-
Notifications
You must be signed in to change notification settings - Fork 2.1k
/
docs-2.json
3131 lines (3131 loc) · 229 KB
/
docs-2.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
{
"version": "2.0",
"service": "<fullname>AWS Config</fullname> <p>AWS Config provides a way to keep track of the configurations of all the AWS resources associated with your AWS account. You can use AWS Config to get the current and historical configurations of each AWS resource and also to get information about the relationship between the resources. An AWS resource can be an Amazon Compute Cloud (Amazon EC2) instance, an Elastic Block Store (EBS) volume, an elastic network Interface (ENI), or a security group. For a complete list of resources currently supported by AWS Config, see <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources\">Supported AWS Resources</a>.</p> <p>You can access and manage AWS Config through the AWS Management Console, the AWS Command Line Interface (AWS CLI), the AWS Config API, or the AWS SDKs for AWS Config. This reference guide contains documentation for the AWS Config API and the AWS CLI commands that you can use to manage AWS Config. The AWS Config API uses the Signature Version 4 protocol for signing requests. For more information about how to sign a request with this protocol, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\">Signature Version 4 Signing Process</a>. For detailed information about AWS Config features and their associated actions or commands, as well as how to work with AWS Management Console, see <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html\">What Is AWS Config</a> in the <i>AWS Config Developer Guide</i>.</p>",
"operations": {
"BatchGetAggregateResourceConfig": "<p>Returns the current configuration items for resources that are present in your AWS Config aggregator. The operation also returns a list of resources that are not processed in the current request. If there are no unprocessed resources, the operation returns an empty <code>unprocessedResourceIdentifiers</code> list. </p> <note> <ul> <li> <p>The API does not return results for deleted resources.</p> </li> <li> <p> The API does not return tags and relationships.</p> </li> </ul> </note>",
"BatchGetResourceConfig": "<p>Returns the current configuration for one or more requested resources. The operation also returns a list of resources that are not processed in the current request. If there are no unprocessed resources, the operation returns an empty unprocessedResourceKeys list. </p> <note> <ul> <li> <p>The API does not return results for deleted resources.</p> </li> <li> <p> The API does not return any tags for the requested resources. This information is filtered out of the supplementaryConfiguration section of the API response.</p> </li> </ul> </note>",
"DeleteAggregationAuthorization": "<p>Deletes the authorization granted to the specified configuration aggregator account in a specified region.</p>",
"DeleteConfigRule": "<p>Deletes the specified AWS Config rule and all of its evaluation results.</p> <p>AWS Config sets the state of a rule to <code>DELETING</code> until the deletion is complete. You cannot update a rule while it is in this state. If you make a <code>PutConfigRule</code> or <code>DeleteConfigRule</code> request for the rule, you will receive a <code>ResourceInUseException</code>.</p> <p>You can check the state of a rule by using the <code>DescribeConfigRules</code> request.</p>",
"DeleteConfigurationAggregator": "<p>Deletes the specified configuration aggregator and the aggregated data associated with the aggregator.</p>",
"DeleteConfigurationRecorder": "<p>Deletes the configuration recorder.</p> <p>After the configuration recorder is deleted, AWS Config will not record resource configuration changes until you create a new configuration recorder.</p> <p>This action does not delete the configuration information that was previously recorded. You will be able to access the previously recorded information by using the <code>GetResourceConfigHistory</code> action, but you will not be able to access this information in the AWS Config console until you create a new configuration recorder.</p>",
"DeleteConformancePack": "<p>Deletes the specified conformance pack and all the AWS Config rules, remediation actions, and all evaluation results within that conformance pack.</p> <p>AWS Config sets the conformance pack to <code>DELETE_IN_PROGRESS</code> until the deletion is complete. You cannot update a conformance pack while it is in this state.</p>",
"DeleteDeliveryChannel": "<p>Deletes the delivery channel.</p> <p>Before you can delete the delivery channel, you must stop the configuration recorder by using the <a>StopConfigurationRecorder</a> action.</p>",
"DeleteEvaluationResults": "<p>Deletes the evaluation results for the specified AWS Config rule. You can specify one AWS Config rule per request. After you delete the evaluation results, you can call the <a>StartConfigRulesEvaluation</a> API to start evaluating your AWS resources against the rule.</p>",
"DeleteOrganizationConfigRule": "<p>Deletes the specified organization config rule and all of its evaluation results from all member accounts in that organization. </p> <p>Only a master account and a delegated administrator account can delete an organization config rule. When calling this API with a delegated administrator, you must ensure AWS Organizations <code>ListDelegatedAdministrator</code> permissions are added.</p> <p>AWS Config sets the state of a rule to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a rule while it is in this state.</p>",
"DeleteOrganizationConformancePack": "<p>Deletes the specified organization conformance pack and all of the config rules and remediation actions from all member accounts in that organization. </p> <p> Only a master account or a delegated administrator account can delete an organization conformance pack. When calling this API with a delegated administrator, you must ensure AWS Organizations <code>ListDelegatedAdministrator</code> permissions are added.</p> <p>AWS Config sets the state of a conformance pack to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a conformance pack while it is in this state. </p>",
"DeletePendingAggregationRequest": "<p>Deletes pending authorization requests for a specified aggregator account in a specified region.</p>",
"DeleteRemediationConfiguration": "<p>Deletes the remediation configuration.</p>",
"DeleteRemediationExceptions": "<p>Deletes one or more remediation exceptions mentioned in the resource keys.</p> <note> <p>AWS Config generates a remediation exception when a problem occurs executing a remediation action to a specific resource. Remediation exceptions blocks auto-remediation until the exception is cleared.</p> </note>",
"DeleteResourceConfig": "<p>Records the configuration state for a custom resource that has been deleted. This API records a new ConfigurationItem with a ResourceDeleted status. You can retrieve the ConfigurationItems recorded for this resource in your AWS Config History. </p>",
"DeleteRetentionConfiguration": "<p>Deletes the retention configuration.</p>",
"DeliverConfigSnapshot": "<p>Schedules delivery of a configuration snapshot to the Amazon S3 bucket in the specified delivery channel. After the delivery has started, AWS Config sends the following notifications using an Amazon SNS topic that you have specified.</p> <ul> <li> <p>Notification of the start of the delivery.</p> </li> <li> <p>Notification of the completion of the delivery, if the delivery was successfully completed.</p> </li> <li> <p>Notification of delivery failure, if the delivery failed.</p> </li> </ul>",
"DescribeAggregateComplianceByConfigRules": "<p>Returns a list of compliant and noncompliant rules with the number of resources for compliant and noncompliant rules. </p> <note> <p>The results can return an empty result page, but if you have a <code>nextToken</code>, the results are displayed on the next page.</p> </note>",
"DescribeAggregationAuthorizations": "<p>Returns a list of authorizations granted to various aggregator accounts and regions.</p>",
"DescribeComplianceByConfigRule": "<p>Indicates whether the specified AWS Config rules are compliant. If a rule is noncompliant, this action returns the number of AWS resources that do not comply with the rule.</p> <p>A rule is compliant if all of the evaluated resources comply with it. It is noncompliant if any of these resources do not comply.</p> <p>If AWS Config has no current evaluation results for the rule, it returns <code>INSUFFICIENT_DATA</code>. This result might indicate one of the following conditions:</p> <ul> <li> <p>AWS Config has never invoked an evaluation for the rule. To check whether it has, use the <code>DescribeConfigRuleEvaluationStatus</code> action to get the <code>LastSuccessfulInvocationTime</code> and <code>LastFailedInvocationTime</code>.</p> </li> <li> <p>The rule's AWS Lambda function is failing to send evaluation results to AWS Config. Verify that the role you assigned to your configuration recorder includes the <code>config:PutEvaluations</code> permission. If the rule is a custom rule, verify that the AWS Lambda execution role includes the <code>config:PutEvaluations</code> permission.</p> </li> <li> <p>The rule's AWS Lambda function has returned <code>NOT_APPLICABLE</code> for all evaluation results. This can occur if the resources were deleted or removed from the rule's scope.</p> </li> </ul>",
"DescribeComplianceByResource": "<p>Indicates whether the specified AWS resources are compliant. If a resource is noncompliant, this action returns the number of AWS Config rules that the resource does not comply with.</p> <p>A resource is compliant if it complies with all the AWS Config rules that evaluate it. It is noncompliant if it does not comply with one or more of these rules.</p> <p>If AWS Config has no current evaluation results for the resource, it returns <code>INSUFFICIENT_DATA</code>. This result might indicate one of the following conditions about the rules that evaluate the resource:</p> <ul> <li> <p>AWS Config has never invoked an evaluation for the rule. To check whether it has, use the <code>DescribeConfigRuleEvaluationStatus</code> action to get the <code>LastSuccessfulInvocationTime</code> and <code>LastFailedInvocationTime</code>.</p> </li> <li> <p>The rule's AWS Lambda function is failing to send evaluation results to AWS Config. Verify that the role that you assigned to your configuration recorder includes the <code>config:PutEvaluations</code> permission. If the rule is a custom rule, verify that the AWS Lambda execution role includes the <code>config:PutEvaluations</code> permission.</p> </li> <li> <p>The rule's AWS Lambda function has returned <code>NOT_APPLICABLE</code> for all evaluation results. This can occur if the resources were deleted or removed from the rule's scope.</p> </li> </ul>",
"DescribeConfigRuleEvaluationStatus": "<p>Returns status information for each of your AWS managed Config rules. The status includes information such as the last time AWS Config invoked the rule, the last time AWS Config failed to invoke the rule, and the related error for the last failure.</p>",
"DescribeConfigRules": "<p>Returns details about your AWS Config rules.</p>",
