2025 05 14

AWS – AWS Control Tower introduces account-level reporting for baseline APIs

AWS Control Tower customers can now programmatically view statuses for their governed accounts via baseline APIs. The AWS Control Tower baseline contains best practice configurations, controls, and resources required for governance. When you enable this baseline on an organizational unit (OU), member accounts within the OU will be enrolled under governance.

With this new experience, you can use baseline status to view enrollment for your accounts and use drift status to identify when account and OU baseline configurations are out of sync. In addition to seeing statuses for your accounts and OUs in the AWS Control Tower console, you can the ListEnabledBaselines API to view statuses for your enabled baselines. To view statuses for individual accounts, use the “includeChildren” flag. You can filter by these statuses to view only the accounts and OUs which require your attention. These APIs include AWS CloudFormation support, allowing you to build automations to manage your OUs and accounts with infrastructure as code (IaC).

To learn more about these APIs, review Baselines and API References in the AWS Control Tower User Guide. Baseline APIs and the newly launched reporting capabilities are available in all AWS Regions where AWS Control Tower is available. For a list of AWS Regions where AWS Control Tower is available, see the AWS Region Table.

AWS – AWS Control Tower introduces account-level reporting for baseline APIs

Related Posts

AWS – Amazon RDS for Oracle now supports the April 2025 Release Update (RU)

AWS – Amazon Aurora MySQL 3.09 (compatible with MySQL 8.0.40) is now generally available

AWS – Amazon Aurora and RDS for PostgreSQL, MySQL, and MariaDB now offer Reserved Instances for R8g and M8g instances