SdkInternalList<T> accountIds
The 12-digit account ID of the account being aggregated.
Boolean allAwsRegions
If true, aggregate existing Config regions and future regions.
SdkInternalList<T> awsRegions
The source regions being aggregated.
String configRuleName
The name of the Config rule.
Compliance compliance
Indicates whether an Amazon Web Services resource or Config rule is compliant and provides the number of contributors that affect the compliance.
String accountId
The 12-digit account ID of the source account.
String awsRegion
The source region from where the data is aggregated.
String conformancePackName
The name of the conformance pack.
AggregateConformancePackCompliance compliance
The compliance status of the conformance pack.
String accountId
The 12-digit Amazon Web Services account ID of the source account.
String awsRegion
The source Amazon Web Services Region from where the data is aggregated.
String groupName
The 12-digit account ID or region based on the GroupByKey value.
ComplianceSummary complianceSummary
The number of compliant and noncompliant Config rules.
String complianceType
The compliance status of the conformance pack.
Integer compliantRuleCount
The number of compliant Config Rules.
Integer nonCompliantRuleCount
The number of noncompliant Config Rules.
Integer totalRuleCount
Total number of compliant rules, noncompliant rules, and the rules that do not have any applicable resources to evaluate upon resulting in insufficient data.
String conformancePackName
The name of the conformance pack.
String complianceType
The compliance status of the conformance pack.
String accountId
The 12-digit Amazon Web Services account ID of the source account.
String awsRegion
The source Amazon Web Services Region from where the data is aggregated.
AggregateConformancePackComplianceCount complianceSummary
Returns an AggregateConformancePackComplianceCount object.
String groupName
Groups the result based on Amazon Web Services account ID or Amazon Web Services Region.
String sourceId
The source account ID or an organization.
String sourceType
The source account or an organization.
String awsRegion
The region authorized to collect aggregated data.
String lastUpdateStatus
Filters the last updated status type.
Valid value FAILED indicates errors while moving data.
Valid value SUCCEEDED indicates the data was successfully moved.
Valid value OUTDATED indicates the data is not the most recent.
Date lastUpdateTime
The time of the last update.
String lastErrorCode
The error code that Config returned when the source account aggregation last failed.
String lastErrorMessage
The message indicating that the source account aggregation failed due to an error.
EvaluationResultIdentifier evaluationResultIdentifier
Uniquely identifies the evaluation result.
String complianceType
The resource compliance status.
For the AggregationEvaluationResult data type, Config supports only the COMPLIANT and
NON_COMPLIANT. Config does not support the NOT_APPLICABLE and
INSUFFICIENT_DATA value.
Date resultRecordedTime
The time when Config recorded the aggregate evaluation result.
Date configRuleInvokedTime
The time when the Config rule evaluated the Amazon Web Services resource.
String annotation
Supplementary information about how the agrregate evaluation determined the compliance.
String accountId
The 12-digit account ID of the source account.
String awsRegion
The source region from where the data is aggregated.
String sourceAccountId
The 12-digit account ID of the source account.
String sourceRegion
The source region where data is aggregated.
String resourceId
The ID of the Amazon Web Services resource.
String resourceType
The type of the Amazon Web Services resource.
String resourceName
The name of the Amazon Web Services resource.
String aggregationAuthorizationArn
The Amazon Resource Name (ARN) of the aggregation object.
String authorizedAccountId
The 12-digit account ID of the account authorized to aggregate data.
String authorizedAwsRegion
The region authorized to collect aggregated data.
Date creationTime
The time stamp when the aggregation authorization was created.
String version
The version number of the resource configuration.
String accountId
The 12-digit Amazon Web Services account ID associated with the resource.
Date configurationItemCaptureTime
The time when the configuration recording was initiated.
String configurationItemStatus
The configuration item status. The valid values are:
OK – The resource configuration has been updated
ResourceDiscovered – The resource was newly discovered
ResourceNotRecorded – The resource was discovered but its configuration was not recorded since the recorder excludes the recording of resources of this type
ResourceDeleted – The resource was deleted
ResourceDeletedNotRecorded – The resource was deleted but its configuration was not recorded since the recorder excludes the recording of resources of this type
The CIs do not incur any cost.
String configurationStateId
An identifier that indicates the ordering of the configuration items of a resource.
String arn
The Amazon Resource Name (ARN) of the resource.
String resourceType
The type of Amazon Web Services resource.
String resourceId
The ID of the resource (for example., sg-xxxxxx).
String resourceName
The custom name of the resource, if available.
String awsRegion
The region where the resource resides.
String availabilityZone
The Availability Zone associated with the resource.
Date resourceCreationTime
The time stamp when the resource was created.
String configuration
The description of the resource configuration.
Map<K,V> supplementaryConfiguration
Configuration attributes that Config returns for certain resource types to supplement the information returned for the configuration parameter.
String configurationAggregatorName
The name of the configuration aggregator.
SdkInternalList<T> resourceIdentifiers
A list of aggregate ResourceIdentifiers objects.
SdkInternalList<T> baseConfigurationItems
A list that contains the current configuration of one or more resources.
SdkInternalList<T> unprocessedResourceIdentifiers
A list of resource identifiers that were not processed with current scope. The list is empty if all the resources are processed.
SdkInternalList<T> resourceKeys
A list of resource keys to be processed with the current request. Each element in the list consists of the resource type and resource ID.
SdkInternalList<T> baseConfigurationItems
A list that contains the current configuration of one or more resources.
SdkInternalList<T> unprocessedResourceKeys
A list of resource keys that were not processed with the current response. The unprocessesResourceKeys value is in the same form as ResourceKeys, so the value can be directly provided to a subsequent BatchGetResourceConfig operation. If there are no unprocessed resource keys, the response contains an empty unprocessedResourceKeys list.
String complianceType
Indicates whether an Amazon Web Services resource or Config rule is compliant.
A resource is compliant if it complies with all of the Config rules that evaluate it. A resource is noncompliant if it does not comply with one or more of these rules.
A rule is compliant if all of the resources that the rule evaluates comply with it. A rule is noncompliant if any of these resources do not comply.
Config returns the INSUFFICIENT_DATA value when no evaluation results are available for the Amazon
Web Services resource or Config rule.
For the Compliance data type, Config supports only COMPLIANT,
NON_COMPLIANT, and INSUFFICIENT_DATA values. Config does not support the
NOT_APPLICABLE value for the Compliance data type.
ComplianceContributorCount complianceContributorCount
The number of Amazon Web Services resources or Config rules that cause a result of NON_COMPLIANT, up
to a maximum number.
String configRuleName
The name of the Config rule.
Compliance compliance
Indicates whether the Config rule is compliant.
String resourceType
The type of the Amazon Web Services resource that was evaluated.
String resourceId
The ID of the Amazon Web Services resource that was evaluated.
Compliance compliance
Indicates whether the Amazon Web Services resource complies with all of the Config rules that evaluated it.
ComplianceContributorCount compliantResourceCount
The number of Config rules or Amazon Web Services resources that are compliant, up to a maximum of 25 for rules and 100 for resources.
ComplianceContributorCount nonCompliantResourceCount
The number of Config rules or Amazon Web Services resources that are noncompliant, up to a maximum of 25 for rules and 100 for resources.
Date complianceSummaryTimestamp
The time that Config created the compliance summary.
String resourceType
The type of Amazon Web Services resource.
ComplianceSummary complianceSummary
The number of Amazon Web Services resources that are compliant or noncompliant, up to a maximum of 100 for each.
String lastStatus
Status of the last attempted delivery.
String lastErrorCode
The error code from the last attempted delivery.
String lastErrorMessage
The error message from the last attempted delivery.
Date lastAttemptTime
The time of the last attempted delivery.
Date lastSuccessfulTime
The time of the last successful delivery.
Date nextDeliveryTime
The time that the next delivery occurs.
String configRuleName
The name that you assign to the Config rule. The name is required if you are adding a new rule.
String configRuleArn
The Amazon Resource Name (ARN) of the Config rule.
String configRuleId
The ID of the Config rule.
String description
The description that you provide for the Config rule.
Scope scope
Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.
The scope can be empty.
Source source
Provides the rule owner (Amazon Web Services for managed rules, CUSTOM_POLICY for
Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the
notifications that cause the function to evaluate your Amazon Web Services resources.
String inputParameters
A string, in JSON format, that is passed to the Config rule Lambda function.
String maximumExecutionFrequency
The maximum frequency with which Config runs evaluations for a rule. You can specify a value for
MaximumExecutionFrequency when:
This is for an Config managed rule that is triggered at a periodic frequency.
Your custom rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid
value for the MaximumExecutionFrequency parameter.
String configRuleState
Indicates whether the Config rule is active or is currently being deleted by Config. It can also indicate the evaluation status for the Config rule.
Config sets the state of the rule to EVALUATING temporarily after you use the
StartConfigRulesEvaluation request to evaluate your resources against the Config rule.
Config sets the state of the rule to DELETING_RESULTS temporarily after you use the
DeleteEvaluationResults request to delete the current evaluation results for the Config rule.
Config temporarily sets the state of a rule to DELETING after you use the
DeleteConfigRule request to delete the rule. After Config deletes the rule, the rule and all of its
evaluations are erased and are no longer available.
String createdBy
Service principal name of the service that created the rule.
The field is populated only if the service-linked rule is created by a service. The field is empty if you create your own rule.
SdkInternalList<T> evaluationModes
The modes the Config rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.
String configRuleName
The name of the Config rule.
String complianceType
The rule compliance status.
For the ConfigRuleComplianceFilters data type, Config supports only COMPLIANT and
NON_COMPLIANT. Config does not support the NOT_APPLICABLE and the
INSUFFICIENT_DATA values.
String accountId
The 12-digit account ID of the source account.
String awsRegion
The source region where the data is aggregated.
String configRuleName
The name of the Config rule.
String configRuleArn
The Amazon Resource Name (ARN) of the Config rule.
String configRuleId
The ID of the Config rule.
Date lastSuccessfulInvocationTime
The time that Config last successfully invoked the Config rule to evaluate your Amazon Web Services resources.
Date lastFailedInvocationTime
The time that Config last failed to invoke the Config rule to evaluate your Amazon Web Services resources.
Date lastSuccessfulEvaluationTime
The time that Config last successfully evaluated your Amazon Web Services resources against the rule.
Date lastFailedEvaluationTime
The time that Config last failed to evaluate your Amazon Web Services resources against the rule.
Date firstActivatedTime
The time that you first activated the Config rule.
Date lastDeactivatedTime
The time that you last turned off the Config rule.
String lastErrorCode
The error code that Config returned when the rule last failed.
String lastErrorMessage
The error message that Config returned when the rule last failed.