"DescribeConfigurationAggregatorSourcesStatus": "<p>Returns status information for sources within an aggregator. The status includes information about the last time AWS Config verified authorization between the source account and an aggregator account. In case of a failure, the status contains the related error code or message. </p>",
"DescribeConfigurationAggregators": "<p>Returns the details of one or more configuration aggregators. If the configuration aggregator is not specified, this action returns the details for all the configuration aggregators associated with the account. </p>",
"DescribeConfigurationRecorderStatus": "<p>Returns the current status of the specified configuration recorder. If a configuration recorder is not specified, this action returns the status of all configuration recorders associated with the account.</p> <note> <p>Currently, you can specify only one configuration recorder per region in your account.</p> </note>",
"DescribeConfigurationRecorders": "<p>Returns the details for the specified configuration recorders. If the configuration recorder is not specified, this action returns the details for all configuration recorders associated with the account.</p> <note> <p>Currently, you can specify only one configuration recorder per region in your account.</p> </note>",
"DescribeConformancePackCompliance": "<p>Returns compliance details for each rule in that conformance pack.</p> <note> <p>You must provide exact rule names.</p> </note>",
"DescribeConformancePackStatus": "<p>Provides one or more conformance packs deployment status.</p> <note> <p>If there are no conformance packs then you will see an empty result.</p> </note>",
"DescribeConformancePacks": "<p>Returns a list of one or more conformance packs.</p>",
"DescribeDeliveryChannelStatus": "<p>Returns the current status of the specified delivery channel. If a delivery channel is not specified, this action returns the current status of all delivery channels associated with the account.</p> <note> <p>Currently, you can specify only one delivery channel per region in your account.</p> </note>",
"DescribeDeliveryChannels": "<p>Returns details about the specified delivery channel. If a delivery channel is not specified, this action returns the details of all delivery channels associated with the account.</p> <note> <p>Currently, you can specify only one delivery channel per region in your account.</p> </note>",
"DescribeOrganizationConfigRuleStatuses": "<p>Provides organization config rule deployment status for an organization.</p> <note> <p>The status is not considered successful until organization config rule is successfully deployed in all the member accounts with an exception of excluded accounts.</p> <p>When you specify the limit and the next token, you receive a paginated response. Limit and next token are not applicable if you specify organization config rule names. It is only applicable, when you request all the organization config rules.</p> </note>",
"DescribeOrganizationConfigRules": "<p>Returns a list of organization config rules. </p> <note> <p>When you specify the limit and the next token, you receive a paginated response. Limit and next token are not applicable if you specify organization config rule names. It is only applicable, when you request all the organization config rules.</p> </note>",
"DescribeOrganizationConformancePackStatuses": "<p>Provides organization conformance pack deployment status for an organization. </p> <note> <p>The status is not considered successful until organization conformance pack is successfully deployed in all the member accounts with an exception of excluded accounts.</p> <p>When you specify the limit and the next token, you receive a paginated response. Limit and next token are not applicable if you specify organization conformance pack names. They are only applicable, when you request all the organization conformance packs.</p> </note>",
"DescribeOrganizationConformancePacks": "<p>Returns a list of organization conformance packs. </p> <note> <p>When you specify the limit and the next token, you receive a paginated response. </p> <p>Limit and next token are not applicable if you specify organization conformance packs names. They are only applicable, when you request all the organization conformance packs. </p> </note>",
"DescribePendingAggregationRequests": "<p>Returns a list of all pending aggregation requests.</p>",
"DescribeRemediationConfigurations": "<p>Returns the details of one or more remediation configurations.</p>",
"DescribeRemediationExceptions": "<p>Returns the details of one or more remediation exceptions. A detailed view of a remediation exception for a set of resources that includes an explanation of an exception and the time when the exception will be deleted. When you specify the limit and the next token, you receive a paginated response. </p> <note> <p>AWS Config generates a remediation exception when a problem occurs executing a remediation action to a specific resource. Remediation exceptions blocks auto-remediation until the exception is cleared.</p> <p>When you specify the limit and the next token, you receive a paginated response. </p> <p>Limit and next token are not applicable if you request resources in batch. It is only applicable, when you request all resources.</p> </note>",
"DescribeRemediationExecutionStatus": "<p>Provides a detailed view of a Remediation Execution for a set of resources including state, timestamps for when steps for the remediation execution occur, and any error messages for steps that have failed. When you specify the limit and the next token, you receive a paginated response.</p>",
"DescribeRetentionConfigurations": "<p>Returns the details of one or more retention configurations. If the retention configuration name is not specified, this action returns the details for all the retention configurations for that account.</p> <note> <p>Currently, AWS Config supports only one retention configuration per region in your account.</p> </note>",
"GetAggregateComplianceDetailsByConfigRule": "<p>Returns the evaluation results for the specified AWS Config rule for a specific resource in a rule. The results indicate which AWS resources were evaluated by the rule, when each resource was last evaluated, and whether each resource complies with the rule. </p> <note> <p>The results can return an empty result page. But if you have a <code>nextToken</code>, the results are displayed on the next page.</p> </note>",
"GetAggregateConfigRuleComplianceSummary": "<p>Returns the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator.</p> <note> <p>The results can return an empty result page, but if you have a nextToken, the results are displayed on the next page.</p> </note>",
"GetAggregateDiscoveredResourceCounts": "<p>Returns the resource counts across accounts and regions that are present in your AWS Config aggregator. You can request the resource counts by providing filters and GroupByKey.</p> <p>For example, if the input contains accountID 12345678910 and region us-east-1 in filters, the API returns the count of resources in account ID 12345678910 and region us-east-1. If the input contains ACCOUNT_ID as a GroupByKey, the API returns resource counts for all source accounts that are present in your aggregator.</p>",
"GetAggregateResourceConfig": "<p>Returns configuration item that is aggregated for your specific resource in a specific source account and region.</p>",
"GetComplianceDetailsByConfigRule": "<p>Returns the evaluation results for the specified AWS Config rule. The results indicate which AWS resources were evaluated by the rule, when each resource was last evaluated, and whether each resource complies with the rule.</p>",
"GetComplianceDetailsByResource": "<p>Returns the evaluation results for the specified AWS resource. The results indicate which AWS Config rules were used to evaluate the resource, when each rule was last used, and whether the resource complies with each rule.</p>",
"GetComplianceSummaryByConfigRule": "<p>Returns the number of AWS Config rules that are compliant and noncompliant, up to a maximum of 25 for each.</p>",
"GetComplianceSummaryByResourceType": "<p>Returns the number of resources that are compliant and the number that are noncompliant. You can specify one or more resource types to get these numbers for each resource type. The maximum number returned is 100.</p>",
"GetConformancePackComplianceDetails": "<p>Returns compliance details of a conformance pack for all AWS resources that are monitered by conformance pack.</p>",
"GetConformancePackComplianceSummary": "<p>Returns compliance details for the conformance pack based on the cumulative compliance results of all the rules in that conformance pack.</p>",
"GetDiscoveredResourceCounts": "<p>Returns the resource types, the number of each resource type, and the total number of resources that AWS Config is recording in this region for your AWS account. </p> <p class=\"title\"> <b>Example</b> </p> <ol> <li> <p>AWS Config is recording three resource types in the US East (Ohio) Region for your account: 25 EC2 instances, 20 IAM users, and 15 S3 buckets.</p> </li> <li> <p>You make a call to the <code>GetDiscoveredResourceCounts</code> action and specify that you want all resource types. </p> </li> <li> <p>AWS Config returns the following:</p> <ul> <li> <p>The resource types (EC2 instances, IAM users, and S3 buckets).</p> </li> <li> <p>The number of each resource type (25, 20, and 15).</p> </li> <li> <p>The total number of all resources (60).</p> </li> </ul> </li> </ol> <p>The response is paginated. By default, AWS Config lists 100 <a>ResourceCount</a> objects on each page. You can customize this number with the <code>limit</code> parameter. The response includes a <code>nextToken</code> string. To get the next page of results, run the request again and specify the string for the <code>nextToken</code> parameter.</p> <note> <p>If you make a call to the <a>GetDiscoveredResourceCounts</a> action, you might not immediately receive resource counts in the following situations:</p> <ul> <li> <p>You are a new AWS Config customer.</p> </li> <li> <p>You just enabled resource recording.</p> </li> </ul> <p>It might take a few minutes for AWS Config to record and count your resources. Wait a few minutes and then retry the <a>GetDiscoveredResourceCounts</a> action. </p> </note>",
"GetOrganizationConfigRuleDetailedStatus": "<p>Returns detailed status for each member account within an organization for a given organization config rule.</p>",
"GetOrganizationConformancePackDetailedStatus": "<p>Returns detailed status for each member account within an organization for a given organization conformance pack.</p>",
"GetResourceConfigHistory": "<p>Returns a list of configuration items for the specified resource. The list contains details about each state of the resource during the specified time interval. If you specified a retention period to retain your <code>ConfigurationItems</code> between a minimum of 30 days and a maximum of 7 years (2557 days), AWS Config returns the <code>ConfigurationItems</code> for the specified retention period. </p> <p>The response is paginated. By default, AWS Config returns a limit of 10 configuration items per page. You can customize this number with the <code>limit</code> parameter. The response includes a <code>nextToken</code> string. To get the next page of results, run the request again and specify the string for the <code>nextToken</code> parameter.</p> <note> <p>Each call to the API is limited to span a duration of seven days. It is likely that the number of records returned is smaller than the specified <code>limit</code>. In such cases, you can make another call, using the <code>nextToken</code>.</p> </note>",
