ctower

ctower is a CLI application for managing GuardRail Controls across Organizational Units on AWS Control Tower.

Installation

pip3 install ctower

Basic Usage


# export your aws cli profile and region
export AWS_REGION=eu-west-1
export AWS_PROFILE=default

# list organizational units in your AWS Organization
ctower ls organizational-units

# List all available GuardRail Controls
ctower ls controls all

# List enabled controls for an organizational unit
ctower ls enabled-controls -ou <organizational-unit-name>

# Apply a singular GuardRail Control to an organizational unit
ctower apply control --to-organizational-unit <ou-name> --control-id <control-id>

# Apply `Strongly Recommended` GuardRail Controls to specified Organizational Unit  
ctower apply strongly-recommended -ou <organizational-unit-name>


# Remove a GuardRail Control from an organizational unit
ctower remove control --to-organizational-unit <ou-name> --control-id <control-id>

# Sync(mirror) `--from-organizational-unit` controls to `--to-organizational-unit`
 ctower sync --from-organizational-unit <ou-from> --to-organizational-unit <ou-to>

Package Management with Poetry

Publishing to PyPI

# get and set the PYPI_USERNAME, PYPI_PASSWORD
poetry publish --build --username $PYPI_USERNAME --password $PYPI_PASSWORD

Generating CLI Documentation

# generate CLI application documentation
poetry shell
typer ctower.main utils docs --name ctower --output CLI-README.md

CLI Documentation

`ctower`

Usage:

$ ctower [OPTIONS] COMMAND [ARGS]...

Options:

--install-completion: Install completion for the current shell.
--show-completion: Show completion for the current shell, to copy it or customize the installation.
--help: Show this message and exit.

Commands:

apply
ls
remove
sync

`ctower apply`

Usage:

$ ctower apply [OPTIONS] COMMAND [ARGS]...

Options:

--help: Show this message and exit.

Commands:

control
strongly-recommended

`ctower apply control`

Usage:

$ ctower apply control [OPTIONS]

Options:

-ou, --organizational-unit TEXT: ID or Name of Organizational Unit to get the controls from. [required]
-cid, --control-id TEXT: Control Identifier. Try: ls controls all command [required]
--help: Show this message and exit.

`ctower apply strongly-recommended`

Usage:

$ ctower apply strongly-recommended [OPTIONS]

Options:

-ou, --organizational-unit TEXT: ID or Name of Organizational Unit to apply GuardRail controls. Try: ls organizational-units command [required]
--help: Show this message and exit.

`ctower ls`

Usage:

$ ctower ls [OPTIONS] COMMAND [ARGS]...

Options:

--help: Show this message and exit.

Commands:

controls
enabled-controls
organizational-units

`ctower ls controls`

Usage:

$ ctower ls controls [OPTIONS] COMMAND [ARGS]...

Options:

--help: Show this message and exit.

Commands:

all
data-residency
elective
strongly-recommended

`ctower ls controls all`

Usage:

$ ctower ls controls all [OPTIONS]

Options:

--help: Show this message and exit.

`ctower ls controls data-residency`

Usage:

$ ctower ls controls data-residency [OPTIONS]

Options:

--help: Show this message and exit.

`ctower ls controls elective`

Usage:

$ ctower ls controls elective [OPTIONS]

Options:

--help: Show this message and exit.

`ctower ls controls strongly-recommended`

Usage:

$ ctower ls controls strongly-recommended [OPTIONS]

Options:

--help: Show this message and exit.

`ctower ls enabled-controls`

Usage:

$ ctower ls enabled-controls [OPTIONS]

Options:

-ou, --organizational-unit TEXT: ID or Name of Organizational Unit to list its enabled controls. Try: ls organizational-units command [required]
--help: Show this message and exit.

`ctower ls organizational-units`

Usage:

$ ctower ls organizational-units [OPTIONS]

Options:

--help: Show this message and exit.

`ctower remove`

Usage:

$ ctower remove [OPTIONS] COMMAND [ARGS]...

Options:

--help: Show this message and exit.

`ctower sync`

Usage:

$ ctower sync [OPTIONS]

Options:

-fou, --from-organizational-unit TEXT: ID or Name of Organizational Unit to get the controls from. [required]
-tou, --to-organizational-unit TEXT: ID or Name of Organizational Unit to apply GuardRail controls to. [required]
--help: Show this message and exit.

Screenshots:

List Organizational Units for current Organization
List available GuardRails Controls
List enabled GuardRails for Organizational Unit
Apply a GuardRail Control to Organizational Unit
Remove a GuardRail Control from Organizational Unit
Mirror Controls from OU to another OU

ctower
ctower copied to clipboard

Metadata

ctower

Installation

Basic Usage

Package Management with Poetry

Publishing to PyPI

Generating CLI Documentation

CLI Documentation

`ctower`

`ctower apply`

`ctower apply control`

`ctower apply strongly-recommended`

`ctower ls`

`ctower ls controls`

`ctower ls controls all`

`ctower ls controls data-residency`

`ctower ls controls elective`

`ctower ls controls strongly-recommended`

`ctower ls enabled-controls`

`ctower ls organizational-units`

`ctower remove`

`ctower sync`

← Metadata

Owner

Metadata

ctower ctower copied to clipboard

Metadata

ctower

Installation

Basic Usage

Package Management with Poetry

Publishing to PyPI

Generating CLI Documentation

CLI Documentation

ctower

ctower apply

ctower apply control

ctower apply strongly-recommended

ctower ls

ctower ls controls

ctower ls controls all

ctower ls controls data-residency

ctower ls controls elective

ctower ls controls strongly-recommended

ctower ls enabled-controls

ctower ls organizational-units

ctower remove

ctower sync

← Metadata

Owner

Metadata

ctower
ctower copied to clipboard

`ctower`

`ctower apply`

`ctower apply control`

`ctower apply strongly-recommended`

`ctower ls`

`ctower ls controls`

`ctower ls controls all`

`ctower ls controls data-residency`

`ctower ls controls elective`

`ctower ls controls strongly-recommended`

`ctower ls enabled-controls`

`ctower ls organizational-units`

`ctower remove`

`ctower sync`