Boolean firstEvaluationStarted
Indicates whether Config has evaluated your resources against the rule at least once.
true - Config has evaluated your Amazon Web Services resources against the rule at least once.
false - Config has not finished evaluating your Amazon Web Services resources against the rule at
least once.
String lastDebugLogDeliveryStatus
The status of the last attempted delivery of a debug log for your Config Custom Policy rules. Either
Successful or Failed.
String lastDebugLogDeliveryStatusReason
The reason Config was not able to deliver a debug log. This is for the last failed attempt to retrieve a debug log for your Config Custom Policy rules.
Date lastDebugLogDeliveryTime
The time Config last attempted to deliver a debug log for your Config Custom Policy rules.
String deliveryFrequency
The frequency with which Config delivers configuration snapshots.
String lastStatus
Status of the last attempted delivery.
Note Providing an SNS topic on a DeliveryChannel for Config is optional. If the SNS delivery is turned off, the last status will be Not_Applicable.
String lastErrorCode
The error code from the last attempted delivery.
String lastErrorMessage
The error message from the last attempted delivery.
Date lastStatusChangeTime
The time from the last status change.
String configurationAggregatorName
The name of the aggregator.
String configurationAggregatorArn
The Amazon Resource Name (ARN) of the aggregator.
SdkInternalList<T> accountAggregationSources
Provides a list of source accounts and regions to be aggregated.
OrganizationAggregationSource organizationAggregationSource
Provides an organization and list of regions to be aggregated.
Date creationTime
The time stamp when the configuration aggregator was created.
Date lastUpdatedTime
The time of the last update.
String createdBy
Amazon Web Services service that created the configuration aggregator.
String version
The version number of the resource configuration.
String accountId
The 12-digit Amazon Web Services account ID associated with the resource.
Date configurationItemCaptureTime
The time when the configuration recording was initiated.
String configurationItemStatus
The configuration item status. The valid values are:
OK – The resource configuration has been updated
ResourceDiscovered – The resource was newly discovered
ResourceNotRecorded – The resource was discovered but its configuration was not recorded since the recorder excludes the recording of resources of this type
ResourceDeleted – The resource was deleted
ResourceDeletedNotRecorded – The resource was deleted but its configuration was not recorded since the recorder excludes the recording of resources of this type
The CIs do not incur any cost.
String configurationStateId
An identifier that indicates the ordering of the configuration items of a resource.
String configurationItemMD5Hash
Unique MD5 hash that represents the configuration item's state.
You can use MD5 hash to compare the states of two or more configuration items that are associated with the same resource.
String arn
Amazon Resource Name (ARN) associated with the resource.
String resourceType
The type of Amazon Web Services resource.
String resourceId
The ID of the resource (for example, sg-xxxxxx).
String resourceName
The custom name of the resource, if available.
String awsRegion
The region where the resource resides.
String availabilityZone
The Availability Zone associated with the resource.
Date resourceCreationTime
The time stamp when the resource was created.
Map<K,V> tags
A mapping of key value tags associated with the resource.
SdkInternalList<T> relatedEvents
A list of CloudTrail event IDs.
A populated field indicates that the current configuration was initiated by the events recorded in the CloudTrail log. For more information about CloudTrail, see What Is CloudTrail.
An empty field indicates that the current configuration was not initiated by any event. As of Version 1.3, the relatedEvents field is empty. You can access the LookupEvents API in the CloudTrail API Reference to retrieve the events for the resource.
SdkInternalList<T> relationships
A list of related Amazon Web Services resources.
String configuration
The description of the resource configuration.
Map<K,V> supplementaryConfiguration
Configuration attributes that Config returns for certain resource types to supplement the information returned
for the configuration parameter.
String name
The name of the configuration recorder. Config automatically assigns the name of "default" when creating the configuration recorder.
You cannot change the name of the configuration recorder after it has been created. To change the configuration recorder name, you must delete it and create a new configuration recorder with a new name.
String roleARN
Amazon Resource Name (ARN) of the IAM role assumed by Config and used by the configuration recorder.
While the API model does not require this field, the server will reject a request without a defined
roleARN for the configuration recorder.
Pre-existing Config role
If you have used an Amazon Web Services service that uses Config, such as Security Hub or Control Tower, and an Config role has already been created, make sure that the IAM role that you use when setting up Config keeps the same minimum permissions as the already created Config role. You must do this so that the other Amazon Web Services service continues to run as expected.
For example, if Control Tower has an IAM role that allows Config to read Amazon Simple Storage Service (Amazon S3) objects, make sure that the same permissions are granted within the IAM role you use when setting up Config. Otherwise, it may interfere with how Control Tower operates. For more information about IAM roles for Config, see Identity and Access Management for Config in the Config Developer Guide.
RecordingGroup recordingGroup
Specifies which resource types Config records for configuration changes.
High Number of Config Evaluations
You may notice increased activity in your account during your initial month recording with Config when compared to subsequent months. During the initial bootstrapping process, Config runs evaluations on all the resources in your account that you have selected for Config to record.
If you are running ephemeral workloads, you may see increased activity from Config as it records configuration changes associated with creating and deleting these temporary resources. An ephemeral workload is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances, Amazon EMR jobs, and Auto Scaling. If you want to avoid the increased activity from running ephemeral workloads, you can run these types of workloads in a separate account with Config turned off to avoid increased configuration recording and rule evaluations.
String name
The name of the configuration recorder.
Date lastStartTime
The time the recorder was last started.
Date lastStopTime
The time the recorder was last stopped.
Boolean recording
Specifies whether or not the recorder is currently recording.
String lastStatus
The status of the latest recording event processed by the recorder.
String lastErrorCode
The latest error code from when the recorder last failed.
String lastErrorMessage
The latest error message from when the recorder last failed.
Date lastStatusChangeTime
The time of the latest change in status of an recording event processed by the recorder.
SdkInternalList<T> configRuleNames
Filters the results by Config rule names.
String complianceType
Filters the results by compliance.
The allowed values are COMPLIANT and NON_COMPLIANT. INSUFFICIENT_DATA is
not supported.
String score
Compliance score for the conformance pack. Conformance packs with no evaluation results will have a compliance
score of INSUFFICIENT_DATA.
String conformancePackName
The name of the conformance pack.
Date lastUpdatedTime
The time that the conformance pack compliance score was last updated.
SdkInternalList<T> conformancePackNames
The names of the conformance packs whose compliance scores you want to include in the conformance pack compliance
score result set. You can include up to 25 conformance packs in the ConformancePackNames array of
strings, each with a character limit of 256 characters for the conformance pack name.
String conformancePackName
Name of the conformance pack.
String conformancePackArn
Amazon Resource Name (ARN) of the conformance pack.
String conformancePackId
ID of the conformance pack.
String deliveryS3Bucket
The name of the Amazon S3 bucket where Config stores conformance pack templates.
This field is optional.
String deliveryS3KeyPrefix
The prefix for the Amazon S3 bucket.
This field is optional.
SdkInternalList<T> conformancePackInputParameters
A list of ConformancePackInputParameter objects.
Date lastUpdateRequestedTime
The last time a conformation pack update was requested.
String createdBy
The Amazon Web Services service that created the conformance pack.
TemplateSSMDocumentDetails templateSSMDocumentDetails
An object that contains the name or Amazon Resource Name (ARN) of the Amazon Web Services Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.
SdkInternalList<T> configRuleNames
Filters the results by Config rule names.
String complianceType
Filters the results by compliance.
The allowed values are COMPLIANT and NON_COMPLIANT. INSUFFICIENT_DATA is
not supported.
String resourceType
Filters the results by the resource type (for example, "AWS::EC2::Instance").
SdkInternalList<T> resourceIds
Filters the results by resource IDs.
This is valid only when you provide resource type. If there is no resource type, you will see an error.
String complianceType
The compliance type. The allowed values are COMPLIANT and NON_COMPLIANT.
INSUFFICIENT_DATA is not supported.
EvaluationResultIdentifier evaluationResultIdentifier
Date configRuleInvokedTime
The time when Config rule evaluated Amazon Web Services resource.
Date resultRecordedTime
The time when Config recorded the evaluation result.
String annotation
Supplementary information about how the evaluation determined the compliance.
String configRuleName
Name of the Config rule.
String complianceType
Compliance of the Config rule.
SdkInternalList<T> controls
Controls for the conformance pack. A control is a process to prevent or detect problems while meeting objectives. A control can align with a specific compliance regime or map to internal controls defined by an organization.
String conformancePackName
Name of the conformance pack.
String conformancePackId
ID of the conformance pack.
String conformancePackArn
Amazon Resource Name (ARN) of comformance pack.
String conformancePackState
Indicates deployment status of conformance pack.
Config sets the state of the conformance pack to:
CREATE_IN_PROGRESS when a conformance pack creation is in progress for an account.
CREATE_COMPLETE when a conformance pack has been successfully created in your account.
CREATE_FAILED when a conformance pack creation failed in your account.
DELETE_IN_PROGRESS when a conformance pack deletion is in progress.
DELETE_FAILED when a conformance pack deletion failed in your account.
String stackArn
Amazon Resource Name (ARN) of CloudFormation stack.
String conformancePackStatusReason
The reason of conformance pack creation failure.
Date lastUpdateRequestedTime
Last time when conformation pack creation and update was requested.
Date lastUpdateCompletedTime
Last time when conformation pack creation and update was successful.
String policyRuntime
The runtime system for your Config Custom Policy rule. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
String policyText
The policy definition containing the logic for your Config Custom Policy rule.
Boolean enableDebugLogDelivery
The boolean expression for enabling debug logging for your Config Custom Policy rule. The default value is
false.
String configRuleName
The name of the Config rule that you want to delete.
String configurationAggregatorName
The name of the configuration aggregator.
String configurationRecorderName
The name of the configuration recorder to be deleted. You can retrieve the name of your configuration recorder by
using the DescribeConfigurationRecorders action.
String conformancePackName
Name of the conformance pack you want to delete.
String deliveryChannelName
The name of the delivery channel to delete.
String configRuleName
The name of the Config rule for which you want to delete the evaluation results.
String organizationConfigRuleName
The name of organization Config rule that you want to delete.
String organizationConformancePackName
The name of organization conformance pack that you want to delete.
String configRuleName
The name of the Config rule for which you want to delete remediation exception configuration.
SdkInternalList<T> resourceKeys
An exception list of resource exception keys to be processed with the current request. Config adds exception for each resource key. For example, Config adds 3 exceptions for 3 resource keys.
SdkInternalList<T> failedBatches
Returns a list of failed delete remediation exceptions batch objects. Each object in the batch consists of a list of failed items and failure messages.
String retentionConfigurationName
The name of the retention configuration to delete.
String queryName
The name of the query that you want to delete.
String deliveryChannelName
The name of the delivery channel through which the snapshot is delivered.