"ListAggregateDiscoveredResources": "<p>Accepts a resource type and returns a list of resource identifiers that are aggregated for a specific resource type across accounts and regions. A resource identifier includes the resource type, ID, (if available) the custom resource name, source account, and source region. You can narrow the results to include only resources that have specific resource IDs, or a resource name, or source account ID, or source region.</p> <p>For example, if the input consists of accountID 12345678910 and the region is us-east-1 for resource type <code>AWS::EC2::Instance</code> then the API returns all the EC2 instance identifiers of accountID 12345678910 and region us-east-1.</p>",
"ListDiscoveredResources": "<p>Accepts a resource type and returns a list of resource identifiers for the resources of that type. A resource identifier includes the resource type, ID, and (if available) the custom resource name. The results consist of resources that AWS Config has discovered, including those that AWS Config is not currently recording. You can narrow the results to include only resources that have specific resource IDs or a resource name.</p> <note> <p>You can specify either resource IDs or a resource name, but not both, in the same request.</p> </note> <p>The response is paginated. By default, AWS Config lists 100 resource identifiers on each page. You can customize this number with the <code>limit</code> parameter. The response includes a <code>nextToken</code> string. To get the next page of results, run the request again and specify the string for the <code>nextToken</code> parameter.</p>",
"ListTagsForResource": "<p>List the tags for AWS Config resource.</p>",
"PutAggregationAuthorization": "<p>Authorizes the aggregator account and region to collect data from the source account and region. </p>",
"PutConfigRule": "<p>Adds or updates an AWS Config rule for evaluating whether your AWS resources comply with your desired configurations.</p> <p>You can use this action for custom AWS Config rules and AWS managed Config rules. A custom AWS Config rule is a rule that you develop and maintain. An AWS managed Config rule is a customizable, predefined rule that AWS Config provides.</p> <p>If you are adding a new custom AWS Config rule, you must first create the AWS Lambda function that the rule invokes to evaluate your resources. When you use the <code>PutConfigRule</code> action to add the rule to AWS Config, you must specify the Amazon Resource Name (ARN) that AWS Lambda assigns to the function. Specify the ARN for the <code>SourceIdentifier</code> key. This key is part of the <code>Source</code> object, which is part of the <code>ConfigRule</code> object. </p> <p>If you are adding an AWS managed Config rule, specify the rule's identifier for the <code>SourceIdentifier</code> key. To reference AWS managed Config rule identifiers, see <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html\">About AWS Managed Config Rules</a>.</p> <p>For any new rule that you add, specify the <code>ConfigRuleName</code> in the <code>ConfigRule</code> object. Do not specify the <code>ConfigRuleArn</code> or the <code>ConfigRuleId</code>. These values are generated by AWS Config for new rules.</p> <p>If you are updating a rule that you added previously, you can specify the rule by <code>ConfigRuleName</code>, <code>ConfigRuleId</code>, or <code>ConfigRuleArn</code> in the <code>ConfigRule</code> data type that you use in this request.</p> <p>The maximum number of rules that AWS Config supports is 150.</p> <p>For information about requesting a rule limit increase, see <a href=\"http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_config\">AWS Config Limits</a> in the <i>AWS General Reference Guide</i>.</p> <p>For more information about developing and using AWS Config rules, see <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html\">Evaluating AWS Resource Configurations with AWS Config</a> in the <i>AWS Config Developer Guide</i>.</p>",
"PutConfigurationAggregator": "<p>Creates and updates the configuration aggregator with the selected source accounts and regions. The source account can be individual account(s) or an organization.</p> <note> <p>AWS Config should be enabled in source accounts and regions you want to aggregate.</p> <p>If your source type is an organization, you must be signed in to the master account and all features must be enabled in your organization. AWS Config calls <code>EnableAwsServiceAccess</code> API to enable integration between AWS Config and AWS Organizations. </p> </note>",
"PutConfigurationRecorder": "<p>Creates a new configuration recorder to record the selected resource configurations.</p> <p>You can use this action to change the role <code>roleARN</code> or the <code>recordingGroup</code> of an existing recorder. To change the role, call the action on the existing configuration recorder and specify a role.</p> <note> <p>Currently, you can specify only one configuration recorder per region in your account.</p> <p>If <code>ConfigurationRecorder</code> does not have the <b>recordingGroup</b> parameter specified, the default is to record all supported resource types.</p> </note>",
"PutConformancePack": "<p>Creates or updates a conformance pack. A conformance pack is a collection of AWS Config rules that can be easily deployed in an account and a region and across AWS Organization.</p> <p>This API creates a service linked role <code>AWSServiceRoleForConfigConforms</code> in your account. The service linked role is created only when the role does not exist in your account. </p> <note> <p>You must specify either the <code>TemplateS3Uri</code> or the <code>TemplateBody</code> parameter, but not both. If you provide both AWS Config uses the <code>TemplateS3Uri</code> parameter and ignores the <code>TemplateBody</code> parameter.</p> </note>",
"PutDeliveryChannel": "<p>Creates a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic.</p> <p>Before you can create a delivery channel, you must create a configuration recorder.</p> <p>You can use this action to change the Amazon S3 bucket or an Amazon SNS topic of the existing delivery channel. To change the Amazon S3 bucket or an Amazon SNS topic, call this action and specify the changed values for the S3 bucket and the SNS topic. If you specify a different value for either the S3 bucket or the SNS topic, this action will keep the existing value for the parameter that is not changed.</p> <note> <p>You can have only one delivery channel per region in your account.</p> </note>",
"PutEvaluations": "<p>Used by an AWS Lambda function to deliver evaluation results to AWS Config. This action is required in every AWS Lambda function that is invoked by an AWS Config rule.</p>",
"PutExternalEvaluation": null,
"PutOrganizationConfigRule": "<p>Adds or updates organization config rule for your entire organization evaluating whether your AWS resources comply with your desired configurations.</p> <p> Only a master account and a delegated administrator can create or update an organization config rule. When calling this API with a delegated administrator, you must ensure AWS Organizations <code>ListDelegatedAdministrator</code> permissions are added. </p> <p>This API enables organization service access through the <code>EnableAWSServiceAccess</code> action and creates a service linked role <code>AWSServiceRoleForConfigMultiAccountSetup</code> in the master or delegated administrator account of your organization. The service linked role is created only when the role does not exist in the caller account. AWS Config verifies the existence of role with <code>GetRole</code> action.</p> <p>To use this API with delegated administrator, register a delegated administrator by calling AWS Organization <code>register-delegated-administrator</code> for <code>config-multiaccountsetup.amazonaws.com</code>. </p> <p>You can use this action to create both custom AWS Config rules and AWS managed Config rules. If you are adding a new custom AWS Config rule, you must first create AWS Lambda function in the master account or a delegated administrator that the rule invokes to evaluate your resources. When you use the <code>PutOrganizationConfigRule</code> action to add the rule to AWS Config, you must specify the Amazon Resource Name (ARN) that AWS Lambda assigns to the function. If you are adding an AWS managed Config rule, specify the rule's identifier for the <code>RuleIdentifier</code> key.</p> <p>The maximum number of organization config rules that AWS Config supports is 150 and 3 delegated administrator per organization. </p> <note> <p>Prerequisite: Ensure you call <code>EnableAllFeatures</code> API to enable all features in an organization.</p> <p>Specify either <code>OrganizationCustomRuleMetadata</code> or <code>OrganizationManagedRuleMetadata</code>.</p> </note>",
"PutOrganizationConformancePack": "<p>Deploys conformance packs across member accounts in an AWS Organization.</p> <p>Only a master account and a delegated administrator can call this API. When calling this API with a delegated administrator, you must ensure AWS Organizations <code>ListDelegatedAdministrator</code> permissions are added.</p> <p>This API enables organization service access for <code>config-multiaccountsetup.amazonaws.com</code> through the <code>EnableAWSServiceAccess</code> action and creates a service linked role <code>AWSServiceRoleForConfigMultiAccountSetup</code> in the master or delegated administrator account of your organization. The service linked role is created only when the role does not exist in the caller account. To use this API with delegated administrator, register a delegated administrator by calling AWS Organization <code>register-delegate-admin</code> for <code>config-multiaccountsetup.amazonaws.com</code>.</p> <note> <p>Prerequisite: Ensure you call <code>EnableAllFeatures</code> API to enable all features in an organization.</p> <p>You must specify either the <code>TemplateS3Uri</code> or the <code>TemplateBody</code> parameter, but not both. If you provide both AWS Config uses the <code>TemplateS3Uri</code> parameter and ignores the <code>TemplateBody</code> parameter.</p> <p>AWS Config sets the state of a conformance pack to CREATE_IN_PROGRESS and UPDATE_IN_PROGRESS until the conformance pack is created or updated. You cannot update a conformance pack while it is in this state.</p> <p>You can create 6 conformance packs with 25 AWS Config rules in each pack and 3 delegated administrator per organization. </p> </note>",
"PutRemediationConfigurations": "<p>Adds or updates the remediation configuration with a specific AWS Config rule with the selected target or action. The API creates the <code>RemediationConfiguration</code> object for the AWS Config rule. The AWS Config rule must already exist for you to add a remediation configuration. The target (SSM document) must exist and have permissions to use the target. </p> <note> <p>If you make backward incompatible changes to the SSM document, you must call this again to ensure the remediations can run.</p> <p>This API does not support adding remediation configurations for service-linked AWS Config Rules such as Organization Config rules, the rules deployed by conformance packs, and rules deployed by AWS Security Hub.</p> </note>",
