Package-level declarations
Types
A collection of accounts and regions.
Indicates whether an Config rule is compliant based on account ID, region, compliance, and rule name.
Provides aggregate compliance of the conformance pack. Indicates whether a conformance pack is compliant based on the name of the conformance pack, account ID, and region.
Returns the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator.
Provides the number of compliant and noncompliant rules within a conformance pack. Also provides the compliance status of the conformance pack and the total rule count which includes compliant rules, noncompliant rules, and rules that cannot be evaluated due to insufficient data.
The number of conformance packs that are compliant and noncompliant.
Filters the conformance packs based on an account ID, region, compliance type, and the name of the conformance pack.
Provides a summary of compliance based on either account ID or region.
Filters the results based on account ID and region.
The current sync status between the source and the aggregator account.
The details of an Config evaluation for an account ID and region in an aggregator. Provides the Amazon Web Services resource that was evaluated, the compliance of the resource, related time stamps, and supplementary information.
The details that identify a resource that is collected by Config aggregator, including the resource type, ID, (if available) the custom resource name, the source account, and source region.
An object that represents the authorizations granted to aggregator accounts and regions.
The detailed configurations of a specified resource.
Indicates whether an Amazon Web Services resource or Config rule is compliant and provides the number of contributors that affect the compliance.
Indicates whether an Config rule is compliant. A rule is compliant if all of the resources that the rule evaluated comply with it. A rule is noncompliant if any of these resources do not comply.
Indicates whether an Amazon Web Services resource that is evaluated according to one or more Config rules is compliant. A resource is compliant if it complies with all of the rules that evaluate it. A resource is noncompliant if it does not comply with one or more of these rules.
The number of Amazon Web Services resources or Config rules responsible for the current compliance of the item, up to a maximum number.
The number of Config rules or Amazon Web Services resources that are compliant and noncompliant.
The number of Amazon Web Services resources of a specific type that are compliant or noncompliant, up to a maximum of 100 for each.
Base class for all service related exceptions thrown by the Config client
Provides status of the delivery of the snapshot or the configuration history to the specified Amazon S3 bucket. Also provides the status of notifications about the Amazon S3 delivery to the specified Amazon SNS topic.
Config rules evaluate the configuration settings of your Amazon Web Services resources. A rule can run when Config detects a configuration change to an Amazon Web Services resource or at a periodic frequency that you choose (for example, every 24 hours). There are two types of rules: Config Managed Rules and Config Custom Rules.
Filters the compliance results based on account ID, region, compliance type, and rule name.
Filters the results based on the account IDs and regions.
Status information for your Config Managed rules and Config Custom Policy rules. The status includes information such as the last time the rule ran, the last time it failed, and the related error for the last failure.
Provides options for how often Config delivers configuration snapshots to the Amazon S3 bucket in your delivery channel.
A list that contains the status of the delivery of the configuration stream notification to the Amazon SNS topic.
The details about the configuration aggregator, including information about source accounts, regions, and metadata of the aggregator.
A list that contains detailed configurations of a specified resource.
The current status of the configuration recorder.
Filters the conformance pack by compliance types and Config rule names.
A compliance score is the percentage of the number of compliant rule-resource combinations in a conformance pack compared to the number of total possible rule-resource combinations in the conformance pack. This metric provides you with a high-level view of the compliance state of your conformance packs. You can use it to identify, investigate, and understand the level of compliance in your conformance packs.
A list of filters to apply to the conformance pack compliance score result set.
Summary includes the name and status of the conformance pack.
Returns details of a conformance pack. A conformance pack is a collection of Config rules and remediation actions that can be easily deployed in an account and a region.
Filters a conformance pack by Config rule names, compliance types, Amazon Web Services resource types, and resource IDs.
The details of a conformance pack evaluation. Provides Config rule and Amazon Web Services resource type that was evaluated, the compliance of the conformance pack, related time stamps, and supplementary information.
Input parameters in the form of key-value pairs for the conformance pack, both of which you define. Keys can have a maximum character length of 255 characters, and values can have a maximum length of 4096 characters.
Compliance information of one or more Config rules within a conformance pack. You can filter using Config rule names and compliance types.
Status details of a conformance pack.
You have specified a template that is not valid or supported.
Provides the runtime system, policy definition, and whether debug logging enabled. You can specify the following CustomPolicyDetails parameter values only for Config Custom Policy rules.
The request object for the DeleteConfigurationRecorder action.
The input for the DeleteDeliveryChannel action. The action accepts the following data, in JSON format.