String configSnapshotId
The ID of the snapshot that is being created.
String name
The name of the delivery channel. By default, Config assigns the name "default" when creating the delivery channel. To change the delivery channel name, you must use the DeleteDeliveryChannel action to delete your current delivery channel, and then you must use the PutDeliveryChannel command to create a delivery channel that has the desired name.
String s3BucketName
The name of the Amazon S3 bucket to which Config delivers configuration snapshots and configuration history files.
If you specify a bucket that belongs to another Amazon Web Services account, that bucket must have policies that grant access permissions to Config. For more information, see Permissions for the Amazon S3 Bucket in the Config Developer Guide.
String s3KeyPrefix
The prefix for the specified Amazon S3 bucket.
String s3KmsKeyArn
The Amazon Resource Name (ARN) of the Key Management Service (KMS ) KMS key (KMS key) used to encrypt objects delivered by Config. Must belong to the same Region as the destination S3 bucket.
String snsTopicARN
The Amazon Resource Name (ARN) of the Amazon SNS topic to which Config sends notifications about configuration changes.
If you choose a topic from another account, the topic must have policies that grant access permissions to Config. For more information, see Permissions for the Amazon SNS Topic in the Config Developer Guide.
ConfigSnapshotDeliveryProperties configSnapshotDeliveryProperties
The options for how often Config delivers configuration snapshots to the Amazon S3 bucket.
String name
The name of the delivery channel.
ConfigExportDeliveryInfo configSnapshotDeliveryInfo
A list containing the status of the delivery of the snapshot to the specified Amazon S3 bucket.
ConfigExportDeliveryInfo configHistoryDeliveryInfo
A list that contains the status of the delivery of the configuration history to the specified Amazon S3 bucket.
ConfigStreamDeliveryInfo configStreamDeliveryInfo
A list containing the status of the delivery of the configuration stream notification to the specified Amazon SNS topic.
String configurationAggregatorName
The name of the configuration aggregator.
ConfigRuleComplianceFilters filters
Filters the results by ConfigRuleComplianceFilters object.
Integer limit
The maximum number of evaluation results returned on each page. The default is maximum. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> aggregateComplianceByConfigRules
Returns a list of AggregateComplianceByConfigRule object.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
String configurationAggregatorName
The name of the configuration aggregator.
AggregateConformancePackComplianceFilters filters
Filters the result by AggregateConformancePackComplianceFilters object.
Integer limit
The maximum number of conformance packs compliance details returned on each page. The default is maximum. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> aggregateComplianceByConformancePacks
Returns the AggregateComplianceByConformancePack object.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
Integer limit
The maximum number of AggregationAuthorizations returned on each page. The default is maximum. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> aggregationAuthorizations
Returns a list of authorizations granted to various aggregator accounts and regions.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> configRuleNames
Specify one or more Config rule names to filter the results by rule.
SdkInternalList<T> complianceTypes
Filters the results by compliance.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> complianceByConfigRules
Indicates whether each of the specified Config rules is compliant.
String nextToken
The string that you use in a subsequent request to get the next page of results in a paginated response.
String resourceType
The types of Amazon Web Services resources for which you want compliance information (for example,
AWS::EC2::Instance). For this action, you can specify that the resource type is an Amazon Web
Services account by specifying AWS::::Account.
String resourceId
The ID of the Amazon Web Services resource for which you want compliance information. You can specify only one
resource ID. If you specify a resource ID, you must also specify a type for ResourceType.
SdkInternalList<T> complianceTypes
Filters the results by compliance.
Integer limit
The maximum number of evaluation results returned on each page. The default is 10. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> complianceByResources
Indicates whether the specified Amazon Web Services resource complies with all of the Config rules that evaluate it.
String nextToken
The string that you use in a subsequent request to get the next page of results in a paginated response.
SdkInternalList<T> configRuleNames
The name of the Config managed rules for which you want status information. If you do not specify any names, Config returns status information for all Config managed rules that you use.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
Integer limit
The number of rule evaluation results that you want returned.
This parameter is required if the rule limit for your account is more than the default of 150 rules.
For information about requesting a rule limit increase, see Config Limits in the Amazon Web Services General Reference Guide.
SdkInternalList<T> configRulesEvaluationStatus
Status information about your Config managed rules.
String nextToken
The string that you use in a subsequent request to get the next page of results in a paginated response.
String evaluationMode
The mode of an evaluation. The valid values are Detective or Proactive.
SdkInternalList<T> configRuleNames
The names of the Config rules for which you want details. If you do not specify any names, Config returns details for all your rules.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
DescribeConfigRulesFilters filters
Returns a list of Detective or Proactive Config rules. By default, this API returns an unfiltered list. For more information on Detective or Proactive Config rules, see Evaluation Mode in the Config Developer Guide.
SdkInternalList<T> configRules
The details about your Config rules.
String nextToken
The string that you use in a subsequent request to get the next page of results in a paginated response.
String configurationAggregatorName
The name of the configuration aggregator.
SdkInternalList<T> updateStatus
Filters the status type.
Valid value FAILED indicates errors while moving data.
Valid value SUCCEEDED indicates the data was successfully moved.
Valid value OUTDATED indicates the data is not the most recent.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
Integer limit
The maximum number of AggregatorSourceStatus returned on each page. The default is maximum. If you specify 0, Config uses the default.
SdkInternalList<T> aggregatedSourceStatusList
Returns an AggregatedSourceStatus object.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> configurationAggregatorNames
The name of the configuration aggregators.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
Integer limit
The maximum number of configuration aggregators returned on each page. The default is maximum. If you specify 0, Config uses the default.
SdkInternalList<T> configurationAggregators
Returns a ConfigurationAggregators object.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> configurationRecorderNames
A list of configuration recorder names.
SdkInternalList<T> configurationRecorders
A list that contains the descriptions of the specified configuration recorders.
SdkInternalList<T> configurationRecorderNames
The name(s) of the configuration recorder. If the name is not specified, the action returns the current status of all the configuration recorders associated with the account.
SdkInternalList<T> configurationRecordersStatus
A list that contains status of the specified recorders.
String conformancePackName
Name of the conformance pack.
ConformancePackComplianceFilters filters
A ConformancePackComplianceFilters object.
Integer limit
The maximum number of Config rules within a conformance pack are returned on each page.
String nextToken
The nextToken string returned in a previous request that you use to request the next page of results
in a paginated response.
String conformancePackName
Name of the conformance pack.
SdkInternalList<T> conformancePackRuleComplianceList
Returns a list of ConformancePackRuleCompliance objects.
String nextToken
The nextToken string returned in a previous request that you use to request the next page of results
in a paginated response.
SdkInternalList<T> conformancePackNames
Comma-separated list of conformance pack names for which you want details. If you do not specify any names, Config returns details for all your conformance packs.
Integer limit
The maximum number of conformance packs returned on each page.
String nextToken
The nextToken string returned in a previous request that you use to request the next page of results
in a paginated response.
SdkInternalList<T> conformancePackDetails
Returns a list of ConformancePackDetail objects.
String nextToken
The nextToken string returned in a previous request that you use to request the next page of results
in a paginated response.
SdkInternalList<T> conformancePackNames
Comma-separated list of conformance pack names.
Integer limit
The maximum number of conformance packs status returned on each page.
String nextToken
The nextToken string returned in a previous request that you use to request the next page of results
in a paginated response.
SdkInternalList<T> conformancePackStatusDetails
A list of ConformancePackStatusDetail objects.
String nextToken
The nextToken string returned in a previous request that you use to request the next page of results
in a paginated response.
SdkInternalList<T> deliveryChannelNames
A list of delivery channel names.
SdkInternalList<T> deliveryChannels
A list that contains the descriptions of the specified delivery channel.
SdkInternalList<T> deliveryChannelNames
A list of delivery channel names.
SdkInternalList<T> deliveryChannelsStatus
A list that contains the status of a specified delivery channel.
SdkInternalList<T> organizationConfigRuleNames
The names of organization Config rules for which you want details. If you do not specify any names, Config returns details for all your organization Config rules.
Integer limit
The maximum number of organization Config rules returned on each page. If you do no specify a number, Config uses the default. The default is 100.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> organizationConfigRules
Returns a list of OrganizationConfigRule objects.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> organizationConfigRuleNames
The names of organization Config rules for which you want status details. If you do not specify any names, Config returns details for all your organization Config rules.
Integer limit
The maximum number of OrganizationConfigRuleStatuses returned on each page. If you do no specify a
number, Config uses the default. The default is 100.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> organizationConfigRuleStatuses
A list of OrganizationConfigRuleStatus objects.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> organizationConformancePackNames
The name that you assign to an organization conformance pack.
Integer limit
The maximum number of organization config packs returned on each page. If you do no specify a number, Config uses the default. The default is 100.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
SdkInternalList<T> organizationConformancePacks
Returns a list of OrganizationConformancePacks objects.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
SdkInternalList<T> organizationConformancePackNames
The names of organization conformance packs for which you want status details. If you do not specify any names, Config returns details for all your organization conformance packs.
Integer limit
The maximum number of OrganizationConformancePackStatuses returned on each page. If you do no specify a number, Config uses the default. The default is 100.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
SdkInternalList<T> organizationConformancePackStatuses
A list of OrganizationConformancePackStatus objects.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
SdkInternalList<T> pendingAggregationRequests
Returns a PendingAggregationRequests object.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> configRuleNames
A list of Config rule names of remediation configurations for which you want details.
SdkInternalList<T> remediationConfigurations
Returns a remediation configuration object.
String configRuleName
The name of the Config rule.
SdkInternalList<T> resourceKeys
An exception list of resource exception keys to be processed with the current request. Config adds exception for each resource key. For example, Config adds 3 exceptions for 3 resource keys.
Integer limit
The maximum number of RemediationExceptionResourceKey returned on each page. The default is 25. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned in a previous request that you use to request the next page of results
in a paginated response.
SdkInternalList<T> remediationExceptions
Returns a list of remediation exception objects.
String nextToken
The nextToken string returned in a previous request that you use to request the next page of results
in a paginated response.
String configRuleName
A list of Config rule names.
SdkInternalList<T> resourceKeys
A list of resource keys to be processed with the current request. Each element in the list consists of the resource type and resource ID.
Integer limit
The maximum number of RemediationExecutionStatuses returned on each page. The default is maximum. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> remediationExecutionStatuses
Returns a list of remediation execution statuses objects.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> retentionConfigurationNames
A list of names of retention configurations for which you want details. If you do not specify a name, Config returns details for all the retention configurations for that account.
Currently, Config supports only one retention configuration per region in your account.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> retentionConfigurations
Returns a retention configuration object.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
String complianceResourceType
The type of Amazon Web Services resource that was evaluated.
String complianceResourceId
The ID of the Amazon Web Services resource that was evaluated.