"PutRemediationExceptions": "<p>A remediation exception is when a specific resource is no longer considered for auto-remediation. This API adds a new exception or updates an existing exception for a specific resource with a specific AWS Config rule. </p> <note> <p>AWS Config generates a remediation exception when a problem occurs executing a remediation action to a specific resource. Remediation exceptions blocks auto-remediation until the exception is cleared.</p> </note>",
"PutResourceConfig": "<p>Records the configuration state for the resource provided in the request. The configuration state of a resource is represented in AWS Config as Configuration Items. Once this API records the configuration item, you can retrieve the list of configuration items for the custom resource type using existing AWS Config APIs. </p> <note> <p>The custom resource type must be registered with AWS CloudFormation. This API accepts the configuration item registered with AWS CloudFormation.</p> <p>When you call this API, AWS Config only stores configuration state of the resource provided in the request. This API does not change or remediate the configuration of the resource. </p> <p>Write-only schema properites are not recorded as part of the published configuration item.</p> </note>",
"PutRetentionConfiguration": "<p>Creates and updates the retention configuration with details about retention period (number of days) that AWS Config stores your historical information. The API creates the <code>RetentionConfiguration</code> object and names the object as <b>default</b>. When you have a <code>RetentionConfiguration</code> object named <b>default</b>, calling the API modifies the default object. </p> <note> <p>Currently, AWS Config supports only one retention configuration per region in your account.</p> </note>",
"SelectAggregateResourceConfig": "<p>Accepts a structured query language (SQL) SELECT command and an aggregator to query configuration state of AWS resources across multiple accounts and regions, performs the corresponding search, and returns resource configurations matching the properties.</p> <p>For more information about query components, see the <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/query-components.html\"> <b>Query Components</b> </a> section in the AWS Config Developer Guide.</p>",
"SelectResourceConfig": "<p>Accepts a structured query language (SQL) <code>SELECT</code> command, performs the corresponding search, and returns resource configurations matching the properties.</p> <p>For more information about query components, see the <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/query-components.html\"> <b>Query Components</b> </a> section in the AWS Config Developer Guide.</p>",
"StartConfigRulesEvaluation": "<p>Runs an on-demand evaluation for the specified AWS Config rules against the last known configuration state of the resources. Use <code>StartConfigRulesEvaluation</code> when you want to test that a rule you updated is working as expected. <code>StartConfigRulesEvaluation</code> does not re-record the latest configuration state for your resources. It re-runs an evaluation against the last known state of your resources. </p> <p>You can specify up to 25 AWS Config rules per request. </p> <p>An existing <code>StartConfigRulesEvaluation</code> call for the specified rules must complete before you can call the API again. If you chose to have AWS Config stream to an Amazon SNS topic, you will receive a <code>ConfigRuleEvaluationStarted</code> notification when the evaluation starts.</p> <note> <p>You don't need to call the <code>StartConfigRulesEvaluation</code> API to run an evaluation for a new rule. When you create a rule, AWS Config evaluates your resources against the rule automatically. </p> </note> <p>The <code>StartConfigRulesEvaluation</code> API is useful if you want to run on-demand evaluations, such as the following example:</p> <ol> <li> <p>You have a custom rule that evaluates your IAM resources every 24 hours.</p> </li> <li> <p>You update your Lambda function to add additional conditions to your rule.</p> </li> <li> <p>Instead of waiting for the next periodic evaluation, you call the <code>StartConfigRulesEvaluation</code> API.</p> </li> <li> <p>AWS Config invokes your Lambda function and evaluates your IAM resources.</p> </li> <li> <p>Your custom rule will still run periodic evaluations every 24 hours.</p> </li> </ol>",
"StartConfigurationRecorder": "<p>Starts recording configurations of the AWS resources you have selected to record in your AWS account.</p> <p>You must have created at least one delivery channel to successfully start the configuration recorder.</p>",
"StartRemediationExecution": "<p>Runs an on-demand remediation for the specified AWS Config rules against the last known remediation configuration. It runs an execution against the current state of your resources. Remediation execution is asynchronous.</p> <p>You can specify up to 100 resource keys per request. An existing StartRemediationExecution call for the specified resource keys must complete before you can call the API again.</p>",
"StopConfigurationRecorder": "<p>Stops recording configurations of the AWS resources you have selected to record in your AWS account.</p>",
"TagResource": "<p>Associates the specified tags to a resource with the specified resourceArn. If existing tags on a resource are not specified in the request parameters, they are not changed. When a resource is deleted, the tags associated with that resource are deleted as well.</p>",
"UntagResource": "<p>Deletes specified tags from a resource.</p>"
},
"shapes": {
"ARN": {
"base": null,
"refs": {
"BaseConfigurationItem$arn": "<p>The Amazon Resource Name (ARN) of the resource.</p>",
"ConfigurationItem$arn": "<p>Amazon Resource Name (ARN) associated with the resource.</p>"
}
},
"AccountAggregationSource": {
"base": "<p>A collection of accounts and regions.</p>",
"refs": {
"AccountAggregationSourceList$member": null
}
},
"AccountAggregationSourceAccountList": {
"base": null,
"refs": {
"AccountAggregationSource$AccountIds": "<p>The 12-digit account ID of the account being aggregated. </p>"
}
},
"AccountAggregationSourceList": {
"base": null,
"refs": {
"ConfigurationAggregator$AccountAggregationSources": "<p>Provides a list of source accounts and regions to be aggregated.</p>",
"PutConfigurationAggregatorRequest$AccountAggregationSources": "<p>A list of AccountAggregationSource object. </p>"
}
},
"AccountId": {
"base": null,
"refs": {
"AccountAggregationSourceAccountList$member": null,
"AggregateComplianceByConfigRule$AccountId": "<p>The 12-digit account ID of the source account.</p>",
"AggregateEvaluationResult$AccountId": "<p>The 12-digit account ID of the source account.</p>",
"AggregateResourceIdentifier$SourceAccountId": "<p>The 12-digit account ID of the source account.</p>",
"AggregationAuthorization$AuthorizedAccountId": "<p>The 12-digit account ID of the account authorized to aggregate data.</p>",
"BaseConfigurationItem$accountId": "<p>The 12-digit AWS account ID associated with the resource.</p>",
"ConfigRuleComplianceFilters$AccountId": "<p>The 12-digit account ID of the source account. </p>",
"ConfigRuleComplianceSummaryFilters$AccountId": "<p>The 12-digit account ID of the source account.</p>",
"ConfigurationItem$accountId": "<p>The 12-digit AWS account ID associated with the resource.</p>",
"DeleteAggregationAuthorizationRequest$AuthorizedAccountId": "<p>The 12-digit account ID of the account authorized to aggregate data.</p>",
"DeletePendingAggregationRequestRequest$RequesterAccountId": "<p>The 12-digit account ID of the account requesting to aggregate data.</p>",
"ExcludedAccounts$member": null,
"GetAggregateComplianceDetailsByConfigRuleRequest$AccountId": "<p>The 12-digit account ID of the source account.</p>",
"MemberAccountStatus$AccountId": "<p>The 12-digit account ID of a member account.</p>",
"OrganizationConformancePackDetailedStatus$AccountId": "<p>The 12-digit account ID of a member account.</p>",
"OrganizationResourceDetailedStatusFilters$AccountId": "<p>The 12-digit account ID of the member account within an organization.</p>",
"PendingAggregationRequest$RequesterAccountId": "<p>The 12-digit account ID of the account requesting to aggregate data.</p>",
"PutAggregationAuthorizationRequest$AuthorizedAccountId": "<p>The 12-digit account ID of the account authorized to aggregate data.</p>",
"ResourceCountFilters$AccountId": "<p>The 12-digit ID of the account.</p>",
"ResourceFilters$AccountId": "<p>The 12-digit source account ID.</p>",
"StatusDetailFilters$AccountId": "<p>The 12-digit account ID of the member account within an organization.</p>"
}
},
"AggregateComplianceByConfigRule": {
"base": "<p>Indicates whether an AWS Config rule is compliant based on account ID, region, compliance, and rule name.</p> <p>A rule is compliant if all of the resources that the rule evaluated comply with it. It is noncompliant if any of these resources do not comply.</p>",
"refs": {
"AggregateComplianceByConfigRuleList$member": null
}
},
"AggregateComplianceByConfigRuleList": {
"base": null,
"refs": {
"DescribeAggregateComplianceByConfigRulesResponse$AggregateComplianceByConfigRules": "<p>Returns a list of AggregateComplianceByConfigRule object.</p>"
}
},
"AggregateComplianceCount": {
"base": "<p>Returns the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator.</p>",
"refs": {
"AggregateComplianceCountList$member": null
}
},
"AggregateComplianceCountList": {
"base": null,
"refs": {
"GetAggregateConfigRuleComplianceSummaryResponse$AggregateComplianceCounts": "<p>Returns a list of AggregateComplianceCounts object.</p>"
}
},
"AggregateEvaluationResult": {
"base": "<p>The details of an AWS Config evaluation for an account ID and region in an aggregator. Provides the AWS resource that was evaluated, the compliance of the resource, related time stamps, and supplementary information. </p>",
"refs": {
"AggregateEvaluationResultList$member": null
}
},
"AggregateEvaluationResultList": {
"base": null,
"refs": {
"GetAggregateComplianceDetailsByConfigRuleResponse$AggregateEvaluationResults": "<p>Returns an AggregateEvaluationResults object.</p>"
}
},
"AggregateResourceIdentifier": {
"base": "<p>The details that identify a resource that is collected by AWS Config aggregator, including the resource type, ID, (if available) the custom resource name, the source account, and source region.</p>",
"refs": {
"DiscoveredResourceIdentifierList$member": null,
"GetAggregateResourceConfigRequest$ResourceIdentifier": "<p>An object that identifies aggregate resource.</p>",
"ResourceIdentifiersList$member": null,
"UnprocessedResourceIdentifierList$member": null
}
},
"AggregatedSourceStatus": {
"base": "<p>The current sync status between the source and the aggregator account.</p>",
"refs": {
"AggregatedSourceStatusList$member": null
}
},
"AggregatedSourceStatusList": {
"base": null,
"refs": {
"DescribeConfigurationAggregatorSourcesStatusResponse$AggregatedSourceStatusList": "<p>Returns an AggregatedSourceStatus object. </p>"
}
},
"AggregatedSourceStatusType": {
"base": null,
"refs": {
"AggregatedSourceStatus$LastUpdateStatus": "<p>Filters the last updated status type.</p> <ul> <li> <p>Valid value FAILED indicates errors while moving data.</p> </li> <li> <p>Valid value SUCCEEDED indicates the data was successfully moved.</p> </li> <li> <p>Valid value OUTDATED indicates the data is not the most recent.</p> </li> </ul>",
