Important
When you enable optional controls, AWS Control Tower creates and manages AWS resources in your accounts. Do not modify or delete resources created by AWS Control Tower. Doing so could result in the controls entering an unknown state.
Note
You can enable preventive and detective controls concurrently.
Controls library groupings
Note
The four mandatory controls with "Sid": "GRCLOUDTRAILENABLED" are identical by design. The sample code is correct.