String complianceType
Indicates whether the Amazon Web Services resource complies with the Config rule that it was evaluated against.
For the Evaluation data type, Config supports only the COMPLIANT,
NON_COMPLIANT, and NOT_APPLICABLE values. Config does not support the
INSUFFICIENT_DATA value for this data type.
Similarly, Config does not accept INSUFFICIENT_DATA as the value for ComplianceType
from a PutEvaluations request. For example, an Lambda function for a custom Config rule cannot pass
an INSUFFICIENT_DATA value to Config.
String annotation
Supplementary information about how the evaluation determined the compliance.
Date orderingTimestamp
The time of the event in Config that triggered the evaluation. For event-based evaluations, the time indicates when Config created the configuration item that triggered the evaluation. For periodic evaluations, the time indicates when Config triggered the evaluation at the frequency that you specified (for example, every 24 hours).
String evaluationContextIdentifier
A unique EvaluationContextIdentifier ID for an EvaluationContext.
String mode
The mode of an evaluation. The valid values are Detective or Proactive.
EvaluationResultIdentifier evaluationResultIdentifier
Uniquely identifies the evaluation result.
String complianceType
Indicates whether the Amazon Web Services resource complies with the Config rule that evaluated it.
For the EvaluationResult data type, Config supports only the COMPLIANT,
NON_COMPLIANT, and NOT_APPLICABLE values. Config does not support the
INSUFFICIENT_DATA value for the EvaluationResult data type.
Date resultRecordedTime
The time when Config recorded the evaluation result.
Date configRuleInvokedTime
The time when the Config rule evaluated the Amazon Web Services resource.
String annotation
Supplementary information about how the evaluation determined the compliance.
String resultToken
An encrypted token that associates an evaluation with an Config rule. The token identifies the rule, the Amazon Web Services resource being evaluated, and the event that triggered the evaluation.
EvaluationResultQualifier evaluationResultQualifier
Identifies an Config rule used to evaluate an Amazon Web Services resource, and provides the type and ID of the evaluated resource.
Date orderingTimestamp
The time of the event that triggered the evaluation of your Amazon Web Services resources. The time can indicate when Config delivered a configuration item change notification, or it can indicate when Config delivered the configuration snapshot, depending on which event triggered the evaluation.
String resourceEvaluationId
A Unique ID for an evaluation result.
String configRuleName
The name of the Config rule that was used in the evaluation.
String resourceType
The type of Amazon Web Services resource that was evaluated.
String resourceId
The ID of the evaluated Amazon Web Services resource.
String evaluationMode
The mode of an evaluation. The valid values are Detective or Proactive.
SdkInternalList<T> resourceTypes
A comma-separated list of resource types to exclude from recording by the configuration recorder.
SsmControls ssmControls
A SsmControls object.
String complianceResourceType
The evaluated compliance resource type. Config accepts AWS::::Account resource type.
String complianceResourceId
The evaluated compliance resource ID. Config accepts only Amazon Web Services account ID.
String complianceType
The compliance of the Amazon Web Services resource. The valid values are COMPLIANT, NON_COMPLIANT,
and NOT_APPLICABLE.
String annotation
Supplementary information about the reason of compliance. For example, this task was completed on a specific date.
Date orderingTimestamp
The time when the compliance was recorded.
String failureMessage
Returns a failure message for delete remediation exception. For example, Config creates an exception due to an internal error.
SdkInternalList<T> failedItems
Returns remediation exception resource key object of the failed items.
String failureMessage
Returns a failure message. For example, the resource is already compliant.
SdkInternalList<T> failedItems
Returns remediation configurations of the failed items.
String failureMessage
Returns a failure message. For example, the auto-remediation has failed.
SdkInternalList<T> failedItems
Returns remediation exception resource key object of the failed items.
String name
Name of the field.
String configurationAggregatorName
The name of the configuration aggregator.
String configRuleName
The name of the Config rule for which you want compliance information.
String accountId
The 12-digit account ID of the source account.
String awsRegion
The source region from where the data is aggregated.
String complianceType
The resource compliance status.
For the GetAggregateComplianceDetailsByConfigRuleRequest data type, Config supports only the
COMPLIANT and NON_COMPLIANT. Config does not support the NOT_APPLICABLE
and INSUFFICIENT_DATA values.
Integer limit
The maximum number of evaluation results returned on each page. The default is 50. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> aggregateEvaluationResults
Returns an AggregateEvaluationResults object.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
String configurationAggregatorName
The name of the configuration aggregator.
ConfigRuleComplianceSummaryFilters filters
Filters the results based on the ConfigRuleComplianceSummaryFilters object.
String groupByKey
Groups the result based on ACCOUNT_ID or AWS_REGION.
Integer limit
The maximum number of evaluation results returned on each page. The default is 1000. You cannot specify a number greater than 1000. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
String groupByKey
Groups the result based on ACCOUNT_ID or AWS_REGION.
SdkInternalList<T> aggregateComplianceCounts
Returns a list of AggregateComplianceCounts object.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
String configurationAggregatorName
The name of the configuration aggregator.
AggregateConformancePackComplianceSummaryFilters filters
Filters the results based on the AggregateConformancePackComplianceSummaryFilters object.
String groupByKey
Groups the result based on Amazon Web Services account ID or Amazon Web Services Region.
Integer limit
The maximum number of results returned on each page. The default is maximum. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> aggregateConformancePackComplianceSummaries
Returns a list of AggregateConformancePackComplianceSummary object.
String groupByKey
Groups the result based on Amazon Web Services account ID or Amazon Web Services Region.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
String configurationAggregatorName
The name of the configuration aggregator.
ResourceCountFilters filters
Filters the results based on the ResourceCountFilters object.
String groupByKey
The key to group the resource counts.
Integer limit
The maximum number of GroupedResourceCount objects returned on each page. The default is 1000. You cannot specify a number greater than 1000. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
Long totalDiscoveredResources
The total number of resources that are present in an aggregator with the filters that you provide.
String groupByKey
The key passed into the request object. If GroupByKey is not provided, the result will be empty.
SdkInternalList<T> groupedResourceCounts
Returns a list of GroupedResourceCount objects.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
String configurationAggregatorName
The name of the configuration aggregator.
AggregateResourceIdentifier resourceIdentifier
An object that identifies aggregate resource.
ConfigurationItem configurationItem
Returns a ConfigurationItem object.
String configRuleName
The name of the Config rule for which you want compliance information.
SdkInternalList<T> complianceTypes
Filters the results by compliance.
INSUFFICIENT_DATA is a valid ComplianceType that is returned when an Config rule cannot
be evaluated. However, INSUFFICIENT_DATA cannot be used as a ComplianceType for
filtering results.
Integer limit
The maximum number of evaluation results returned on each page. The default is 10. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> evaluationResults
Indicates whether the Amazon Web Services resource complies with the specified Config rule.
String nextToken
The string that you use in a subsequent request to get the next page of results in a paginated response.
String resourceType
The type of the Amazon Web Services resource for which you want compliance information.
String resourceId
The ID of the Amazon Web Services resource for which you want compliance information.
SdkInternalList<T> complianceTypes
Filters the results by compliance.
INSUFFICIENT_DATA is a valid ComplianceType that is returned when an Config rule cannot
be evaluated. However, INSUFFICIENT_DATA cannot be used as a ComplianceType for
filtering results.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
String resourceEvaluationId
The unique ID of Amazon Web Services resource execution for which you want to retrieve evaluation results.
You need to only provide either a ResourceEvaluationID or a ResourceID and
ResourceType.
SdkInternalList<T> evaluationResults
Indicates whether the specified Amazon Web Services resource complies each Config rule.
String nextToken
The string that you use in a subsequent request to get the next page of results in a paginated response.
ComplianceSummary complianceSummary
The number of Config rules that are compliant and the number that are noncompliant, up to a maximum of 25 for each.
SdkInternalList<T> resourceTypes
Specify one or more resource types to get the number of resources that are compliant and the number that are noncompliant for each resource type.
For this request, you can specify an Amazon Web Services resource type such as AWS::EC2::Instance.
You can specify that the resource type is an Amazon Web Services account by specifying
AWS::::Account.
SdkInternalList<T> complianceSummariesByResourceType
The number of resources that are compliant and the number that are noncompliant. If one or more resource types were provided with the request, the numbers are returned for each resource type. The maximum number returned is 100.
String conformancePackName
Name of the conformance pack.
ConformancePackEvaluationFilters filters
A ConformancePackEvaluationFilters object.
Integer limit
The maximum number of evaluation results returned on each page. If you do no specify a number, Config uses the default. The default is 100.
String nextToken
The nextToken string returned in a previous request that you use to request the next page of results
in a paginated response.
String conformancePackName
Name of the conformance pack.
SdkInternalList<T> conformancePackRuleEvaluationResults
Returns a list of ConformancePackEvaluationResult objects.
String nextToken
The nextToken string returned in a previous request that you use to request the next page of results
in a paginated response.
SdkInternalList<T> conformancePackNames
Names of conformance packs.
Integer limit
The maximum number of conformance packs returned on each page.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
SdkInternalList<T> conformancePackComplianceSummaryList
A list of ConformancePackComplianceSummary objects.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
String configRuleName
The name of your Config Custom Policy rule.
String policyText
The policy definition containing the logic for your Config Custom Policy rule.
SdkInternalList<T> resourceTypes
The comma-separated list that specifies the resource types that you want Config to return (for example,
"AWS::EC2::Instance", "AWS::IAM::User").
If a value for resourceTypes is not specified, Config returns all resource types that Config is
recording in the region for your account.
If the configuration recorder is turned off, Config returns an empty list of ResourceCount objects. If the configuration recorder is not recording a specific resource type (for example, S3 buckets), that resource type is not returned in the list of ResourceCount objects.
Integer limit
The maximum number of ResourceCount objects returned on each page. The default is 100. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
Long totalDiscoveredResources
The total number of resources that Config is recording in the region for your account. If you specify resource types in the request, Config returns only the total number of resources for those resource types.
Example
Config is recording three resource types in the US East (Ohio) Region for your account: 25 EC2 instances, 20 IAM users, and 15 S3 buckets, for a total of 60 resources.
You make a call to the GetDiscoveredResourceCounts action and specify the resource type,
"AWS::EC2::Instances", in the request.
Config returns 25 for totalDiscoveredResources.
SdkInternalList<T> resourceCounts
The list of ResourceCount objects. Each object is listed in descending order by the number of
resources.
String nextToken
The string that you use in a subsequent request to get the next page of results in a paginated response.
String organizationConfigRuleName
The name of your organization Config rule for which you want status details for member accounts.
StatusDetailFilters filters
A StatusDetailFilters object.