"AggregatedSourceStatusTypeList$member": null
}
},
"AggregatedSourceStatusTypeList": {
"base": null,
"refs": {
"DescribeConfigurationAggregatorSourcesStatusRequest$UpdateStatus": "<p>Filters the status type.</p> <ul> <li> <p>Valid value FAILED indicates errors while moving data.</p> </li> <li> <p>Valid value SUCCEEDED indicates the data was successfully moved.</p> </li> <li> <p>Valid value OUTDATED indicates the data is not the most recent.</p> </li> </ul>"
}
},
"AggregatedSourceType": {
"base": null,
"refs": {
"AggregatedSourceStatus$SourceType": "<p>The source account or an organization.</p>"
}
},
"AggregationAuthorization": {
"base": "<p>An object that represents the authorizations granted to aggregator accounts and regions.</p>",
"refs": {
"AggregationAuthorizationList$member": null,
"PutAggregationAuthorizationResponse$AggregationAuthorization": "<p>Returns an AggregationAuthorization object. </p>"
}
},
"AggregationAuthorizationList": {
"base": null,
"refs": {
"DescribeAggregationAuthorizationsResponse$AggregationAuthorizations": "<p>Returns a list of authorizations granted to various aggregator accounts and regions.</p>"
}
},
"AggregatorRegionList": {
"base": null,
"refs": {
"AccountAggregationSource$AwsRegions": "<p>The source regions being aggregated.</p>",
"OrganizationAggregationSource$AwsRegions": "<p>The source regions being aggregated.</p>"
}
},
"AllSupported": {
"base": null,
"refs": {
"RecordingGroup$allSupported": "<p>Specifies whether AWS Config records configuration changes for every supported type of regional resource.</p> <p>If you set this option to <code>true</code>, when AWS Config adds support for a new type of regional resource, it starts recording resources of that type automatically.</p> <p>If you set this option to <code>true</code>, you cannot enumerate a list of <code>resourceTypes</code>.</p>"
}
},
"AmazonResourceName": {
"base": null,
"refs": {
"ListTagsForResourceRequest$ResourceArn": "<p>The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the supported resources are <code>ConfigRule</code>, <code>ConfigurationAggregator</code> and <code>AggregatorAuthorization</code>.</p>",
"TagResourceRequest$ResourceArn": "<p>The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the supported resources are <code>ConfigRule</code>, <code>ConfigurationAggregator</code> and <code>AggregatorAuthorization</code>.</p>",
"UntagResourceRequest$ResourceArn": "<p>The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the supported resources are <code>ConfigRule</code>, <code>ConfigurationAggregator</code> and <code>AggregatorAuthorization</code>.</p>"
}
},
"Annotation": {
"base": null,
"refs": {
"ConformancePackEvaluationResult$Annotation": "<p>Supplementary information about how the evaluation determined the compliance. </p>"
}
},
"AutoRemediationAttemptSeconds": {
"base": null,
"refs": {
"RemediationConfiguration$RetryAttemptSeconds": "<p>Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds. </p> <p>For example, if you specify RetryAttemptSeconds as 50 seconds and MaximumAutomaticAttempts as 5, AWS Config will run auto-remediations 5 times within 50 seconds before throwing an exception.</p>"
}
},
"AutoRemediationAttempts": {
"base": null,
"refs": {
"RemediationConfiguration$MaximumAutomaticAttempts": "<p>The maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.</p> <p>For example, if you specify MaximumAutomaticAttempts as 5 with RetryAttemptSeconds as 50 seconds, AWS Config will put a RemediationException on your behalf for the failing resource after the 5th failed attempt within 50 seconds.</p>"
}
},
"AvailabilityZone": {
"base": null,
"refs": {
"BaseConfigurationItem$availabilityZone": "<p>The Availability Zone associated with the resource.</p>",
"ConfigurationItem$availabilityZone": "<p>The Availability Zone associated with the resource.</p>"
}
},
"AwsRegion": {
"base": null,
"refs": {
"AggregateComplianceByConfigRule$AwsRegion": "<p>The source region from where the data is aggregated.</p>",
"AggregateEvaluationResult$AwsRegion": "<p>The source region from where the data is aggregated.</p>",
"AggregateResourceIdentifier$SourceRegion": "<p>The source region where data is aggregated.</p>",
"AggregatedSourceStatus$AwsRegion": "<p>The region authorized to collect aggregated data.</p>",
"AggregationAuthorization$AuthorizedAwsRegion": "<p>The region authorized to collect aggregated data.</p>",
"BaseConfigurationItem$awsRegion": "<p>The region where the resource resides.</p>",
"ConfigRuleComplianceFilters$AwsRegion": "<p>The source region where the data is aggregated. </p>",
"ConfigRuleComplianceSummaryFilters$AwsRegion": "<p>The source region where the data is aggregated.</p>",
"ConfigurationItem$awsRegion": "<p>The region where the resource resides.</p>",
"DeleteAggregationAuthorizationRequest$AuthorizedAwsRegion": "<p>The region authorized to collect aggregated data.</p>",
"DeletePendingAggregationRequestRequest$RequesterAwsRegion": "<p>The region requesting to aggregate data.</p>",
"GetAggregateComplianceDetailsByConfigRuleRequest$AwsRegion": "<p>The source region from where the data is aggregated.</p>",
"PendingAggregationRequest$RequesterAwsRegion": "<p>The region requesting to aggregate data. </p>",
"PutAggregationAuthorizationRequest$AuthorizedAwsRegion": "<p>The region authorized to collect aggregated data.</p>",
"ResourceCountFilters$Region": "<p>The region where the account is located.</p>",
"ResourceFilters$Region": "<p>The source region.</p>"
}
},
"BaseConfigurationItem": {
"base": "<p>The detailed configuration of a specified resource.</p>",
"refs": {
"BaseConfigurationItems$member": null
}
},
"BaseConfigurationItems": {
"base": null,
"refs": {
"BatchGetAggregateResourceConfigResponse$BaseConfigurationItems": "<p>A list that contains the current configuration of one or more resources.</p>",
"BatchGetResourceConfigResponse$baseConfigurationItems": "<p>A list that contains the current configuration of one or more resources.</p>"
}
},
"BaseResourceId": {
"base": null,
"refs": {
"ComplianceByResource$ResourceId": "<p>The ID of the AWS resource that was evaluated.</p>",
"DescribeComplianceByResourceRequest$ResourceId": "<p>The ID of the AWS resource for which you want compliance information. You can specify only one resource ID. If you specify a resource ID, you must also specify a type for <code>ResourceType</code>.</p>",
"Evaluation$ComplianceResourceId": "<p>The ID of the AWS resource that was evaluated.</p>",
"EvaluationResultQualifier$ResourceId": "<p>The ID of the evaluated AWS resource.</p>",
"ExternalEvaluation$ComplianceResourceId": null,
"GetComplianceDetailsByResourceRequest$ResourceId": "<p>The ID of the AWS resource for which you want compliance information.</p>",
"Scope$ComplianceResourceId": "<p>The ID of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for <code>ComplianceResourceTypes</code>.</p>"
}
},
"BatchGetAggregateResourceConfigRequest": {
"base": null,
"refs": {
}
},
"BatchGetAggregateResourceConfigResponse": {
"base": null,
"refs": {
}
},
"BatchGetResourceConfigRequest": {
"base": null,
"refs": {
}
},
"BatchGetResourceConfigResponse": {
"base": null,
"refs": {
}
},
"Boolean": {
"base": null,
"refs": {
"AccountAggregationSource$AllAwsRegions": "<p>If true, aggregate existing AWS Config regions and future regions.</p>",
"ComplianceContributorCount$CapExceeded": "<p>Indicates whether the maximum count is reached.</p>",
"ConfigRuleEvaluationStatus$FirstEvaluationStarted": "<p>Indicates whether AWS Config has evaluated your resources against the rule at least once.</p> <ul> <li> <p> <code>true</code> - AWS Config has evaluated your AWS resources against the rule at least once.</p> </li> <li> <p> <code>false</code> - AWS Config has not once finished evaluating your AWS resources against the rule.</p> </li> </ul>",
"ConfigurationRecorderStatus$recording": "<p>Specifies whether or not the recorder is currently recording.</p>",
"ListDiscoveredResourcesRequest$includeDeletedResources": "<p>Specifies whether AWS Config includes deleted resources in the results. By default, deleted resources are not included.</p>",
"OrganizationAggregationSource$AllAwsRegions": "<p>If true, aggregate existing AWS Config regions and future regions.</p>",
"PutEvaluationsRequest$TestMode": "<p>Use this parameter to specify a test run for <code>PutEvaluations</code>. You can verify whether your AWS Lambda function will deliver evaluation results to AWS Config. No updates occur to your existing evaluations, and evaluation results are not sent to AWS Config.</p> <note> <p>When <code>TestMode</code> is <code>true</code>, <code>PutEvaluations</code> doesn't require a valid value for the <code>ResultToken</code> parameter, but the value cannot be null.</p> </note>",
"RemediationConfiguration$Automatic": "<p>The remediation is triggered automatically.</p>"
}
},
"ChannelName": {
"base": null,
"refs": {
"DeleteDeliveryChannelRequest$DeliveryChannelName": "<p>The name of the delivery channel to delete.</p>",
"DeliverConfigSnapshotRequest$deliveryChannelName": "<p>The name of the delivery channel through which the snapshot is delivered.</p>",
"DeliveryChannel$name": "<p>The name of the delivery channel. By default, AWS Config assigns the name \"default\" when creating the delivery channel. To change the delivery channel name, you must use the DeleteDeliveryChannel action to delete your current delivery channel, and then you must use the PutDeliveryChannel command to create a delivery channel that has the desired name.</p>",
"DeliveryChannelNameList$member": null
}
},
"ChronologicalOrder": {
"base": null,
"refs": {
"GetResourceConfigHistoryRequest$chronologicalOrder": "<p>The chronological order for configuration items listed. By default, the results are listed in reverse chronological order.</p>"
}
},
"Compliance": {
"base": "<p>Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.</p>",
"refs": {
"AggregateComplianceByConfigRule$Compliance": "<p>Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.</p>",
"ComplianceByConfigRule$Compliance": "<p>Indicates whether the AWS Config rule is compliant.</p>",
"ComplianceByResource$Compliance": "<p>Indicates whether the AWS resource complies with all of the AWS Config rules that evaluated it.</p>"
}
},
"ComplianceByConfigRule": {
"base": "<p>Indicates whether an AWS Config rule is compliant. A rule is compliant if all of the resources that the rule evaluated comply with it. A rule is noncompliant if any of these resources do not comply.</p>",
"refs": {
"ComplianceByConfigRules$member": null
}
},
"ComplianceByConfigRules": {
"base": null,
"refs": {
"DescribeComplianceByConfigRuleResponse$ComplianceByConfigRules": "<p>Indicates whether each of the specified AWS Config rules is compliant.</p>"
}
},
"ComplianceByResource": {
"base": "<p>Indicates whether an AWS resource that is evaluated according to one or more AWS Config rules is compliant. A resource is compliant if it complies with all of the rules that evaluate it. A resource is noncompliant if it does not comply with one or more of these rules.</p>",
"refs": {
"ComplianceByResources$member": null
}
},
"ComplianceByResources": {
"base": null,
"refs": {
"DescribeComplianceByResourceResponse$ComplianceByResources": "<p>Indicates whether the specified AWS resource complies with all of the AWS Config rules that evaluate it.</p>"
}
},
"ComplianceContributorCount": {
