controltower get-landing-zone manifest inconsistent with documentation

[jusdino]

Describe the issue

Reading the AWS CLI docs page for the aws controltower get-landing-zone command, I read:

manifest -> (document)

The landing zone manifest.yaml text file that specifies the landing zone configurations.

which would make me expect that the manifest field would have something like what is described in the ControlTower docs here. Instead, it has some json data that doesn't seem to match that at all.

What I would expect to see

Something like

{
    "landingZone": {
        "arn": "arn:aws:controltower:us-east-1:012345678901:landingzone/FOOFOO",
        "driftStatus": {
            "status": "IN_SYNC"
        },
        "latestAvailableVersion": "3.2",
        "manifest": {
            "region": "us-east-1",
            "version": "2021-03-15",
            "resources": [
                {
                    "name": [String],
                    "resource_file": [String],
                    "deployment_targets": [...],
                    "parameters": [...],
                    "deploy_method": [String],
                    ...
                }
            ],
        },
        "status": "ACTIVE",
        "version": "3.2"
    }
}

What I actually see

{
    "landingZone": {
        "arn": "arn:aws:controltower:us-east-1:012345678901:landingzone/FOOFOO",
        "driftStatus": {
            "status": "IN_SYNC"
        },
        "latestAvailableVersion": "3.2",
        "manifest": {
            "accessManagement": {
                "enabled": true
            },
            "securityRoles": {
                "accountId": "123456789012"
            },
            "governedRegions": [
                "us-east-1"
            ],
            "organizationStructure": {
                "security": {
                    "name": "Security"
                }
            },
            "centralizedLogging": {
                "accountId": "234567890123",
                "configurations": {
                    "loggingBucket": {
                        "retentionDays": 365
                    },
                    "kmsKeyArn": "arn:aws:kms:us-east-1:012345678901:key/12345678-4321-4abc-b123-12345678901",
                    "accessLoggingBucket": {
                        "retentionDays": 3650
                    }
                },
                "enabled": true
            }
        },
        "status": "ACTIVE",
        "version": "3.2"
    }
}

Links

https://docs.aws.amazon.com/cli/latest/reference/controltower/get-landing-zone.html https://docs.aws.amazon.com/controltower/latest/APIReference/API_GetLandingZone.html

[tim-finnigan]

Hi @jusdino thanks for reaching out. Could your share your debug logs (with any sensitive info redacted) by adding --debug to that command? That will help us with further investigation into this issue.

[jusdino]

Sure thing. Not sure how much value it will add though - the response is literally just what the API is returning. debug.log

[tim-finnigan]

Thanks @jusdino. I'm going to reach out to the ControlTower team regarding this issue as it involves the underlying GetLandingZone API. Will also transfer this to our cross-SDK repository as service APIs are used across SDKs. (ref: V1140610860)

[tim-finnigan]

I heard back from a member of the service team who noted that the Control Tower documentation was linking to an incorrect page which shows the manifest for some other resource. (This was the page you originally linked).

They have fixed their documentation page so that it no longer links to the incorrect page. The example in this page should correctly document manifest.

Thanks again for reporting, and if you see any issues related to this please let us know so that we can escalate them to the appropriate team. We also recommend using the Provide feedback links at the bottom of API documentation pages to send feedback directly.

[github-actions[bot]]

This issue is now closed.

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.