Integer limit
The maximum number of OrganizationConfigRuleDetailedStatus returned on each page. If you do not
specify a number, Config uses the default. The default is 100.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> organizationConfigRuleDetailedStatus
A list of MemberAccountStatus objects.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
String organizationConformancePackName
The name of organization conformance pack for which you want status details for member accounts.
OrganizationResourceDetailedStatusFilters filters
An OrganizationResourceDetailedStatusFilters object.
Integer limit
The maximum number of OrganizationConformancePackDetailedStatuses returned on each page. If you do
not specify a number, Config uses the default. The default is 100.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
SdkInternalList<T> organizationConformancePackDetailedStatuses
A list of OrganizationConformancePackDetailedStatus objects.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
String organizationConfigRuleName
The name of your organization Config Custom Policy rule.
String policyText
The policy definition containing the logic for your organization Config Custom Policy rule.
String resourceType
The resource type.
String resourceId
The ID of the resource (for example., sg-xxxxxx).
Date laterTime
The time stamp that indicates a later time. If not specified, current time is taken.
Date earlierTime
The time stamp that indicates an earlier time. If not specified, the action returns paginated results that contain configuration items that start when the first configuration item was recorded.
String chronologicalOrder
The chronological order for configuration items listed. By default, the results are listed in reverse chronological order.
Integer limit
The maximum number of configuration items returned on each page. The default is 10. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> configurationItems
A list that contains the configuration history of one or more resources.
String nextToken
The string that you use in a subsequent request to get the next page of results in a paginated response.
String resourceEvaluationId
The unique ResourceEvaluationId of Amazon Web Services resource execution for which you want to
retrieve the evaluation summary.
String resourceEvaluationId
The unique ResourceEvaluationId of Amazon Web Services resource execution for which you want to
retrieve the evaluation summary.
String evaluationMode
Lists results of the mode that you requested to retrieve the resource evaluation summary. The valid values are Detective or Proactive.
EvaluationStatus evaluationStatus
Returns an EvaluationStatus object.
Date evaluationStartTimestamp
The start timestamp when Config rule starts evaluating compliance for the provided resource details.
String compliance
The compliance status of the resource evaluation summary.
EvaluationContext evaluationContext
Returns an EvaluationContext object.
ResourceDetails resourceDetails
Returns a ResourceDetails object.
String queryName
The name of the query.
StoredQuery storedQuery
Returns a StoredQuery object.
String configurationAggregatorName
The name of the configuration aggregator.
String resourceType
The type of resources that you want Config to list in the response.
ResourceFilters filters
Filters the results based on the ResourceFilters object.
Integer limit
The maximum number of resource identifiers returned on each page. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> resourceIdentifiers
Returns a list of ResourceIdentifiers objects.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
ConformancePackComplianceScoresFilters filters
Filters the results based on the ConformancePackComplianceScoresFilters.
String sortOrder
Determines the order in which conformance pack compliance scores are sorted. Either in ascending or descending order.
By default, conformance pack compliance scores are sorted in alphabetical order by name of the conformance pack.
Conformance pack compliance scores are sorted in reverse alphabetical order if you enter DESCENDING.
You can sort conformance pack compliance scores by the numerical value of the compliance score by entering
SCORE in the SortBy action. When compliance scores are sorted by SCORE,
conformance packs with a compliance score of INSUFFICIENT_DATA will be last when sorting by
ascending order and first when sorting by descending order.
String sortBy
Sorts your conformance pack compliance scores in either ascending or descending order, depending on
SortOrder.
By default, conformance pack compliance scores are sorted in alphabetical order by name of the conformance pack.
Enter SCORE, to sort conformance pack compliance scores by the numerical value of the compliance
score.
Integer limit
The maximum number of conformance pack compliance scores returned on each page.
String nextToken
The nextToken string in a prior request that you can use to get the paginated response for the next
set of conformance pack compliance scores.
String nextToken
The nextToken string that you can use to get the next page of results in a paginated response.
SdkInternalList<T> conformancePackComplianceScores
A list of ConformancePackComplianceScore objects.
String resourceType
The type of resources that you want Config to list in the response.
SdkInternalList<T> resourceIds
The IDs of only those resources that you want Config to list in the response. If you do not specify this parameter, Config lists all resources of the specified type that it has discovered. You can list a minimum of 1 resourceID and a maximum of 20 resourceIds.
String resourceName
The custom name of only those resources that you want Config to list in the response. If you do not specify this parameter, Config lists all resources of the specified type that it has discovered.
Integer limit
The maximum number of resource identifiers returned on each page. The default is 100. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
Boolean includeDeletedResources
Specifies whether Config includes deleted resources in the results. By default, deleted resources are not included.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> resourceIdentifiers
The details that identify a resource that is discovered by Config, including the resource type, ID, and (if available) the custom resource name.
String nextToken
The string that you use in a subsequent request to get the next page of results in a paginated response.
ResourceEvaluationFilters filters
Returns a ResourceEvaluationFilters object.
Integer limit
The maximum number of evaluations returned on each page. The default is 10. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> resourceEvaluations
Returns a ResourceEvaluations object.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> storedQueryMetadata
A list of StoredQueryMetadata objects.
String nextToken
If the previous paginated request didn't return all of the remaining results, the response object's
NextToken parameter value is set to a token. To retrieve the next set of results, call this action
again and assign that token to the request object's NextToken parameter. If there are no remaining
results, the previous response object's NextToken parameter is set to null.
String resourceArn
The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the supported
resources are ConfigRule, ConfigurationAggregator and
AggregatorAuthorization.
Integer limit
The maximum number of tags returned on each page. The limit maximum is 50. You cannot specify a number greater than 50. If you specify 0, Config uses the default.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
SdkInternalList<T> tags
The tags for the resource.
String nextToken
The nextToken string returned on a previous page that you use to get the next page of results in a
paginated response.
String accountId
The 12-digit account ID of a member account.
String configRuleName
The name of Config rule deployed in the member account.
String memberAccountRuleStatus
Indicates deployment status for Config rule in the member account. When management account calls
PutOrganizationConfigRule action for the first time, Config rule status is created in the member
account. When management account calls PutOrganizationConfigRule action for the second time, Config
rule status is updated in the member account. Config rule status is deleted when the management account deletes
OrganizationConfigRule and disables service access for
config-multiaccountsetup.amazonaws.com.
Config sets the state of the rule to:
CREATE_SUCCESSFUL when Config rule has been created in the member account.
CREATE_IN_PROGRESS when Config rule is being created in the member account.
CREATE_FAILED when Config rule creation has failed in the member account.
DELETE_FAILED when Config rule deletion has failed in the member account.
DELETE_IN_PROGRESS when Config rule is being deleted in the member account.
DELETE_SUCCESSFUL when Config rule has been deleted in the member account.
UPDATE_SUCCESSFUL when Config rule has been updated in the member account.
UPDATE_IN_PROGRESS when Config rule is being updated in the member account.
UPDATE_FAILED when Config rule deletion has failed in the member account.
String errorCode
An error code that is returned when Config rule creation or deletion failed in the member account.
String errorMessage
An error message indicating that Config rule account creation or deletion has failed due to an error in the member account.
Date lastUpdateTime
The timestamp of the last status update.
String roleArn
ARN of the IAM role used to retrieve Amazon Web Services Organization details associated with the aggregator account.
SdkInternalList<T> awsRegions
The source regions being aggregated.
Boolean allAwsRegions
If true, aggregate existing Config regions and future regions.
String organizationConfigRuleName
The name that you assign to organization Config rule.
String organizationConfigRuleArn
Amazon Resource Name (ARN) of organization Config rule.
OrganizationManagedRuleMetadata organizationManagedRuleMetadata
An OrganizationManagedRuleMetadata object.
OrganizationCustomRuleMetadata organizationCustomRuleMetadata
An OrganizationCustomRuleMetadata object.
SdkInternalList<T> excludedAccounts
A comma-separated list of accounts excluded from organization Config rule.
Date lastUpdateTime
The timestamp of the last update.
OrganizationCustomPolicyRuleMetadataNoPolicy organizationCustomPolicyRuleMetadata
An object that specifies metadata for your organization's Config Custom Policy rule. The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that initiate Config to evaluate Amazon Web Services resources against a rule.
String organizationConfigRuleName
The name that you assign to organization Config rule.
String organizationRuleStatus
Indicates deployment status of an organization Config rule. When management account calls
PutOrganizationConfigRule action for the first time, Config rule status is created in all the member accounts.
When management account calls PutOrganizationConfigRule action for the second time, Config rule status is updated
in all the member accounts. Additionally, Config rule status is updated when one or more member accounts join or
leave an organization. Config rule status is deleted when the management account deletes OrganizationConfigRule
in all the member accounts and disables service access for config-multiaccountsetup.amazonaws.com.
Config sets the state of the rule to:
CREATE_SUCCESSFUL when an organization Config rule has been successfully created in all the member
accounts.
CREATE_IN_PROGRESS when an organization Config rule creation is in progress.
CREATE_FAILED when an organization Config rule creation failed in one or more member accounts within
that organization.
DELETE_FAILED when an organization Config rule deletion failed in one or more member accounts within
that organization.
DELETE_IN_PROGRESS when an organization Config rule deletion is in progress.
DELETE_SUCCESSFUL when an organization Config rule has been successfully deleted from all the member
accounts.
UPDATE_SUCCESSFUL when an organization Config rule has been successfully updated in all the member
accounts.
UPDATE_IN_PROGRESS when an organization Config rule update is in progress.
UPDATE_FAILED when an organization Config rule update failed in one or more member accounts within
that organization.
String errorCode
An error code that is returned when organization Config rule creation or deletion has failed.
String errorMessage
An error message indicating that organization Config rule creation or deletion failed due to an error.
Date lastUpdateTime
The timestamp of the last update.
String organizationConformancePackName
The name you assign to an organization conformance pack.
String organizationConformancePackArn
Amazon Resource Name (ARN) of organization conformance pack.
String deliveryS3Bucket
The name of the Amazon S3 bucket where Config stores conformance pack templates.
This field is optional.
String deliveryS3KeyPrefix
Any folder structure you want to add to an Amazon S3 bucket.
This field is optional.
SdkInternalList<T> conformancePackInputParameters
A list of ConformancePackInputParameter objects.
SdkInternalList<T> excludedAccounts
A comma-separated list of accounts excluded from organization conformance pack.
Date lastUpdateTime
Last time when organization conformation pack was updated.
String accountId
The 12-digit account ID of a member account.
String conformancePackName
The name of conformance pack deployed in the member account.
String status
Indicates deployment status for conformance pack in a member account. When management account calls
PutOrganizationConformancePack action for the first time, conformance pack status is created in the
member account. When management account calls PutOrganizationConformancePack action for the second
time, conformance pack status is updated in the member account. Conformance pack status is deleted when the
management account deletes OrganizationConformancePack and disables service access for
config-multiaccountsetup.amazonaws.com.