"base": "<p>The number of AWS resources or AWS Config rules responsible for the current compliance of the item, up to a maximum number.</p>",
"refs": {
"Compliance$ComplianceContributorCount": "<p>The number of AWS resources or AWS Config rules that cause a result of <code>NON_COMPLIANT</code>, up to a maximum number.</p>",
"ComplianceSummary$CompliantResourceCount": "<p>The number of AWS Config rules or AWS resources that are compliant, up to a maximum of 25 for rules and 100 for resources.</p>",
"ComplianceSummary$NonCompliantResourceCount": "<p>The number of AWS Config rules or AWS resources that are noncompliant, up to a maximum of 25 for rules and 100 for resources.</p>"
}
},
"ComplianceResourceTypes": {
"base": null,
"refs": {
"Scope$ComplianceResourceTypes": "<p>The resource types of only those AWS resources that you want to trigger an evaluation for the rule. You can only specify one type if you also specify a resource ID for <code>ComplianceResourceId</code>.</p>"
}
},
"ComplianceSummariesByResourceType": {
"base": null,
"refs": {
"GetComplianceSummaryByResourceTypeResponse$ComplianceSummariesByResourceType": "<p>The number of resources that are compliant and the number that are noncompliant. If one or more resource types were provided with the request, the numbers are returned for each resource type. The maximum number returned is 100.</p>"
}
},
"ComplianceSummary": {
"base": "<p>The number of AWS Config rules or AWS resources that are compliant and noncompliant.</p>",
"refs": {
"AggregateComplianceCount$ComplianceSummary": "<p>The number of compliant and noncompliant AWS Config rules.</p>",
"ComplianceSummaryByResourceType$ComplianceSummary": "<p>The number of AWS resources that are compliant or noncompliant, up to a maximum of 100 for each.</p>",
"GetComplianceSummaryByConfigRuleResponse$ComplianceSummary": "<p>The number of AWS Config rules that are compliant and the number that are noncompliant, up to a maximum of 25 for each.</p>"
}
},
"ComplianceSummaryByResourceType": {
"base": "<p>The number of AWS resources of a specific type that are compliant or noncompliant, up to a maximum of 100 for each.</p>",
"refs": {
"ComplianceSummariesByResourceType$member": null
}
},
"ComplianceType": {
"base": null,
"refs": {
"AggregateEvaluationResult$ComplianceType": "<p>The resource compliance status.</p> <p>For the <code>AggregationEvaluationResult</code> data type, AWS Config supports only the <code>COMPLIANT</code> and <code>NON_COMPLIANT</code>. AWS Config does not support the <code>NOT_APPLICABLE</code> and <code>INSUFFICIENT_DATA</code> value.</p>",
"Compliance$ComplianceType": "<p>Indicates whether an AWS resource or AWS Config rule is compliant.</p> <p>A resource is compliant if it complies with all of the AWS Config rules that evaluate it. A resource is noncompliant if it does not comply with one or more of these rules.</p> <p>A rule is compliant if all of the resources that the rule evaluates comply with it. A rule is noncompliant if any of these resources do not comply.</p> <p>AWS Config returns the <code>INSUFFICIENT_DATA</code> value when no evaluation results are available for the AWS resource or AWS Config rule.</p> <p>For the <code>Compliance</code> data type, AWS Config supports only <code>COMPLIANT</code>, <code>NON_COMPLIANT</code>, and <code>INSUFFICIENT_DATA</code> values. AWS Config does not support the <code>NOT_APPLICABLE</code> value for the <code>Compliance</code> data type.</p>",
"ComplianceTypes$member": null,
"ConfigRuleComplianceFilters$ComplianceType": "<p>The rule compliance status.</p> <p>For the <code>ConfigRuleComplianceFilters</code> data type, AWS Config supports only <code>COMPLIANT</code> and <code>NON_COMPLIANT</code>. AWS Config does not support the <code>NOT_APPLICABLE</code> and the <code>INSUFFICIENT_DATA</code> values.</p>",
"Evaluation$ComplianceType": "<p>Indicates whether the AWS resource complies with the AWS Config rule that it was evaluated against.</p> <p>For the <code>Evaluation</code> data type, AWS Config supports only the <code>COMPLIANT</code>, <code>NON_COMPLIANT</code>, and <code>NOT_APPLICABLE</code> values. AWS Config does not support the <code>INSUFFICIENT_DATA</code> value for this data type.</p> <p>Similarly, AWS Config does not accept <code>INSUFFICIENT_DATA</code> as the value for <code>ComplianceType</code> from a <code>PutEvaluations</code> request. For example, an AWS Lambda function for a custom AWS Config rule cannot pass an <code>INSUFFICIENT_DATA</code> value to AWS Config.</p>",
"EvaluationResult$ComplianceType": "<p>Indicates whether the AWS resource complies with the AWS Config rule that evaluated it.</p> <p>For the <code>EvaluationResult</code> data type, AWS Config supports only the <code>COMPLIANT</code>, <code>NON_COMPLIANT</code>, and <code>NOT_APPLICABLE</code> values. AWS Config does not support the <code>INSUFFICIENT_DATA</code> value for the <code>EvaluationResult</code> data type.</p>",
"ExternalEvaluation$ComplianceType": null,
"GetAggregateComplianceDetailsByConfigRuleRequest$ComplianceType": "<p>The resource compliance status.</p> <note> <p>For the <code>GetAggregateComplianceDetailsByConfigRuleRequest</code> data type, AWS Config supports only the <code>COMPLIANT</code> and <code>NON_COMPLIANT</code>. AWS Config does not support the <code>NOT_APPLICABLE</code> and <code>INSUFFICIENT_DATA</code> values.</p> </note>"
}
},
"ComplianceTypes": {
"base": null,
"refs": {
"DescribeComplianceByConfigRuleRequest$ComplianceTypes": "<p>Filters the results by compliance.</p> <p>The allowed values are <code>COMPLIANT</code> and <code>NON_COMPLIANT</code>.</p>",
"DescribeComplianceByResourceRequest$ComplianceTypes": "<p>Filters the results by compliance.</p> <p>The allowed values are <code>COMPLIANT</code>, <code>NON_COMPLIANT</code>, and <code>INSUFFICIENT_DATA</code>.</p>",
"GetComplianceDetailsByConfigRuleRequest$ComplianceTypes": "<p>Filters the results by compliance.</p> <p>The allowed values are <code>COMPLIANT</code>, <code>NON_COMPLIANT</code>, and <code>NOT_APPLICABLE</code>.</p>",
"GetComplianceDetailsByResourceRequest$ComplianceTypes": "<p>Filters the results by compliance.</p> <p>The allowed values are <code>COMPLIANT</code>, <code>NON_COMPLIANT</code>, and <code>NOT_APPLICABLE</code>.</p>"
}
},
"ConfigExportDeliveryInfo": {
"base": "<p>Provides status of the delivery of the snapshot or the configuration history to the specified Amazon S3 bucket. Also provides the status of notifications about the Amazon S3 delivery to the specified Amazon SNS topic.</p>",
"refs": {
"DeliveryChannelStatus$configSnapshotDeliveryInfo": "<p>A list containing the status of the delivery of the snapshot to the specified Amazon S3 bucket.</p>",
"DeliveryChannelStatus$configHistoryDeliveryInfo": "<p>A list that contains the status of the delivery of the configuration history to the specified Amazon S3 bucket.</p>"
}
},
"ConfigRule": {
"base": "<p>An AWS Config rule represents an AWS Lambda function that you create for a custom rule or a predefined function for an AWS managed rule. The function evaluates configuration items to assess whether your AWS resources comply with your desired configurations. This function can run when AWS Config detects a configuration change to an AWS resource and at a periodic frequency that you choose (for example, every 24 hours).</p> <note> <p>You can use the AWS CLI and AWS SDKs if you want to create a rule that triggers evaluations for your resources when AWS Config delivers the configuration snapshot. For more information, see <a>ConfigSnapshotDeliveryProperties</a>.</p> </note> <p>For more information about developing and using AWS Config rules, see <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html\">Evaluating AWS Resource Configurations with AWS Config</a> in the <i>AWS Config Developer Guide</i>.</p>",
"refs": {
"ConfigRules$member": null,
"PutConfigRuleRequest$ConfigRule": "<p>The rule that you want to add to your account.</p>"
}
},
"ConfigRuleComplianceFilters": {
"base": "<p>Filters the compliance results based on account ID, region, compliance type, and rule name.</p>",
"refs": {
"DescribeAggregateComplianceByConfigRulesRequest$Filters": "<p>Filters the results by ConfigRuleComplianceFilters object. </p>"
}
},
"ConfigRuleComplianceSummaryFilters": {
"base": "<p>Filters the results based on the account IDs and regions.</p>",
"refs": {
"GetAggregateConfigRuleComplianceSummaryRequest$Filters": "<p>Filters the results based on the ConfigRuleComplianceSummaryFilters object.</p>"
}
},
"ConfigRuleComplianceSummaryGroupKey": {
"base": null,
"refs": {
"GetAggregateConfigRuleComplianceSummaryRequest$GroupByKey": "<p>Groups the result based on ACCOUNT_ID or AWS_REGION.</p>"
}
},
"ConfigRuleEvaluationStatus": {
"base": "<p>Status information for your AWS managed Config rules. The status includes information such as the last time the rule ran, the last time it failed, and the related error for the last failure.</p> <p>This action does not return status information about custom AWS Config rules.</p>",
"refs": {
"ConfigRuleEvaluationStatusList$member": null
}
},
"ConfigRuleEvaluationStatusList": {
"base": null,
"refs": {
"DescribeConfigRuleEvaluationStatusResponse$ConfigRulesEvaluationStatus": "<p>Status information about your AWS managed Config rules.</p>"
}
},
"ConfigRuleName": {
"base": null,
"refs": {
"AggregateComplianceByConfigRule$ConfigRuleName": "<p>The name of the AWS Config rule.</p>",
"ConfigRule$ConfigRuleName": "<p>The name that you assign to the AWS Config rule. The name is required if you are adding a new rule.</p>",
"ConfigRuleComplianceFilters$ConfigRuleName": "<p>The name of the AWS Config rule.</p>",
"ConfigRuleEvaluationStatus$ConfigRuleName": "<p>The name of the AWS Config rule.</p>",
"ConfigRuleNames$member": null,
"ConformancePackRuleCompliance$ConfigRuleName": "<p>Name of the config rule.</p>",
"DeleteConfigRuleRequest$ConfigRuleName": "<p>The name of the AWS Config rule that you want to delete.</p>",
"DeleteRemediationConfigurationRequest$ConfigRuleName": "<p>The name of the AWS Config rule for which you want to delete remediation configuration.</p>",
"DeleteRemediationExceptionsRequest$ConfigRuleName": "<p>The name of the AWS Config rule for which you want to delete remediation exception configuration.</p>",
"DescribeRemediationExceptionsRequest$ConfigRuleName": "<p>The name of the AWS Config rule.</p>",
"DescribeRemediationExecutionStatusRequest$ConfigRuleName": "<p>A list of AWS Config rule names.</p>",
"EvaluationResultQualifier$ConfigRuleName": "<p>The name of the AWS Config rule that was used in the evaluation.</p>",
"GetAggregateComplianceDetailsByConfigRuleRequest$ConfigRuleName": "<p>The name of the AWS Config rule for which you want compliance information.</p>",
"PutExternalEvaluationRequest$ConfigRuleName": null,
"PutRemediationExceptionsRequest$ConfigRuleName": "<p>The name of the AWS Config rule for which you want to create remediation exception.</p>",
"ReevaluateConfigRuleNames$member": null,
"RemediationConfiguration$ConfigRuleName": "<p>The name of the AWS Config rule.</p>",
"RemediationException$ConfigRuleName": "<p>The name of the AWS Config rule.</p>",
"StartRemediationExecutionRequest$ConfigRuleName": "<p>The list of names of AWS Config rules that you want to run remediation execution for.</p>"
}
},
"ConfigRuleNames": {
"base": null,
"refs": {
"DescribeComplianceByConfigRuleRequest$ConfigRuleNames": "<p>Specify one or more AWS Config rule names to filter the results by rule.</p>",