The output when you delete the evaluation results for the specified Config rule.
The input for the DeliverConfigSnapshot action.
The output for the DeliverConfigSnapshot action, in JSON format.
The channel through which Config delivers notifications and updated configuration states.
The status of a specified delivery channel.
The input for the DescribeConfigurationRecorders action.
The output for the DescribeConfigurationRecorders action.
The input for the DescribeConfigurationRecorderStatus action.
The output for the DescribeConfigurationRecorderStatus action, in JSON format.
The input for the DescribeDeliveryChannels action.
The output for the DescribeDeliveryChannels action.
The input for the DeliveryChannelStatus action.
The output for the DescribeDeliveryChannelStatus action.
Identifies an Amazon Web Services resource and indicates whether it complies with the Config rule that it was evaluated against.
Use EvaluationContext to group independently initiated proactive resource evaluations. For example, CFN Stack. If you want to check just a resource definition, you do not need to provide evaluation context.
The configuration object for Config rule evaluation mode. The supported valid values are Detective or Proactive.
The details of an Config evaluation. Provides the Amazon Web Services resource that was evaluated, the compliance of the resource, related time stamps, and supplementary information.
Uniquely identifies an evaluation result.
Identifies an Config rule that evaluated an Amazon Web Services resource, and provides the type and ID of the resource that the rule evaluated.
Returns status details of an evaluation.
Specifies whether the configuration recorder excludes certain resource types from being recorded. Use the resourceTypes field to enter a comma-separated list of resource types you want to exclude from recording.
The controls that Config uses for executing remediations.
Identifies an Amazon Web Services resource and indicates whether it complies with the Config rule that it was evaluated against.
List of each of the failed delete remediation exceptions with specific reasons.
List of each of the failed remediations with specific reasons.
List of each of the failed remediation exceptions with specific reasons.
The input for the GetResourceConfigHistory action.
The output for the GetResourceConfigHistory action.
The count of resources that are grouped by the group name.
Using the same client token with one or more different parameters. Specify a new client token with the parameter changes and try again.
Your Amazon S3 bucket policy does not permit Config to write to it.
Indicates one of the following errors:
You have provided a name for the configuration recorder that is not valid.
The specified delivery channel name is not valid.
The syntax of the query is incorrect.
The specified limit is outside the allowable range.
The specified next token is not valid. Specify the nextToken string that was returned in the previous response to get the next page of results.
One or more of the specified parameters are not valid. Verify that your parameters are valid and try again.
Indicates one of the following errors:
The specified ResultToken is not valid.
You have provided a null or empty Amazon Resource Name (ARN) for the IAM role assumed by Config and used by the configuration recorder.
The specified Amazon S3 key prefix is not valid.
The specified Amazon KMS Key ARN is not valid.
The specified Amazon SNS topic does not exist.
The specified time range is not valid. The earlier time is not chronologically before the later time.
You cannot delete the delivery channel you specified because the configuration recorder is running.
For StartConfigRulesEvaluation API, this exception is thrown if an evaluation is in progress or if you call the StartConfigRulesEvaluation API more than once per minute.
You have reached the limit of active custom resource types in your account. There is a limit of 100,000. Delete unused resources using DeleteResourceConfig``.
Failed to add the Config rule because the account already contains the maximum number of 150 rules. Consider deleting any deactivated rules before you add new rules.
You have reached the limit of the number of configuration recorders you can create.
You have reached the limit of the number of delivery channels you can create.
Failed to add the retention configuration because a retention configuration with that name already exists.
Organization Config rule creation or deletion status in each member account. This includes the name of the rule, the status, error code and error message when the rule creation or deletion failed.
There are no configuration recorders available to provide the role needed to describe your resources. Create a configuration recorder.
There is no delivery channel available to record configurations.
Organization is no longer available.
There is no configuration recorder running.
The specified Amazon S3 bucket does not exist.
The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
Config rule that you passed in the filter does not exist.
You have specified a configuration aggregator that does not exist.
You have specified a configuration recorder that does not exist.
You specified one or more conformance packs that do not exist.
You have specified a delivery channel that does not exist.
The Config rule in the request is not valid. Verify that the rule is an organization Config Process Check rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
Config organization conformance pack that you passed in the filter does not exist.
You specified an Config rule without a remediation configuration.
You tried to delete a remediation exception that does not exist.
You have specified a retention configuration that does not exist.
For PutConfigurationAggregator API, you can see this exception for the following reasons:
This object contains regions to set up the aggregator and an IAM role to retrieve organization details.