Config sets the state of the conformance pack to:
CREATE_SUCCESSFUL when conformance pack has been created in the member account.
CREATE_IN_PROGRESS when conformance pack is being created in the member account.
CREATE_FAILED when conformance pack creation has failed in the member account.
DELETE_FAILED when conformance pack deletion has failed in the member account.
DELETE_IN_PROGRESS when conformance pack is being deleted in the member account.
DELETE_SUCCESSFUL when conformance pack has been deleted in the member account.
UPDATE_SUCCESSFUL when conformance pack has been updated in the member account.
UPDATE_IN_PROGRESS when conformance pack is being updated in the member account.
UPDATE_FAILED when conformance pack deletion has failed in the member account.
String errorCode
An error code that is returned when conformance pack creation or deletion failed in the member account.
String errorMessage
An error message indicating that conformance pack account creation or deletion has failed due to an error in the member account.
Date lastUpdateTime
The timestamp of the last status update.
String organizationConformancePackName
The name that you assign to organization conformance pack.
String status
Indicates deployment status of an organization conformance pack. When management account calls
PutOrganizationConformancePack for the first time, conformance pack status is created in all the member accounts.
When management account calls PutOrganizationConformancePack for the second time, conformance pack status is
updated in all the member accounts. Additionally, conformance pack status is updated when one or more member
accounts join or leave an organization. Conformance pack status is deleted when the management account deletes
OrganizationConformancePack in all the member accounts and disables service access for
config-multiaccountsetup.amazonaws.com.
Config sets the state of the conformance pack to:
CREATE_SUCCESSFUL when an organization conformance pack has been successfully created in all the
member accounts.
CREATE_IN_PROGRESS when an organization conformance pack creation is in progress.
CREATE_FAILED when an organization conformance pack creation failed in one or more member accounts
within that organization.
DELETE_FAILED when an organization conformance pack deletion failed in one or more member accounts
within that organization.
DELETE_IN_PROGRESS when an organization conformance pack deletion is in progress.
DELETE_SUCCESSFUL when an organization conformance pack has been successfully deleted from all the
member accounts.
UPDATE_SUCCESSFUL when an organization conformance pack has been successfully updated in all the
member accounts.
UPDATE_IN_PROGRESS when an organization conformance pack update is in progress.
UPDATE_FAILED when an organization conformance pack update failed in one or more member accounts
within that organization.
String errorCode
An error code that is returned when organization conformance pack creation or deletion has failed in a member account.
String errorMessage
An error message indicating that organization conformance pack creation or deletion failed due to an error.
Date lastUpdateTime
The timestamp of the last update.
String description
The description that you provide for your organization Config Custom Policy rule.
SdkInternalList<T> organizationConfigRuleTriggerTypes
The type of notification that initiates Config to run an evaluation for a rule. For Config Custom Policy rules, Config supports change-initiated notification types:
ConfigurationItemChangeNotification - Initiates an evaluation when Config delivers a configuration
item as a result of a resource change.
OversizedConfigurationItemChangeNotification - Initiates an evaluation when Config delivers an
oversized configuration item. Config may generate this notification type when a resource changes and the
notification exceeds the maximum size allowed by Amazon SNS.
String inputParameters
A string, in JSON format, that is passed to your organization Config Custom Policy rule.
String maximumExecutionFrequency
The maximum frequency with which Config runs evaluations for a rule. Your Config Custom Policy rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
SdkInternalList<T> resourceTypesScope
The type of the Amazon Web Services resource that was evaluated.
String resourceIdScope
The ID of the Amazon Web Services resource that was evaluated.
String tagKeyScope
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
String tagValueScope
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
String policyRuntime
The runtime system for your organization Config Custom Policy rules. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
String policyText
The policy definition containing the logic for your organization Config Custom Policy rule.
SdkInternalList<T> debugLogDeliveryAccounts
A list of accounts that you can enable debug logging for your organization Config Custom Policy rule. List is null when debug logging is enabled for all accounts.
String description
The description that you provide for your organization Config Custom Policy rule.
SdkInternalList<T> organizationConfigRuleTriggerTypes
The type of notification that triggers Config to run an evaluation for a rule. For Config Custom Policy rules, Config supports change triggered notification types:
ConfigurationItemChangeNotification - Triggers an evaluation when Config delivers a configuration
item as a result of a resource change.
OversizedConfigurationItemChangeNotification - Triggers an evaluation when Config delivers an
oversized configuration item. Config may generate this notification type when a resource changes and the
notification exceeds the maximum size allowed by Amazon SNS.
String inputParameters
A string, in JSON format, that is passed to your organization Config Custom Policy rule.
String maximumExecutionFrequency
The maximum frequency with which Config runs evaluations for a rule. Your Config Custom Policy rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
SdkInternalList<T> resourceTypesScope
The type of the Amazon Web Services resource that was evaluated.
String resourceIdScope
The ID of the Amazon Web Services resource that was evaluated.
String tagKeyScope
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
String tagValueScope
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
String policyRuntime
The runtime system for your organization Config Custom Policy rules. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
SdkInternalList<T> debugLogDeliveryAccounts
A list of accounts that you can enable debug logging for your organization Config Custom Policy rule. List is null when debug logging is enabled for all accounts.
String description
The description that you provide for your organization Config rule.
String lambdaFunctionArn
The lambda function ARN.
SdkInternalList<T> organizationConfigRuleTriggerTypes
The type of notification that triggers Config to run an evaluation for a rule. You can specify the following notification types:
ConfigurationItemChangeNotification - Triggers an evaluation when Config delivers a configuration
item as a result of a resource change.
OversizedConfigurationItemChangeNotification - Triggers an evaluation when Config delivers an
oversized configuration item. Config may generate this notification type when a resource changes and the
notification exceeds the maximum size allowed by Amazon SNS.
ScheduledNotification - Triggers a periodic evaluation at the frequency specified for
MaximumExecutionFrequency.
String inputParameters
A string, in JSON format, that is passed to your organization Config rule Lambda function.
String maximumExecutionFrequency
The maximum frequency with which Config runs evaluations for a rule. Your custom rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid
value for the MaximumExecutionFrequency parameter.
SdkInternalList<T> resourceTypesScope
The type of the Amazon Web Services resource that was evaluated.
String resourceIdScope
The ID of the Amazon Web Services resource that was evaluated.
String tagKeyScope
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
String tagValueScope
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
String description
The description that you provide for your organization Config rule.
String ruleIdentifier
For organization config managed rules, a predefined identifier from a list. For example,
IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see Using
Config managed rules.
String inputParameters
A string, in JSON format, that is passed to your organization Config rule Lambda function.
String maximumExecutionFrequency
The maximum frequency with which Config runs evaluations for a rule. This is for an Config managed rule that is triggered at a periodic frequency.
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid
value for the MaximumExecutionFrequency parameter.
SdkInternalList<T> resourceTypesScope
The type of the Amazon Web Services resource that was evaluated.
String resourceIdScope
The ID of the Amazon Web Services resource that was evaluated.
String tagKeyScope
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
String tagValueScope
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
String accountId
The 12-digit account ID of the member account within an organization.
String status
Indicates deployment status for conformance pack in a member account. When management account calls
PutOrganizationConformancePack action for the first time, conformance pack status is created in the
member account. When management account calls PutOrganizationConformancePack action for the second
time, conformance pack status is updated in the member account. Conformance pack status is deleted when the
management account deletes OrganizationConformancePack and disables service access for
config-multiaccountsetup.amazonaws.com.
Config sets the state of the conformance pack to:
CREATE_SUCCESSFUL when conformance pack has been created in the member account.
CREATE_IN_PROGRESS when conformance pack is being created in the member account.
CREATE_FAILED when conformance pack creation has failed in the member account.
DELETE_FAILED when conformance pack deletion has failed in the member account.
DELETE_IN_PROGRESS when conformance pack is being deleted in the member account.
DELETE_SUCCESSFUL when conformance pack has been deleted in the member account.
UPDATE_SUCCESSFUL when conformance pack has been updated in the member account.
UPDATE_IN_PROGRESS when conformance pack is being updated in the member account.
UPDATE_FAILED when conformance pack deletion has failed in the member account.
String authorizedAccountId
The 12-digit account ID of the account authorized to aggregate data.
String authorizedAwsRegion
The region authorized to collect aggregated data.
SdkInternalList<T> tags
An array of tag object.
AggregationAuthorization aggregationAuthorization
Returns an AggregationAuthorization object.
ConfigRule configRule
The rule that you want to add to your account.
SdkInternalList<T> tags
An array of tag object.
String configurationAggregatorName
The name of the configuration aggregator.
SdkInternalList<T> accountAggregationSources
A list of AccountAggregationSource object.
OrganizationAggregationSource organizationAggregationSource
An OrganizationAggregationSource object.
SdkInternalList<T> tags
An array of tag object.
ConfigurationAggregator configurationAggregator
Returns a ConfigurationAggregator object.
ConfigurationRecorder configurationRecorder
An object for the configuration recorder to record configuration changes for specified resource types.
String conformancePackName
The unique name of the conformance pack you want to deploy.
String templateS3Uri
The location of the file containing the template body (s3://bucketname/prefix). The uri must point
to a conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket in the same Region as
the conformance pack.
You must have access to read Amazon S3 bucket.
String templateBody
A string containing the full conformance pack template body. The structure containing the template body has a minimum length of 1 byte and a maximum length of 51,200 bytes.
You can use a YAML template with two resource types: Config rule (AWS::Config::ConfigRule) and
remediation action (AWS::Config::RemediationConfiguration).
String deliveryS3Bucket
The name of the Amazon S3 bucket where Config stores conformance pack templates.
This field is optional.
String deliveryS3KeyPrefix
The prefix for the Amazon S3 bucket.
This field is optional.
SdkInternalList<T> conformancePackInputParameters
A list of ConformancePackInputParameter objects.
TemplateSSMDocumentDetails templateSSMDocumentDetails
An object of type TemplateSSMDocumentDetails, which contains the name or the Amazon Resource Name
(ARN) of the Amazon Web Services Systems Manager document (SSM document) and the version of the SSM document that
is used to create a conformance pack.
String conformancePackArn
ARN of the conformance pack.
DeliveryChannel deliveryChannel
The configuration delivery channel object that delivers the configuration information to an Amazon S3 bucket and to an Amazon SNS topic.
SdkInternalList<T> evaluations
The assessments that the Lambda function performs. Each evaluation identifies an Amazon Web Services resource and indicates whether it complies with the Config rule that invokes the Lambda function.
String resultToken
An encrypted token that associates an evaluation with an Config rule. Identifies the rule and the event that triggered the evaluation.
