var enabledBaselines = new List<EnabledBaselineSummary>(); var enabledBaselinesPaginator = _controlTowerService.Paginators.ListEnabledBaselines(new ListEnabledBaselinesRequest()); await foreach (var response in enabledBaselinesPaginator.Responses) { enabledBaselines.AddRange(response.EnabledBaselines); } return enabledBaselines; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list enabled baselines. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// Enable a baseline for the specified target. /// </summary> /// <param name="targetIdentifier">The ARN of the target.</param> /// <param name="baselineIdentifier">The identifier of baseline to enable.</param> /// <param name="baselineVersion">The version of baseline to enable.</param> /// <param name="identityCenterBaseline">The identifier of identity center baseline if it is enabled.</param> /// <returns>The enabled baseline ARN or null.</returns> public async Task<string?> EnableBaselineAsync(string targetIdentifier, string baselineIdentifier, string baselineVersion, string identityCenterBaseline) { try { var parameters = new List<EnabledBaselineParameter>(); if (!string.IsNullOrEmpty(identityCenterBaseline)) { parameters.Add( new EnabledBaselineParameter { Key = "IdentityCenterEnabledBaselineArn", Value = identityCenterBaseline }); } var request = new EnableBaselineRequest { BaselineIdentifier = baselineIdentifier, BaselineVersion = baselineVersion, TargetIdentifier = targetIdentifier, Parameters = parameters }; var response = await _controlTowerService.EnableBaselineAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetBaselineOperationAsync(operationId); Console.WriteLine($"Baseline operation status: {status}"); if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return response.Arn; } catch (ValidationException ex) { if (ex.Message.Contains("already enabled")) Console.WriteLine("Baseline is already enabled for this target"); else { Console.WriteLine(ex.Message); } // Write the message and return null if baseline cannot be enabled. return null; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't enable baseline. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// Disable a baseline for a specific target and wait for the operation to complete. /// </summary> /// <param name="enabledBaselineIdentifier">The identifier of the baseline to disable.</param> /// <returns>The operation ID or null if there was a conflict.</returns> public async Task<string?> DisableBaselineAsync(string enabledBaselineIdentifier) { try { var request = new DisableBaselineRequest { EnabledBaselineIdentifier = enabledBaselineIdentifier }; var response = await _controlTowerService.DisableBaselineAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetBaselineOperationAsync(operationId); Console.WriteLine($"Baseline operation status: {status}"); if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (ConflictException ex) { Console.WriteLine($"Conflict disabling baseline: {ex.Message}. Skipping disable step."); return null; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't disable baseline. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// Reset an enabled baseline for a specific target. /// </summary> /// <param name="enabledBaselineIdentifier">The identifier of the enabled baseline to reset.</param> /// <returns>The operation ID.</returns> public async Task<string> ResetEnabledBaselineAsync(string enabledBaselineIdentifier) { try { var request = new ResetEnabledBaselineRequest { EnabledBaselineIdentifier = enabledBaselineIdentifier }; var response = await _controlTowerService.ResetEnabledBaselineAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetBaselineOperationAsync(operationId); Console.WriteLine($"Baseline operation status: {status}"); if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Target not found, unable to reset enabled baseline."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't reset enabled baseline. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// Get the status of a baseline operation. /// </summary> /// <param name="operationId">The ID of the baseline operation.</param> /// <returns>The operation status.</returns> public async Task<BaselineOperationStatus> GetBaselineOperationAsync(string operationId) { try { var request = new GetBaselineOperationRequest { OperationIdentifier = operationId }; var response = await _controlTowerService.GetBaselineOperationAsync(request); return response.BaselineOperation.Status; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Operation not found."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't get baseline operation status. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// List enabled controls for a target organizational unit. /// </summary> /// <param name="targetIdentifier">The target organizational unit identifier.</param> /// <returns>A list of enabled control summaries.</returns> public async Task<List<EnabledControlSummary>> ListEnabledControlsAsync(string targetIdentifier) { try { var request = new ListEnabledControlsRequest { TargetIdentifier = targetIdentifier }; var enabledControls = new List<EnabledControlSummary>(); var enabledControlsPaginator = _controlTowerService.Paginators.ListEnabledControls(request); await foreach (var response in enabledControlsPaginator.Responses) { enabledControls.AddRange(response.EnabledControls); } return enabledControls; } catch (Amazon.ControlTower.Model.ResourceNotFoundException ex) when (ex.Message.Contains("not registered with AWS Control Tower")) { Console.WriteLine("AWS Control Tower must be enabled to work with enabling controls."); return new List<EnabledControlSummary>(); } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list enabled controls. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// Enable a control for a specified target. /// </summary> /// <param name="controlArn">The ARN of the control to enable.</param> /// <param name="targetIdentifier">The identifier of the target (e.g., OU ARN).</param> /// <returns>The operation ID or null if already enabled.</returns> public async Task<string?> EnableControlAsync(string controlArn, string targetIdentifier) { try { Console.WriteLine(controlArn); Console.WriteLine(targetIdentifier); var request = new EnableControlRequest { ControlIdentifier = controlArn, TargetIdentifier = targetIdentifier }; var response = await _controlTowerService.EnableControlAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetControlOperationAsync(operationId); Console.WriteLine($"Control operation status: {status}"); if (status == ControlOperationStatus.SUCCEEDED || status == ControlOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (Amazon.ControlTower.Model.ValidationException ex) when (ex.Message.Contains("already enabled")) { Console.WriteLine("Control is already enabled for this target"); return null; } catch (Amazon.ControlTower.Model.ResourceNotFoundException ex) when (ex.Message.Contains("not registered with AWS Control Tower")) { Console.WriteLine("AWS Control Tower must be enabled to work with enabling controls."); return null; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't enable control. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// Disable a control for a specified target. /// </summary> /// <param name="controlArn">The ARN of the control to disable.</param> /// <param name="targetIdentifier">The identifier of the target (e.g., OU ARN).</param> /// <returns>The operation ID.</returns> public async Task<string> DisableControlAsync(string controlArn, string targetIdentifier) { try { var request = new DisableControlRequest { ControlIdentifier = controlArn, TargetIdentifier = targetIdentifier }; var response = await _controlTowerService.DisableControlAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetControlOperationAsync(operationId); Console.WriteLine($"Control operation status: {status}"); if (status == ControlOperationStatus.SUCCEEDED || status == ControlOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Control not found."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't disable control. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// Get the status of a control operation. /// </summary> /// <param name="operationId">The ID of the control operation.</param> /// <returns>The operation status.</returns> public async Task<ControlOperationStatus> GetControlOperationAsync(string operationId) { try { var request = new GetControlOperationRequest { OperationIdentifier = operationId }; var response = await _controlTowerService.GetControlOperationAsync(request); return response.ControlOperation.Status; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Operation not found."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't get control operation status. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } /// <summary> /// List all controls in the Control Tower control catalog. /// </summary> /// <returns>A list of control summaries.</returns> public async Task<List<ControlSummary>> ListControlsAsync() { try { var controls = new List<ControlSummary>(); var controlsPaginator = _controlCatalogService.Paginators.ListControls(new Amazon.ControlCatalog.Model.ListControlsRequest()); await foreach (var response in controlsPaginator.Responses) { controls.AddRange(response.Controls); } return controls; } catch (AmazonControlCatalogException ex) { Console.WriteLine($"Couldn't list controls. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } } }
動作
以下程式碼範例顯示如何使用 DisableBaseline。
- SDK for .NET (v4)
-
注意
GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /// <summary> /// Disable a baseline for a specific target and wait for the operation to complete. /// </summary> /// <param name="enabledBaselineIdentifier">The identifier of the baseline to disable.</param> /// <returns>The operation ID or null if there was a conflict.</returns> public async Task<string?> DisableBaselineAsync(string enabledBaselineIdentifier) { try { var request = new DisableBaselineRequest { EnabledBaselineIdentifier = enabledBaselineIdentifier }; var response = await _controlTowerService.DisableBaselineAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetBaselineOperationAsync(operationId); Console.WriteLine($"Baseline operation status: {status}"); if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (ConflictException ex) { Console.WriteLine($"Conflict disabling baseline: {ex.Message}. Skipping disable step."); return null; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't disable baseline. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
如需 API 詳細資訊,請參閱《AWS SDK for .NET API 參考》中的 DisableBaseline。
-
以下程式碼範例顯示如何使用 DisableControl。
- SDK for .NET (v4)
-
注意
GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /// <summary> /// Disable a control for a specified target. /// </summary> /// <param name="controlArn">The ARN of the control to disable.</param> /// <param name="targetIdentifier">The identifier of the target (e.g., OU ARN).</param> /// <returns>The operation ID.</returns> public async Task<string> DisableControlAsync(string controlArn, string targetIdentifier) { try { var request = new DisableControlRequest { ControlIdentifier = controlArn, TargetIdentifier = targetIdentifier }; var response = await _controlTowerService.DisableControlAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetControlOperationAsync(operationId); Console.WriteLine($"Control operation status: {status}"); if (status == ControlOperationStatus.SUCCEEDED || status == ControlOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Control not found."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't disable control. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
如需 API 詳細資訊,請參閱《AWS SDK for .NET API 參考》中的 DisableControl。
-
以下程式碼範例顯示如何使用 EnableBaseline。
- SDK for .NET (v4)
-
注意
GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /// <summary> /// Enable a baseline for the specified target. /// </summary> /// <param name="targetIdentifier">The ARN of the target.</param> /// <param name="baselineIdentifier">The identifier of baseline to enable.</param> /// <param name="baselineVersion">The version of baseline to enable.</param> /// <param name="identityCenterBaseline">The identifier of identity center baseline if it is enabled.</param> /// <returns>The enabled baseline ARN or null.</returns> public async Task<string?> EnableBaselineAsync(string targetIdentifier, string baselineIdentifier, string baselineVersion, string identityCenterBaseline) { try { var parameters = new List<EnabledBaselineParameter>(); if (!string.IsNullOrEmpty(identityCenterBaseline)) { parameters.Add( new EnabledBaselineParameter { Key = "IdentityCenterEnabledBaselineArn", Value = identityCenterBaseline }); } var request = new EnableBaselineRequest { BaselineIdentifier = baselineIdentifier, BaselineVersion = baselineVersion, TargetIdentifier = targetIdentifier, Parameters = parameters }; var response = await _controlTowerService.EnableBaselineAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetBaselineOperationAsync(operationId); Console.WriteLine($"Baseline operation status: {status}"); if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return response.Arn; } catch (ValidationException ex) { if (ex.Message.Contains("already enabled")) Console.WriteLine("Baseline is already enabled for this target"); else { Console.WriteLine(ex.Message); } // Write the message and return null if baseline cannot be enabled. return null; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't enable baseline. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
如需 API 詳細資訊,請參閱《AWS SDK for .NET API 參考》中的 EnableBaseline。
-
以下程式碼範例顯示如何使用 EnableControl。
- SDK for .NET (v4)
-
注意
GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /// <summary> /// Enable a control for a specified target. /// </summary> /// <param name="controlArn">The ARN of the control to enable.</param> /// <param name="targetIdentifier">The identifier of the target (e.g., OU ARN).</param> /// <returns>The operation ID or null if already enabled.</returns> public async Task<string?> EnableControlAsync(string controlArn, string targetIdentifier) { try { Console.WriteLine(controlArn); Console.WriteLine(targetIdentifier); var request = new EnableControlRequest { ControlIdentifier = controlArn, TargetIdentifier = targetIdentifier }; var response = await _controlTowerService.EnableControlAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetControlOperationAsync(operationId); Console.WriteLine($"Control operation status: {status}"); if (status == ControlOperationStatus.SUCCEEDED || status == ControlOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (Amazon.ControlTower.Model.ValidationException ex) when (ex.Message.Contains("already enabled")) { Console.WriteLine("Control is already enabled for this target"); return null; } catch (Amazon.ControlTower.Model.ResourceNotFoundException ex) when (ex.Message.Contains("not registered with AWS Control Tower")) { Console.WriteLine("AWS Control Tower must be enabled to work with enabling controls."); return null; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't enable control. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
如需 API 詳細資訊,請參閱《AWS SDK for .NET API 參考》中的 EnableControl。
-
以下程式碼範例顯示如何使用 GetBaselineOperation。
- SDK for .NET (v4)
-
注意
GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /// <summary> /// Get the status of a baseline operation. /// </summary> /// <param name="operationId">The ID of the baseline operation.</param> /// <returns>The operation status.</returns> public async Task<BaselineOperationStatus> GetBaselineOperationAsync(string operationId) { try { var request = new GetBaselineOperationRequest { OperationIdentifier = operationId }; var response = await _controlTowerService.GetBaselineOperationAsync(request); return response.BaselineOperation.Status; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Operation not found."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't get baseline operation status. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
如需 API 詳細資訊,請參閱《AWS SDK for .NET API 參考》中的 GetBaselineOperation。
-
以下程式碼範例顯示如何使用 GetControlOperation。
- SDK for .NET (v4)
-
注意
GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /// <summary> /// Get the status of a control operation. /// </summary> /// <param name="operationId">The ID of the control operation.</param> /// <returns>The operation status.</returns> public async Task<ControlOperationStatus> GetControlOperationAsync(string operationId) { try { var request = new GetControlOperationRequest { OperationIdentifier = operationId }; var response = await _controlTowerService.GetControlOperationAsync(request); return response.ControlOperation.Status; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Operation not found."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't get control operation status. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
如需 API 詳細資訊,請參閱《AWS SDK for .NET API 參考》中的 GetControlOperation。
-
以下程式碼範例顯示如何使用 ListBaselines。
- SDK for .NET (v4)
-
注意
GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /// <summary> /// List all baselines. /// </summary> /// <returns>A list of baseline summaries.</returns> public async Task<List<BaselineSummary>> ListBaselinesAsync() { try { var baselines = new List<BaselineSummary>(); var baselinesPaginator = _controlTowerService.Paginators.ListBaselines(new ListBaselinesRequest()); await foreach (var response in baselinesPaginator.Responses) { baselines.AddRange(response.Baselines); } return baselines; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list baselines. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
如需 API 詳細資訊,請參閱《AWS SDK for .NET API 參考》中的 ListBaselines。
-
以下程式碼範例顯示如何使用 ListEnabledBaselines。
- SDK for .NET (v4)
-
注意
GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /// <summary> /// List all enabled baselines. /// </summary> /// <returns>A list of enabled baseline summaries.</returns> public async Task<List<EnabledBaselineSummary>> ListEnabledBaselinesAsync() { try { var enabledBaselines = new List<EnabledBaselineSummary>(); var enabledBaselinesPaginator = _controlTowerService.Paginators.ListEnabledBaselines(new ListEnabledBaselinesRequest()); await foreach (var response in enabledBaselinesPaginator.Responses) { enabledBaselines.AddRange(response.EnabledBaselines); } return enabledBaselines; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list enabled baselines. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
如需 API 詳細資訊,請參閱《AWS SDK for .NET API 參考》中的 ListEnabledBaselines。
-
以下程式碼範例顯示如何使用 ListEnabledControls。
- SDK for .NET (v4)
-
注意
GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /// <summary> /// List enabled controls for a target organizational unit. /// </summary> /// <param name="targetIdentifier">The target organizational unit identifier.</param> /// <returns>A list of enabled control summaries.</returns> public async Task<List<EnabledControlSummary>> ListEnabledControlsAsync(string targetIdentifier) { try { var request = new ListEnabledControlsRequest { TargetIdentifier = targetIdentifier }; var enabledControls = new List<EnabledControlSummary>(); var enabledControlsPaginator = _controlTowerService.Paginators.ListEnabledControls(request); await foreach (var response in enabledControlsPaginator.Responses) { enabledControls.AddRange(response.EnabledControls); } return enabledControls; } catch (Amazon.ControlTower.Model.ResourceNotFoundException ex) when (ex.Message.Contains("not registered with AWS Control Tower")) { Console.WriteLine("AWS Control Tower must be enabled to work with enabling controls."); return new List<EnabledControlSummary>(); } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list enabled controls. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
如需 API 詳細資訊,請參閱《AWS SDK for .NET API 參考》中的 ListEnabledControls。
-
以下程式碼範例顯示如何使用 ListLandingZones。
- SDK for .NET (v4)
-
注意
GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /// <summary> /// List the AWS Control Tower landing zones for an account. /// </summary> /// <returns>A list of LandingZoneSummary objects.</returns> public async Task<List<LandingZoneSummary>> ListLandingZonesAsync() { try { var landingZones = new List<LandingZoneSummary>(); var landingZonesPaginator = _controlTowerService.Paginators.ListLandingZones(new ListLandingZonesRequest()); await foreach (var response in landingZonesPaginator.Responses) { landingZones.AddRange(response.LandingZones); } return landingZones; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't list landing zones. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
如需 API 詳細資訊,請參閱《AWS SDK for .NET API 參考》中的 ListLandingZones。
-
以下程式碼範例顯示如何使用 ResetEnabledBaseline。
- SDK for .NET (v4)
-
注意
GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /// <summary> /// Reset an enabled baseline for a specific target. /// </summary> /// <param name="enabledBaselineIdentifier">The identifier of the enabled baseline to reset.</param> /// <returns>The operation ID.</returns> public async Task<string> ResetEnabledBaselineAsync(string enabledBaselineIdentifier) { try { var request = new ResetEnabledBaselineRequest { EnabledBaselineIdentifier = enabledBaselineIdentifier }; var response = await _controlTowerService.ResetEnabledBaselineAsync(request); var operationId = response.OperationIdentifier; // Wait for operation to complete while (true) { var status = await GetBaselineOperationAsync(operationId); Console.WriteLine($"Baseline operation status: {status}"); if (status == BaselineOperationStatus.SUCCEEDED || status == BaselineOperationStatus.FAILED) { break; } await Task.Delay(30000); // Wait 30 seconds } return operationId; } catch (Amazon.ControlTower.Model.ResourceNotFoundException) { Console.WriteLine("Target not found, unable to reset enabled baseline."); throw; } catch (AmazonControlTowerException ex) { Console.WriteLine($"Couldn't reset enabled baseline. Here's why: {ex.ErrorCode}: {ex.Message}"); throw; } }-
如需 API 詳細資訊,請參閱《AWS SDK for .NET API 參考》中的 ResetEnabledBaseline。
-
