AWS Control Tower Update: Updated the descriptions for the AWS Control Tower Baseline APIs to make them more intuitive.

AWS · AWS · commit 174872743ec6 · 2025-05-15T18:16:16.000Z
diff --git a/.changes/next-release/feature-AWSControlTower-e5ee67a.json b/.changes/next-release/feature-AWSControlTower-e5ee67a.json
@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "AWS Control Tower",
+    "contributor": "",
+    "description": "Updated the descriptions for the AWS Control Tower Baseline APIs to make them more intuitive."
+}
diff --git a/services/controltower/src/main/resources/codegen-resources/service-2.json b/services/controltower/src/main/resources/codegen-resources/service-2.json
@@ -1088,7 +1088,7 @@
           "documentation":"<p>The types of drift that can be detected for an enabled baseline. Amazon Web Services Control Tower detects inheritance drift on enabled baselines that apply at the OU level. </p>"
         }
       },
-      "documentation":"<p>The drift summary of the enabled baseline. Amazon Web Services Control Tower reports inheritance drift when an enabled baseline configuration of a member account is different than the configuration that applies to the OU. Amazon Web Services Control Tower reports this type of drift for a parent or child enabled baseline. One way to repair this drift by resetting the parent enabled baseline, on the OU.</p> <p>For example, if an account is moved between OUs that share the same baseline but different versions or parameters, the entity from the previous OU is unlinked; that (previous) OU reports <i>inheritance drift</i>. Also, the parent enabled baseline on the destination OU reports <i>inheritance drift</i>; it is missing the newly moved account. The configurations do not match for either OU, so both are in a state of inheritance drift.</p>"
+      "documentation":"<p>The drift summary of the enabled baseline. Amazon Web Services Control Tower reports inheritance drift when an enabled baseline configuration of a member account is different than the configuration that applies to the OU. Amazon Web Services Control Tower reports this type of drift for a parent or child enabled baseline. One way to repair this drift by resetting the parent enabled baseline, on the OU.</p> <p>For example, you may see this type of drift if you move accounts between OUs, but the accounts are not yet (re-)enrolled.</p>"
     },
     "EnabledBaselineDriftStatuses":{
       "type":"list",
@@ -1101,7 +1101,7 @@
       "members":{
         "inheritance":{
           "shape":"EnabledBaselineInheritanceDrift",
-          "documentation":"<p>One or more accounts within the target OU does not match the baseline configuration defined on that OU. An account is in inheritance drift when it does not match the configuration of a parent OU, possibly a new parent OU if the account is moved. </p>"
+          "documentation":"<p>At least one account within the target OU does not match the baseline configuration defined on that OU. An account is in inheritance drift when it does not match the configuration of a parent OU, possibly a new parent OU, if the account is moved. </p>"
         }
       },
       "documentation":"<p>The types of drift that can be detected for an enabled baseline.</p> <ul> <li> <p> Amazon Web Services Control Tower detects inheritance drift on the enabled baselines that target OUs: <code>AWSControlTowerBaseline</code> and <code>BackupBaseline</code>. </p> </li> <li> <p>Amazon Web Services Control Tower does not detect drift on the baselines that apply to your landing zone: <code>IdentityCenterBaseline</code>, <code>AuditBaseline</code>, <code>LogArchiveBaseline</code>, <code>BackupCentralVaultBaseline</code>, or <code>BackupAdminBaseline</code>. For more information, see <a href=\"https://docs.aws.amazon.com/controltower/latest/userguide/types-of-baselines.html\">Types of baselines</a>.</p> </li> </ul> <p>Baselines enabled on an OU are inherited by its member accounts as child <code>EnabledBaseline</code> resources. The baseline on the OU serves as the parent <code>EnabledBaseline</code>, which governs the configuration of each child <code>EnabledBaseline</code>.</p> <p>If the baseline configuration of a member account in an OU does not match the configuration of the parent OU, the parent and child baseline is in a state of inheritance drift. This drift could occur in the <code>AWSControlTowerBaseline</code> or the <code>BackupBaseline</code> related to that account.</p>"