Boolean testMode
Use this parameter to specify a test run for PutEvaluations. You can verify whether your Lambda
function will deliver evaluation results to Config. No updates occur to your existing evaluations, and evaluation
results are not sent to Config.
When TestMode is true, PutEvaluations doesn't require a valid value for
the ResultToken parameter, but the value cannot be null.
SdkInternalList<T> failedEvaluations
Requests that failed because of a client or server error.
String configRuleName
The name of the Config rule.
ExternalEvaluation externalEvaluation
An ExternalEvaluation object that provides details about compliance.
String organizationConfigRuleName
The name that you assign to an organization Config rule.
OrganizationManagedRuleMetadata organizationManagedRuleMetadata
An OrganizationManagedRuleMetadata object. This object specifies organization managed rule metadata
such as resource type and ID of Amazon Web Services resource along with the rule identifier. It also provides the
frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
OrganizationCustomRuleMetadata organizationCustomRuleMetadata
An OrganizationCustomRuleMetadata object. This object specifies organization custom rule metadata
such as resource type, resource ID of Amazon Web Services resource, Lambda function ARN, and organization trigger
types that trigger Config to evaluate your Amazon Web Services resources against a rule. It also provides the
frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
SdkInternalList<T> excludedAccounts
A comma-separated list of accounts that you want to exclude from an organization Config rule.
OrganizationCustomPolicyRuleMetadata organizationCustomPolicyRuleMetadata
An OrganizationCustomPolicyRuleMetadata object. This object specifies metadata for your
organization's Config Custom Policy rule. The metadata includes the runtime system in use, which accounts have
debug logging enabled, and other custom rule metadata, such as resource type, resource ID of Amazon Web Services
resource, and organization trigger types that initiate Config to evaluate Amazon Web Services resources against a
rule.
String organizationConfigRuleArn
The Amazon Resource Name (ARN) of an organization Config rule.
String organizationConformancePackName
Name of the organization conformance pack you want to create.
String templateS3Uri
Location of file containing the template body. The uri must point to the conformance pack template (max size: 300 KB).
You must have access to read Amazon S3 bucket.
String templateBody
A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
String deliveryS3Bucket
The name of the Amazon S3 bucket where Config stores conformance pack templates.
This field is optional. If used, it must be prefixed with awsconfigconforms.
String deliveryS3KeyPrefix
The prefix for the Amazon S3 bucket.
This field is optional.
SdkInternalList<T> conformancePackInputParameters
A list of ConformancePackInputParameter objects.
SdkInternalList<T> excludedAccounts
A list of Amazon Web Services accounts to be excluded from an organization conformance pack while deploying a conformance pack.
String organizationConformancePackArn
ARN of the organization conformance pack.
SdkInternalList<T> remediationConfigurations
A list of remediation configuration objects.
SdkInternalList<T> failedBatches
Returns a list of failed remediation batch objects.
String configRuleName
The name of the Config rule for which you want to create remediation exception.
SdkInternalList<T> resourceKeys
An exception list of resource exception keys to be processed with the current request. Config adds exception for each resource key. For example, Config adds 3 exceptions for 3 resource keys.
String message
The message contains an explanation of the exception.
Date expirationTime
The exception is automatically deleted after the expiration date.
SdkInternalList<T> failedBatches
Returns a list of failed remediation exceptions batch objects. Each object in the batch consists of a list of failed items and failure messages.
String resourceType
The type of the resource. The custom resource type must be registered with CloudFormation.
You cannot use the organization names “amzn”, “amazon”, “alexa”, “custom” with custom resource types. It is the first part of the ResourceType up to the first ::.
String schemaVersionId
Version of the schema registered for the ResourceType in CloudFormation.
String resourceId
Unique identifier of the resource.
String resourceName
Name of the resource.
String configuration
The configuration object of the resource in valid JSON format. It must match the schema registered with CloudFormation.
The configuration JSON must not exceed 64 KB.
Map<K,V> tags
Tags associated with the resource.
This field is not to be confused with the Amazon Web Services-wide tag feature for Amazon Web Services resources.
Tags for PutResourceConfig are tags that you supply for the configuration items of your custom
resources.
Integer retentionPeriodInDays
Number of days Config stores your historical information.
Currently, only applicable to the configuration item history.
RetentionConfiguration retentionConfiguration
Returns a retention configuration object.
StoredQuery storedQuery
A list of StoredQuery objects. The mandatory fields are QueryName and
Expression.
When you are creating a query, you must provide a query name and an expression. When you are updating a query, you must provide a query name but updating the description is optional.
SdkInternalList<T> tags
A list of Tags object.
String queryArn
Amazon Resource Name (ARN) of the query. For example, arn:partition:service:region:account-id:resource-type/resource-name/resource-id.
SdkInternalList<T> selectFields
Returns a FieldInfo object.
Boolean allSupported
Specifies whether Config records configuration changes for all supported regional resource types.
If you set this field to true, when Config adds support for a new type of regional resource, Config
starts recording resources of that type automatically.
If you set this field to true, you cannot enumerate specific resource types to record in the
resourceTypes field of RecordingGroup, or to
exclude in the resourceTypes field of ExclusionByResourceTypes.
Boolean includeGlobalResourceTypes
Specifies whether Config records configuration changes for all supported global resources.
Before you set this field to true, set the allSupported field of RecordingGroup to
true. Optionally, you can set the useOnly field of RecordingStrategy to
ALL_SUPPORTED_RESOURCE_TYPES.
If you set this field to true, when Config adds support for a new type of global resource in the
Region where you set up the configuration recorder, Config starts recording resources of that type automatically.
If you set this field to false but list global resource types in the resourceTypes
field of RecordingGroup, Config
will still record configuration changes for those specified resource types regardless of if you set the
includeGlobalResourceTypes field to false.
If you do not want to record configuration changes to global resource types, make sure to not list them in the
resourceTypes field in addition to setting the includeGlobalResourceTypes field to
false.
SdkInternalList<T> resourceTypes
A comma-separated list that specifies which resource types Config records.
Optionally, you can set the useOnly field of RecordingStrategy to
INCLUSION_BY_RESOURCE_TYPES.
To record all configuration changes, set the allSupported field of RecordingGroup to
true, and either omit this field or don't specify any resource types in this field. If you set the
allSupported field to false and specify values for resourceTypes, when
Config adds support for a new type of resource, it will not record resources of that type unless you manually add
that type to your recording group.
For a list of valid resourceTypes values, see the Resource Type Value column in Supported Amazon Web Services resource Types in the Config developer guide.
Region Availability
Before specifying a resource type for Config to track, check Resource Coverage by Region Availability to see if the resource type is supported in the Amazon Web Services Region where you set up Config. If a resource type is supported by Config in at least one Region, you can enable the recording of that resource type in all Regions supported by Config, even if the specified resource type is not supported in the Amazon Web Services Region where you set up Config.
ExclusionByResourceTypes exclusionByResourceTypes
An object that specifies how Config excludes resource types from being recorded by the configuration recorder.
To use this option, you must set the useOnly field of RecordingStrategy to
EXCLUSION_BY_RESOURCE_TYPES.
RecordingStrategy recordingStrategy
An object that specifies the recording strategy for the configuration recorder.
If you set the useOnly field of RecordingStrategy to
ALL_SUPPORTED_RESOURCE_TYPES, Config records configuration changes for all supported regional
resource types. You also must set the allSupported field of RecordingGroup to
true. When Config adds support for a new type of regional resource, Config automatically starts
recording resources of that type.
If you set the useOnly field of RecordingStrategy to
INCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for only the resource types you
specify in the resourceTypes field of RecordingGroup.
If you set the useOnly field of RecordingStrategy to
EXCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for all supported resource types
except the resource types that you specify as exemptions to exclude from being recorded in the
resourceTypes field of ExclusionByResourceTypes.
The recordingStrategy field is optional when you set the allSupported field of RecordingGroup to
true.
The recordingStrategy field is optional when you list resource types in the
resourceTypes field of RecordingGroup.
The recordingStrategy field is required if you list resource types to exclude from recording in the
resourceTypes field of ExclusionByResourceTypes.
If you choose EXCLUSION_BY_RESOURCE_TYPES for the recording strategy, the
exclusionByResourceTypes field will override other properties in the request.
For example, even if you set includeGlobalResourceTypes to false, global resource types will still
be automatically recorded in this option unless those resource types are specifically listed as exemptions in the
resourceTypes field of exclusionByResourceTypes.
By default, if you choose the EXCLUSION_BY_RESOURCE_TYPES recording strategy, when Config adds
support for a new resource type in the Region where you set up the configuration recorder, including global
resource types, Config starts recording resources of that type automatically.
String useOnly
The recording strategy for the configuration recorder.
If you set this option to ALL_SUPPORTED_RESOURCE_TYPES, Config records configuration changes for all
supported regional resource types. You also must set the allSupported field of RecordingGroup to
true.
When Config adds support for a new type of regional resource, Config automatically starts recording resources of that type. For a list of supported resource types, see Supported Resource Types in the Config developer guide.
If you set this option to INCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for only
the resource types that you specify in the resourceTypes field of RecordingGroup.
If you set this option to EXCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for all
supported resource types, except the resource types that you specify as exemptions to exclude from being recorded
in the resourceTypes field of ExclusionByResourceTypes.
The recordingStrategy field is optional when you set the allSupported field of RecordingGroup to
true.
The recordingStrategy field is optional when you list resource types in the
resourceTypes field of RecordingGroup.
The recordingStrategy field is required if you list resource types to exclude from recording in the
resourceTypes field of ExclusionByResourceTypes.
If you choose EXCLUSION_BY_RESOURCE_TYPES for the recording strategy, the
exclusionByResourceTypes field will override other properties in the request.
For example, even if you set includeGlobalResourceTypes to false, global resource types will still
be automatically recorded in this option unless those resource types are specifically listed as exemptions in the
resourceTypes field of exclusionByResourceTypes.
By default, if you choose the EXCLUSION_BY_RESOURCE_TYPES recording strategy, when Config adds
support for a new resource type in the Region where you set up the configuration recorder, including global
resource types, Config starts recording resources of that type automatically.
String resourceType
The resource type of the related resource.
String resourceId
The ID of the related resource (for example, sg-xxxxxx).
String resourceName
The custom name of the related resource, if available.
String relationshipName
The type of relationship with the related resource.
String configRuleName
The name of the Config rule.
String targetType
The type of the target. Target executes remediation. For example, SSM document.
String targetId
Target ID is the name of the SSM document.
String targetVersion
Version of the target. For example, version of the SSM document.
If you make backward incompatible changes to the SSM document, you must call PutRemediationConfiguration API again to ensure the remediations can run.
Map<K,V> parameters
An object of the RemediationParameterValue.
String resourceType
The type of a resource.
Boolean automatic
The remediation is triggered automatically.