"DescribeConfigRuleEvaluationStatusRequest$ConfigRuleNames": "<p>The name of the AWS managed Config rules for which you want status information. If you do not specify any names, AWS Config returns status information for all AWS managed Config rules that you use.</p>",
"DescribeConfigRulesRequest$ConfigRuleNames": "<p>The names of the AWS Config rules for which you want details. If you do not specify any names, AWS Config returns details for all your rules.</p>",
"DescribeRemediationConfigurationsRequest$ConfigRuleNames": "<p>A list of AWS Config rule names of remediation configurations for which you want details. </p>"
}
},
"ConfigRuleState": {
"base": null,
"refs": {
"ConfigRule$ConfigRuleState": "<p>Indicates whether the AWS Config rule is active or is currently being deleted by AWS Config. It can also indicate the evaluation status for the AWS Config rule.</p> <p>AWS Config sets the state of the rule to <code>EVALUATING</code> temporarily after you use the <code>StartConfigRulesEvaluation</code> request to evaluate your resources against the AWS Config rule.</p> <p>AWS Config sets the state of the rule to <code>DELETING_RESULTS</code> temporarily after you use the <code>DeleteEvaluationResults</code> request to delete the current evaluation results for the AWS Config rule.</p> <p>AWS Config temporarily sets the state of a rule to <code>DELETING</code> after you use the <code>DeleteConfigRule</code> request to delete the rule. After AWS Config deletes the rule, the rule and all of its evaluations are erased and are no longer available.</p>"
}
},
"ConfigRules": {
"base": null,
"refs": {
"DescribeConfigRulesResponse$ConfigRules": "<p>The details about your AWS Config rules.</p>"
}
},
"ConfigSnapshotDeliveryProperties": {
"base": "<p>Provides options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket in your delivery channel.</p> <p>The frequency for a rule that triggers evaluations for your resources when AWS Config delivers the configuration snapshot is set by one of two values, depending on which is less frequent:</p> <ul> <li> <p>The value for the <code>deliveryFrequency</code> parameter within the delivery channel configuration, which sets how often AWS Config delivers configuration snapshots. This value also sets how often AWS Config invokes evaluations for AWS Config rules.</p> </li> <li> <p>The value for the <code>MaximumExecutionFrequency</code> parameter, which sets the maximum frequency with which AWS Config invokes evaluations for the rule. For more information, see <a>ConfigRule</a>.</p> </li> </ul> <p>If the <code>deliveryFrequency</code> value is less frequent than the <code>MaximumExecutionFrequency</code> value for a rule, AWS Config invokes the rule only as often as the <code>deliveryFrequency</code> value.</p> <ol> <li> <p>For example, you want your rule to run evaluations when AWS Config delivers the configuration snapshot.</p> </li> <li> <p>You specify the <code>MaximumExecutionFrequency</code> value for <code>Six_Hours</code>. </p> </li> <li> <p>You then specify the delivery channel <code>deliveryFrequency</code> value for <code>TwentyFour_Hours</code>.</p> </li> <li> <p>Because the value for <code>deliveryFrequency</code> is less frequent than <code>MaximumExecutionFrequency</code>, AWS Config invokes evaluations for the rule every 24 hours. </p> </li> </ol> <p>You should set the <code>MaximumExecutionFrequency</code> value to be at least as frequent as the <code>deliveryFrequency</code> value. You can view the <code>deliveryFrequency</code> value by using the <code>DescribeDeliveryChannnels</code> action.</p> <p>To update the <code>deliveryFrequency</code> with which AWS Config delivers your configuration snapshots, use the <code>PutDeliveryChannel</code> action.</p>",
"refs": {
"DeliveryChannel$configSnapshotDeliveryProperties": "<p>The options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket.</p>"
}
},
"ConfigStreamDeliveryInfo": {
"base": "<p>A list that contains the status of the delivery of the configuration stream notification to the Amazon SNS topic.</p>",
"refs": {
"DeliveryChannelStatus$configStreamDeliveryInfo": "<p>A list containing the status of the delivery of the configuration stream notification to the specified Amazon SNS topic.</p>"
}
},
"Configuration": {
"base": null,
"refs": {
"BaseConfigurationItem$configuration": "<p>The description of the resource configuration.</p>",
"ConfigurationItem$configuration": "<p>The description of the resource configuration.</p>",
"PutResourceConfigRequest$Configuration": "<p>The configuration object of the resource in valid JSON format. It must match the schema registered with AWS CloudFormation.</p> <note> <p>The configuration JSON must not exceed 64 KB.</p> </note>"
}
},
"ConfigurationAggregator": {
"base": "<p>The details about the configuration aggregator, including information about source accounts, regions, and metadata of the aggregator. </p>",
"refs": {
"ConfigurationAggregatorList$member": null,
"PutConfigurationAggregatorResponse$ConfigurationAggregator": "<p>Returns a ConfigurationAggregator object.</p>"
}
},
"ConfigurationAggregatorArn": {
"base": null,
"refs": {
"ConfigurationAggregator$ConfigurationAggregatorArn": "<p>The Amazon Resource Name (ARN) of the aggregator.</p>"
}
},
"ConfigurationAggregatorList": {
"base": null,
"refs": {
"DescribeConfigurationAggregatorsResponse$ConfigurationAggregators": "<p>Returns a ConfigurationAggregators object.</p>"
}
},
"ConfigurationAggregatorName": {
"base": null,
"refs": {
"BatchGetAggregateResourceConfigRequest$ConfigurationAggregatorName": "<p>The name of the configuration aggregator.</p>",
"ConfigurationAggregator$ConfigurationAggregatorName": "<p>The name of the aggregator.</p>",
"ConfigurationAggregatorNameList$member": null,
"DeleteConfigurationAggregatorRequest$ConfigurationAggregatorName": "<p>The name of the configuration aggregator.</p>",
"DescribeAggregateComplianceByConfigRulesRequest$ConfigurationAggregatorName": "<p>The name of the configuration aggregator.</p>",
"DescribeConfigurationAggregatorSourcesStatusRequest$ConfigurationAggregatorName": "<p>The name of the configuration aggregator.</p>",
"GetAggregateComplianceDetailsByConfigRuleRequest$ConfigurationAggregatorName": "<p>The name of the configuration aggregator.</p>",
"GetAggregateConfigRuleComplianceSummaryRequest$ConfigurationAggregatorName": "<p>The name of the configuration aggregator.</p>",
"GetAggregateDiscoveredResourceCountsRequest$ConfigurationAggregatorName": "<p>The name of the configuration aggregator.</p>",
"GetAggregateResourceConfigRequest$ConfigurationAggregatorName": "<p>The name of the configuration aggregator.</p>",
"ListAggregateDiscoveredResourcesRequest$ConfigurationAggregatorName": "<p>The name of the configuration aggregator. </p>",
"PutConfigurationAggregatorRequest$ConfigurationAggregatorName": "<p>The name of the configuration aggregator.</p>",
"SelectAggregateResourceConfigRequest$ConfigurationAggregatorName": "<p>The name of the configuration aggregator.</p>"
}
},
"ConfigurationAggregatorNameList": {
"base": null,
"refs": {
"DescribeConfigurationAggregatorsRequest$ConfigurationAggregatorNames": "<p>The name of the configuration aggregators.</p>"
}
},
"ConfigurationItem": {
"base": "<p>A list that contains detailed configurations of a specified resource.</p>",
"refs": {
"ConfigurationItemList$member": null,
"GetAggregateResourceConfigResponse$ConfigurationItem": "<p>Returns a <code>ConfigurationItem</code> object.</p>"
}
},
"ConfigurationItemCaptureTime": {
"base": null,
"refs": {
"BaseConfigurationItem$configurationItemCaptureTime": "<p>The time when the configuration recording was initiated.</p>",
"ConfigurationItem$configurationItemCaptureTime": "<p>The time when the configuration recording was initiated.</p>"
}
},
"ConfigurationItemList": {
"base": null,
"refs": {
"GetResourceConfigHistoryResponse$configurationItems": "<p>A list that contains the configuration history of one or more resources.</p>"
}
},
"ConfigurationItemMD5Hash": {
"base": null,
"refs": {
"ConfigurationItem$configurationItemMD5Hash": "<p>Unique MD5 hash that represents the configuration item's state.</p> <p>You can use MD5 hash to compare the states of two or more configuration items that are associated with the same resource.</p>"
}
},
"ConfigurationItemStatus": {
"base": null,
"refs": {
"BaseConfigurationItem$configurationItemStatus": "<p>The configuration item status. The valid values are:</p> <ul> <li> <p>OK – The resource configuration has been updated</p> </li> <li> <p>ResourceDiscovered – The resource was newly discovered</p> </li> <li> <p>ResourceNotRecorded – The resource was discovered but its configuration was not recorded since the recorder excludes the recording of resources of this type</p> </li> <li> <p>ResourceDeleted – The resource was deleted</p> </li> <li> <p>ResourceDeletedNotRecorded – The resource was deleted but its configuration was not recorded since the recorder excludes the recording of resources of this type</p> </li> </ul> <note> <p>The CIs do not incur any cost.</p> </note>",
"ConfigurationItem$configurationItemStatus": "<p>The configuration item status. The valid values are:</p> <ul> <li> <p>OK – The resource configuration has been updated</p> </li> <li> <p>ResourceDiscovered – The resource was newly discovered</p> </li> <li> <p>ResourceNotRecorded – The resource was discovered but its configuration was not recorded since the recorder excludes the recording of resources of this type</p> </li> <li> <p>ResourceDeleted – The resource was deleted</p> </li> <li> <p>ResourceDeletedNotRecorded – The resource was deleted but its configuration was not recorded since the recorder excludes the recording of resources of this type</p> </li> </ul> <note> <p>The CIs do not incur any cost.</p> </note>"
}
},
"ConfigurationRecorder": {
"base": "<p>An object that represents the recording of configuration changes of an AWS resource.</p>",
"refs": {
"ConfigurationRecorderList$member": null,
"PutConfigurationRecorderRequest$ConfigurationRecorder": "<p>The configuration recorder object that records each configuration change made to the resources.</p>"
}
},
"ConfigurationRecorderList": {
"base": null,
"refs": {
"DescribeConfigurationRecordersResponse$ConfigurationRecorders": "<p>A list that contains the descriptions of the specified configuration recorders.</p>"
}
},
"ConfigurationRecorderNameList": {
"base": null,
"refs": {
"DescribeConfigurationRecorderStatusRequest$ConfigurationRecorderNames": "<p>The name(s) of the configuration recorder. If the name is not specified, the action returns the current status of all the configuration recorders associated with the account.</p>",
"DescribeConfigurationRecordersRequest$ConfigurationRecorderNames": "<p>A list of configuration recorder names.</p>"
}
},
"ConfigurationRecorderStatus": {
"base": "<p>The current status of the configuration recorder.</p>",
"refs": {
"ConfigurationRecorderStatusList$member": null
}
},
"ConfigurationRecorderStatusList": {
"base": null,
"refs": {
"DescribeConfigurationRecorderStatusResponse$ConfigurationRecordersStatus": "<p>A list that contains status of the specified recorders.</p>"
}
},
"ConfigurationStateId": {
"base": null,
"refs": {
"BaseConfigurationItem$configurationStateId": "<p>An identifier that indicates the ordering of the configuration items of a resource.</p>",
