Help Center/ Resource Governance Center/ API Reference/ APIs/ Governing the Landing Zone/ Querying a Governance Policy Enabled for an Enrolled Account
Updated on 2025-08-22 GMT+08:00

Querying a Governance Policy Enabled for an Enrolled Account

Function

This API is used to query details about a governance policy enabled for an enrolled account in an organization.

URI

GET https://{endpoint}/v1/governance/managed-accounts/{managed_account_id}/controls/{control_id}

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

managed_account_id

Yes

String

ID of an enrolled account.

control_id

Yes

String

Governance policy ID.

Request Parameters

None

Response Parameters

Status code: 200

Table 2 Response body parameters

Parameter

Type

Description

control

EnabledControl object

Enabled governance policies.

regions

Array of RegionConfigurationList objects

Region information.

state

String

Status.

message

String

Status description.

version

String

Version of the current governance policy.

Table 3 EnabledControl

Parameter

Type

Description

manage_account_id

String

Management account ID.

control_identifier

String

Governance policy ID.

name

String

Name of a governance policy.

description

String

Description of a governance policy.

control_objective

String

Pre-defined objective that the governance policy helps you enforce.

behavior

String

Type of a governance policy. A governance policy can be preventive, detective, or proactive.

owner

String

Source of a governance policy.

regional_preference

String

Region options. It can be regional or global.

Table 4 RegionConfigurationList

Parameter

Type

Description

region

String

Region name.

region_configuration_status

String

Region status.

Status code: 403

Table 5 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

request_id

String

Unique ID of the request.

encoded_authorization_message

String

Encrypted error message.

details

Array of ForbiddenErrorDetail objects

Error message indicating no permissions for cross-service invoking.

Table 6 ForbiddenErrorDetail

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

Example Requests

Querying details about a governance policy enabled for an enrolled account in an organization

GET https://{endpoint}/v1/governance/managed-accounts/{managed_account_id}/controls/{control_id}

Example Responses

Status code: 200

Request succeeded.

{
  "control" : {
    "manage_account_id" : "string",
    "control_identifier" : "string",
    "name" : "string",
    "description" : "string",
    "control_objective" : "string",
    "behavior" : "string",
    "owner" : "string",
    "regional_preference" : "string"
  },
  "regions" : [ {
    "region" : "string",
    "region_configuration_status" : "string"
  } ],
  "state" : "string",
  "message" : "string",
  "version" : "string"
}

Status Codes

Status Code

Description

200

Request succeeded.

403

No permissions.

Error Codes

See Error Codes.