ExecutionControls executionControls
An ExecutionControls object.
Integer maximumAutomaticAttempts
The maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
For example, if you specify MaximumAutomaticAttempts as 5 with RetryAttemptSeconds as 50 seconds, Config will put a RemediationException on your behalf for the failing resource after the 5th failed attempt within 50 seconds.
Long retryAttemptSeconds
Maximum time in seconds that Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
For example, if you specify RetryAttemptSeconds as 50 seconds and MaximumAutomaticAttempts as 5, Config will run auto-remediations 5 times within 50 seconds before throwing an exception.
String arn
Amazon Resource Name (ARN) of remediation configuration.
String createdByService
Name of the service that owns the service-linked rule, if applicable.
String configRuleName
The name of the Config rule.
String resourceType
The type of a resource.
String resourceId
The ID of the resource (for example., sg-xxxxxx).
String message
An explanation of an remediation exception.
Date expirationTime
The time when the remediation exception will be deleted.
ResourceKey resourceKey
String state
ENUM of the values.
SdkInternalList<T> stepDetails
Details of every step.
Date invocationTime
Start time when the remediation was executed.
Date lastUpdatedTime
The time when the remediation execution was last updated.
ResourceValue resourceValue
The value is dynamic and changes at run-time.
StaticValue staticValue
The value is static and does not change at run-time.
String resourceId
A unique resource ID for an evaluation.
String resourceType
The type of resource being evaluated.
String resourceConfiguration
The resource definition to be evaluated as per the resource configuration schema type.
String resourceConfigurationSchemaType
The schema type of the resource configuration.
You can find the Resource type
schema, or CFN_RESOURCE_SCHEMA, in "Amazon Web Services public extensions" within the
CloudFormation registry or with the following CLI commmand:
aws cloudformation describe-type --type-name "AWS::S3::Bucket" --type RESOURCE.
For more information, see Managing extensions through the CloudFormation registry and Amazon Web Services resource and property types reference in the CloudFormation User Guide.
String evaluationMode
Filters all resource evaluations results based on an evaluation mode. the valid value for this API is
Proactive.
TimeWindow timeWindow
Returns a TimeWindow object.
String evaluationContextIdentifier
Filters evaluations for a given infrastructure deployment. For example: CFN Stack.
String resourceType
The type of resource.
String resourceId
The ID of the resource (for example, sg-xxxxxx).
String resourceName
The custom name of the resource (if available).
Date resourceDeletionTime
The time that the resource was deleted.
String value
The value is a resource ID.
SdkInternalList<T> complianceResourceTypes
The resource types of only those Amazon Web Services resources that you want to trigger an evaluation for the
rule. You can only specify one type if you also specify a resource ID for ComplianceResourceId.
String tagKey
The tag key that is applied to only those Amazon Web Services resources that you want to trigger an evaluation for the rule.
String tagValue
The tag value applied to only those Amazon Web Services resources that you want to trigger an evaluation for the
rule. If you specify a value for TagValue, you must also specify a value for TagKey.
String complianceResourceId
The ID of the only Amazon Web Services resource that you want to trigger an evaluation for the rule. If you
specify a resource ID, you must specify one resource type for ComplianceResourceTypes.
String expression
The SQL query SELECT command.
String configurationAggregatorName
The name of the configuration aggregator.
Integer limit
The maximum number of query results returned on each page.
Integer maxResults
The maximum number of query results returned on each page. Config also allows the Limit request parameter.
String nextToken
The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
SdkInternalList<T> results
Returns the results for the SQL query.
QueryInfo queryInfo
String nextToken
The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
SdkInternalList<T> results
Returns the results for the SQL query.
QueryInfo queryInfo
Returns the QueryInfo object.
String nextToken
The nextToken string returned in a previous request that you use to request the next page of results
in a paginated response.
String owner
Indicates whether Amazon Web Services or the customer owns and manages the Config rule.
Config Managed Rules are predefined rules owned by Amazon Web Services. For more information, see Config Managed Rules in the Config developer guide.
Config Custom Rules are rules that you can develop either with Guard (CUSTOM_POLICY) or Lambda (
CUSTOM_LAMBDA). For more information, see Config Custom
Rules in the Config developer guide.
String sourceIdentifier
For Config Managed rules, a predefined identifier from a list. For example, IAM_PASSWORD_POLICY is a
managed rule. To reference a managed rule, see List of Config
Managed Rules.
For Config Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's Lambda function,
such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name.
For Config Custom Policy rules, this field will be ignored.
SdkInternalList<T> sourceDetails
Provides the source and the message types that cause Config to evaluate your Amazon Web Services resources against a rule. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
If the owner is set to CUSTOM_POLICY, the only acceptable values for the Config rule trigger message
type are ConfigurationItemChangeNotification and
OversizedConfigurationItemChangeNotification.
CustomPolicyDetails customPolicyDetails
Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set
to CUSTOM_POLICY.
String eventSource
The source of the event, such as an Amazon Web Services service, that triggers Config to evaluate your Amazon Web Services resources.
String messageType
The type of notification that triggers Config to run an evaluation for a rule. You can specify the following notification types:
ConfigurationItemChangeNotification - Triggers an evaluation when Config delivers a configuration
item as a result of a resource change.
OversizedConfigurationItemChangeNotification - Triggers an evaluation when Config delivers an
oversized configuration item. Config may generate this notification type when a resource changes and the
notification exceeds the maximum size allowed by Amazon SNS.
ScheduledNotification - Triggers a periodic evaluation at the frequency specified for
MaximumExecutionFrequency.
ConfigurationSnapshotDeliveryCompleted - Triggers a periodic evaluation when Config delivers a
configuration snapshot.
If you want your custom rule to be triggered by configuration changes, specify two SourceDetail objects, one for
ConfigurationItemChangeNotification and one for
OversizedConfigurationItemChangeNotification.
String maximumExecutionFrequency
The frequency at which you want Config to run evaluations for a custom rule with a periodic trigger. If you
specify a value for MaximumExecutionFrequency, then MessageType must use the
ScheduledNotification value.
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid
value for the MaximumExecutionFrequency parameter.
Based on the valid value you choose, Config runs evaluations once for each valid value. For example, if you
choose Three_Hours, Config runs evaluations once every three hours. In this case,
Three_Hours is the frequency of this rule.
Integer concurrentExecutionRatePercentage
The maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. You can specify a percentage, such as 10%. The default value is 10.
Integer errorPercentage
The percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. You can specify a percentage of errors, for example 10%. If you do not specifiy a percentage, the default is 50%. For example, if you set the ErrorPercentage to 40% for 10 non-compliant resources, then SSM stops running the automations when the fifth error is received.
SdkInternalList<T> configRuleNames
The list of names of Config rules that you want to run evaluations for.
String configurationRecorderName
The name of the recorder object that records each configuration change made to the resources.
String configRuleName
The list of names of Config rules that you want to run remediation execution for.
SdkInternalList<T> resourceKeys
A list of resource keys to be processed with the current request. Each element in the list consists of the resource type and resource ID.
String failureMessage
Returns a failure message. For example, the resource is already compliant.
SdkInternalList<T> failedItems
For resources that have failed to start execution, the API returns a resource key object.
ResourceDetails resourceDetails
Returns a ResourceDetails object.
EvaluationContext evaluationContext
Returns an EvaluationContext object.
String evaluationMode
The mode of an evaluation. The valid values for this API are DETECTIVE and PROACTIVE.
Integer evaluationTimeout
The timeout for an evaluation. The default is 900 seconds. You cannot specify a number greater than 3600. If you specify 0, Config uses the default.
String clientToken
A client token is a unique, case-sensitive string of up to 64 ASCII characters. To make an idempotent API request using one of these actions, specify a client token in the request.
Avoid reusing the same client token for other API requests. If you retry a request that completed successfully using the same client token and the same parameters, the retry succeeds without performing any further actions. If you retry a successful request using the same client token, but one or more of the parameters are different, other than the Region or Availability Zone, the retry fails with an IdempotentParameterMismatch error.
String resourceEvaluationId
A unique ResourceEvaluationId that is associated with a single execution.
SdkInternalList<T> values
A list of values. For example, the ARN of the assumed role.
String accountId
The 12-digit account ID of the member account within an organization.
String memberAccountRuleStatus
Indicates deployment status for Config rule in the member account. When management account calls
PutOrganizationConfigRule action for the first time, Config rule status is created in the member
account. When management account calls PutOrganizationConfigRule action for the second time, Config
rule status is updated in the member account. Config rule status is deleted when the management account deletes
OrganizationConfigRule and disables service access for
config-multiaccountsetup.amazonaws.com.
Config sets the state of the rule to:
CREATE_SUCCESSFUL when Config rule has been created in the member account.
CREATE_IN_PROGRESS when Config rule is being created in the member account.
CREATE_FAILED when Config rule creation has failed in the member account.
DELETE_FAILED when Config rule deletion has failed in the member account.
DELETE_IN_PROGRESS when Config rule is being deleted in the member account.
DELETE_SUCCESSFUL when Config rule has been deleted in the member account.
UPDATE_SUCCESSFUL when Config rule has been updated in the member account.
UPDATE_IN_PROGRESS when Config rule is being updated in the member account.
UPDATE_FAILED when Config rule deletion has failed in the member account.
String configurationRecorderName
The name of the recorder object that records each configuration change made to the resources.
String queryId
The ID of the query.
String queryArn
Amazon Resource Name (ARN) of the query. For example, arn:partition:service:region:account-id:resource-type/resource-name/resource-id.
String queryName
The name of the query.
String description
A unique description for the query.
String expression
The expression of the query. For example,
SELECT resourceId, resourceType, supplementaryConfiguration.BucketVersioningConfiguration.status WHERE resourceType = 'AWS::S3::Bucket' AND supplementaryConfiguration.BucketVersioningConfiguration.status = 'Off'.
String queryId
The ID of the query.
String queryArn
Amazon Resource Name (ARN) of the query. For example, arn:partition:service:region:account-id:resource-type/resource-name/resource-id.
String queryName
The name of the query.
String description
A unique description for the query.
String resourceArn
The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the supported
resources are ConfigRule, ConfigurationAggregator and
AggregatorAuthorization.
SdkInternalList<T> tags
An array of tag object.
String documentName
The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack. If you use the document name, Config checks only your account and Amazon Web Services Region for the SSM document. If you want to use an SSM document from another Region or account, you must provide the ARN.
String documentVersion
The version of the SSM document to use to create a conformance pack. By default, Config uses the latest version.
This field is optional.
String resourceArn
The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the supported
resources are ConfigRule, ConfigurationAggregator and
AggregatorAuthorization.
SdkInternalList<T> tagKeys
The keys of the tags to be removed.
Copyright © 2023. All rights reserved.