Config resource cannot be created because your organization does not have all features enabled.
An organization Config rule that has information about Config rules that Config creates in member accounts.
Returns the status for an organization Config rule in an organization.
An organization conformance pack that has information about conformance packs that Config creates in member accounts.
Organization conformance pack creation or deletion status in each member account. This includes the name of the conformance pack, the status, error code and error message when the conformance pack creation or deletion failed.
Returns the status for an organization conformance pack in an organization.
You have specified a template that is not valid or supported.
An object that specifies metadata for your organization's Config Custom Policy rule. The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that initiate Config to evaluate Amazon Web Services resources against a rule.
metadata for your organization Config Custom Policy rule including the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that trigger Config to evaluate Amazon Web Services resources against a rule.
An object that specifies organization custom rule metadata such as resource type, resource ID of Amazon Web Services resource, Lambda function ARN, and organization trigger types that trigger Config to evaluate your Amazon Web Services resources against a rule. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
An object that specifies organization managed rule metadata such as resource type and ID of Amazon Web Services resource along with the rule identifier. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
Status filter object to filter results based on specific member account ID or status type for an organization conformance pack.
The configuration item size is outside the allowable range.
An object that represents the account ID and region of an aggregator account that is requesting authorization but is not yet authorized.
The input for the PutConfigurationRecorder action.
The input for the PutDeliveryChannel action.
Specifies which resource types Config records for configuration changes. By default, Config records configuration changes for all current and future supported resource types in the Amazon Web Services Region where you have enabled Config, excluding the global IAM resource types: IAM users, groups, roles, and customer managed policies.
Specifies the default recording frequency that Config uses to record configuration changes. Config supports Continuous recording and Daily recording.
An object for you to specify your overrides for the recording mode.
Specifies the recording strategy of the configuration recorder.
The relationship of the related resource to the main resource.
An object that represents the details about the remediation configuration that includes the remediation action, parameters, and data to execute the action.
An object that represents the details about the remediation exception. The details include the rule name, an explanation of an exception, the time when the exception will be deleted, the resource ID, and resource type.
The details that identify a resource within Config, including the resource type and resource ID.
Provides details of the current status of the invoked remediation action for that resource.
Name of the step from the SSM document.
Remediation action is in progress. You can either cancel execution in Amazon Web Services Systems Manager or wait and try again later.
The value is either a dynamic (resource) value or a static value. You must select either a dynamic value or a static value.
Two users are trying to modify the same query at the same time. Wait for a moment and try again.
An object that contains the resource type and the number of resources.
Filters the resource count based on account ID, region, and resource type.
Returns information about the resource being evaluated.
Returns details of a resource evaluation.
Returns details of a resource evaluation based on the selected filter.
Filters the results by resource account ID, region, resource ID, and resource name.
The details that identify a resource that is discovered by Config, including the resource type, ID, and (if available) the custom resource name.
You see this exception in the following cases:
The details that identify a resource within Config, including the resource type and resource ID.
You have specified a resource that is either unknown or has not been discovered.
You have specified a resource that does not exist.
The dynamic value of the resource.
An object with the name of the retention configuration and the retention period in days. The object stores the configuration for data retention in Config.
Defines which resources trigger an evaluation for an Config rule. The scope can include one or more resource types, a combination of a tag key and value, or a combination of one resource type and one resource ID. Specify a scope to constrain which resources trigger an evaluation for a rule. Otherwise, evaluations for the rule are triggered when any resource in your recording group changes in configuration.
Provides the CustomPolicyDetails, the rule owner (Amazon Web Services for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your Amazon Web Services resources.
Provides the source and the message types that trigger Config to evaluate your Amazon Web Services resources against a rule. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic. You can specify the parameter values for SourceDetail only for custom rules.
Amazon Web Services Systems Manager (SSM) specific remediation controls.
The output when you start the evaluation for the specified Config rule.
The input for the StartConfigurationRecorder action.
The static value of the resource.
Status filter object to filter results based on specific member account ID or status type for an organization Config rule.
The input for the StopConfigurationRecorder action.
Provides the details of a stored query.
Returns details of a specific query.
The tags for the resource. The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
This API allows you to create a conformance pack template with an Amazon Web Services Systems Manager document (SSM document). To deploy a conformance pack using an SSM document, first create an SSM document with conformance pack content, and then provide the DocumentName in the PutConformancePack API. You can also provide the DocumentVersion.
Filters evaluation results based on start and end times.
The requested action is not valid.