"ConfigurationItem$configurationStateId": "<p>An identifier that indicates the ordering of the configuration items of a resource.</p>"
}
},
"ConformancePackArn": {
"base": null,
"refs": {
"ConformancePackDetail$ConformancePackArn": "<p>Amazon Resource Name (ARN) of the conformance pack.</p>",
"ConformancePackStatusDetail$ConformancePackArn": "<p>Amazon Resource Name (ARN) of comformance pack.</p>",
"PutConformancePackResponse$ConformancePackArn": "<p>ARN of the conformance pack.</p>"
}
},
"ConformancePackComplianceFilters": {
"base": "<p>Filters the conformance pack by compliance types and AWS Config rule names.</p>",
"refs": {
"DescribeConformancePackComplianceRequest$Filters": "<p>A <code>ConformancePackComplianceFilters</code> object.</p>"
}
},
"ConformancePackComplianceResourceIds": {
"base": null,
"refs": {
"ConformancePackEvaluationFilters$ResourceIds": "<p>Filters the results by resource IDs.</p> <note> <p>This is valid only when you provide resource type. If there is no resource type, you will see an error.</p> </note>"
}
},
"ConformancePackComplianceSummary": {
"base": "<p>Summary includes the name and status of the conformance pack.</p>",
"refs": {
"ConformancePackComplianceSummaryList$member": null
}
},
"ConformancePackComplianceSummaryList": {
"base": null,
"refs": {
"GetConformancePackComplianceSummaryResponse$ConformancePackComplianceSummaryList": "<p>A list of <code>ConformancePackComplianceSummary</code> objects. </p>"
}
},
"ConformancePackComplianceType": {
"base": null,
"refs": {
"ConformancePackComplianceFilters$ComplianceType": "<p>Filters the results by compliance.</p> <p>The allowed values are <code>COMPLIANT</code> and <code>NON_COMPLIANT</code>.</p>",
"ConformancePackComplianceSummary$ConformancePackComplianceStatus": "<p>The status of the conformance pack. The allowed values are COMPLIANT and NON_COMPLIANT. </p>",
"ConformancePackEvaluationFilters$ComplianceType": "<p>Filters the results by compliance.</p> <p>The allowed values are <code>COMPLIANT</code> and <code>NON_COMPLIANT</code>.</p>",
"ConformancePackEvaluationResult$ComplianceType": "<p>The compliance type. The allowed values are <code>COMPLIANT</code> and <code>NON_COMPLIANT</code>. </p>",
"ConformancePackRuleCompliance$ComplianceType": "<p>Compliance of the AWS Config rule</p> <p>The allowed values are <code>COMPLIANT</code> and <code>NON_COMPLIANT</code>.</p>"
}
},
"ConformancePackConfigRuleNames": {
"base": null,
"refs": {
"ConformancePackComplianceFilters$ConfigRuleNames": "<p>Filters the results by AWS Config rule names.</p>",
"ConformancePackEvaluationFilters$ConfigRuleNames": "<p>Filters the results by AWS Config rule names.</p>"
}
},
"ConformancePackDetail": {
"base": "<p>Returns details of a conformance pack. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed in an account and a region.</p>",
"refs": {
"ConformancePackDetailList$member": null
}
},
"ConformancePackDetailList": {
"base": null,
"refs": {
"DescribeConformancePacksResponse$ConformancePackDetails": "<p>Returns a list of <code>ConformancePackDetail</code> objects.</p>"
}
},
"ConformancePackEvaluationFilters": {
"base": "<p>Filters a conformance pack by AWS Config rule names, compliance types, AWS resource types, and resource IDs.</p>",
"refs": {
"GetConformancePackComplianceDetailsRequest$Filters": "<p>A <code>ConformancePackEvaluationFilters</code> object.</p>"
}
},
"ConformancePackEvaluationResult": {
"base": "<p>The details of a conformance pack evaluation. Provides AWS Config rule and AWS resource type that was evaluated, the compliance of the conformance pack, related time stamps, and supplementary information. </p>",
"refs": {
"ConformancePackRuleEvaluationResultsList$member": null
}
},
"ConformancePackId": {
"base": null,
"refs": {
"ConformancePackDetail$ConformancePackId": "<p>ID of the conformance pack.</p>",
"ConformancePackStatusDetail$ConformancePackId": "<p>ID of the conformance pack.</p>"
}
},
"ConformancePackInputParameter": {
"base": "<p>Input parameters in the form of key-value pairs for the conformance pack, both of which you define. Keys can have a maximum character length of 255 characters, and values can have a maximum length of 4096 characters.</p>",
"refs": {
"ConformancePackInputParameters$member": null
}
},
"ConformancePackInputParameters": {
"base": null,
"refs": {
"ConformancePackDetail$ConformancePackInputParameters": "<p>A list of <code>ConformancePackInputParameter</code> objects.</p>",
"OrganizationConformancePack$ConformancePackInputParameters": "<p>A list of <code>ConformancePackInputParameter</code> objects.</p>",
"PutConformancePackRequest$ConformancePackInputParameters": "<p>A list of <code>ConformancePackInputParameter</code> objects.</p>",
"PutOrganizationConformancePackRequest$ConformancePackInputParameters": "<p>A list of <code>ConformancePackInputParameter</code> objects.</p>"
}
},
"ConformancePackName": {
"base": null,
"refs": {
"ConformancePackComplianceSummary$ConformancePackName": "<p>The name of the conformance pack name.</p>",
"ConformancePackDetail$ConformancePackName": "<p>Name of the conformance pack.</p>",
"ConformancePackNamesList$member": null,
"ConformancePackNamesToSummarizeList$member": null,
"ConformancePackStatusDetail$ConformancePackName": "<p>Name of the conformance pack.</p>",
"DeleteConformancePackRequest$ConformancePackName": "<p>Name of the conformance pack you want to delete.</p>",
"DescribeConformancePackComplianceRequest$ConformancePackName": "<p>Name of the conformance pack.</p>",
"DescribeConformancePackComplianceResponse$ConformancePackName": "<p>Name of the conformance pack.</p>",
"GetConformancePackComplianceDetailsRequest$ConformancePackName": "<p>Name of the conformance pack.</p>",
"GetConformancePackComplianceDetailsResponse$ConformancePackName": "<p>Name of the conformance pack.</p>",
"PutConformancePackRequest$ConformancePackName": "<p>Name of the conformance pack you want to create.</p>"
}
},
"ConformancePackNamesList": {
"base": null,
"refs": {
"DescribeConformancePackStatusRequest$ConformancePackNames": "<p>Comma-separated list of conformance pack names.</p>",
"DescribeConformancePacksRequest$ConformancePackNames": "<p>Comma-separated list of conformance pack names for which you want details. If you do not specify any names, AWS Config returns details for all your conformance packs. </p>"
}
},
"ConformancePackNamesToSummarizeList": {
"base": null,
"refs": {
"GetConformancePackComplianceSummaryRequest$ConformancePackNames": "<p>Names of conformance packs.</p>"
}
},
"ConformancePackRuleCompliance": {
"base": "<p>Compliance information of one or more AWS Config rules within a conformance pack. You can filter using AWS Config rule names and compliance types.</p>",
"refs": {
"ConformancePackRuleComplianceList$member": null
}
},
"ConformancePackRuleComplianceList": {
"base": null,
"refs": {
"DescribeConformancePackComplianceResponse$ConformancePackRuleComplianceList": "<p>Returns a list of <code>ConformancePackRuleCompliance</code> objects.</p>"
}
},
"ConformancePackRuleEvaluationResultsList": {
"base": null,
"refs": {
"GetConformancePackComplianceDetailsResponse$ConformancePackRuleEvaluationResults": "<p>Returns a list of <code>ConformancePackEvaluationResult</code> objects.</p>"
}
},
"ConformancePackState": {
"base": null,
"refs": {
"ConformancePackStatusDetail$ConformancePackState": "<p>Indicates deployment status of conformance pack.</p> <p>AWS Config sets the state of the conformance pack to:</p> <ul> <li> <p>CREATE_IN_PROGRESS when a conformance pack creation is in progress for an account.</p> </li> <li> <p>CREATE_COMPLETE when a conformance pack has been successfully created in your account.</p> </li> <li> <p>CREATE_FAILED when a conformance pack creation failed in your account.</p> </li> <li> <p>DELETE_IN_PROGRESS when a conformance pack deletion is in progress. </p> </li> <li> <p>DELETE_FAILED when a conformance pack deletion failed in your account.</p> </li> </ul>"
}
},
"ConformancePackStatusDetail": {
"base": "<p>Status details of a conformance pack.</p>",
"refs": {
"ConformancePackStatusDetailsList$member": null
}
},
"ConformancePackStatusDetailsList": {
"base": null,
"refs": {
"DescribeConformancePackStatusResponse$ConformancePackStatusDetails": "<p>A list of <code>ConformancePackStatusDetail</code> objects.</p>"
}
},
"ConformancePackStatusReason": {
"base": null,
"refs": {
"ConformancePackStatusDetail$ConformancePackStatusReason": "<p>The reason of conformance pack creation failure.</p>"
}
},
"ConformancePackTemplateValidationException": {
"base": "<p>You have specified a template that is not valid or supported.</p>",
"refs": {
}
},
"CosmosPageLimit": {
"base": null,
"refs": {
"DescribeOrganizationConfigRuleStatusesRequest$Limit": "<p>The maximum number of <code>OrganizationConfigRuleStatuses</code> returned on each page. If you do no specify a number, AWS Config uses the default. The default is 100.</p>",
"DescribeOrganizationConfigRulesRequest$Limit": "<p>The maximum number of organization config rules returned on each page. If you do no specify a number, AWS Config uses the default. The default is 100.</p>",
"DescribeOrganizationConformancePackStatusesRequest$Limit": "<p>The maximum number of OrganizationConformancePackStatuses returned on each page. If you do no specify a number, AWS Config uses the default. The default is 100. </p>",
"DescribeOrganizationConformancePacksRequest$Limit": "<p>The maximum number of organization config packs returned on each page. If you do no specify a number, AWS Config uses the default. The default is 100.</p>",
"GetOrganizationConfigRuleDetailedStatusRequest$Limit": "<p>The maximum number of <code>OrganizationConfigRuleDetailedStatus</code> returned on each page. If you do not specify a number, AWS Config uses the default. The default is 100.</p>",
"GetOrganizationConformancePackDetailedStatusRequest$Limit": "<p>The maximum number of <code>OrganizationConformancePackDetailedStatuses</code> returned on each page. If you do not specify a number, AWS Config uses the default. The default is 100. </p>"
}
},
"Date": {
"base": null,
"refs": {
"AggregateEvaluationResult$ResultRecordedTime": "<p>The time when AWS Config recorded the aggregate evaluation result.</p>",
"AggregateEvaluationResult$ConfigRuleInvokedTime": "<p>The time when the AWS Config rule evaluated the AWS resource.</p>",
"AggregatedSourceStatus$LastUpdateTime": "<p>The time of the last update.</p>",
"AggregationAuthorization$CreationTime": "<p>The time stamp when the aggregation authorization was created.</p>",
"ComplianceSummary$ComplianceSummaryTimestamp": "<p>The time that AWS Config created the compliance summary.</p>",
"ConfigExportDeliveryInfo$lastAttemptTime": "<p>The time of the last attempted delivery.</p>",
"ConfigExportDeliveryInfo$lastSuccessfulTime": "<p>The time of the last successful delivery.</p>",
"ConfigExportDeliveryInfo$nextDeliveryTime": "<p>The time that the next delivery occurs.</p>",
"ConfigRuleEvaluationStatus$LastSuccessfulInvocationTime": "<p>The time that AWS Config last successfully invoked the AWS Config rule to evaluate your AWS resources.</p>",
"ConfigRuleEvaluationStatus$LastFailedInvocationTime": "<p>The time that AWS Config last failed to invoke the AWS Config rule to evaluate your AWS resources.</p>",
"ConfigRuleEvaluationStatus$LastSuccessfulEvaluationTime": "<p>The time that AWS Config last successfully evaluated your AWS resources against the rule.</p>",
"ConfigRuleEvaluationStatus$LastFailedEvaluationTime": "<p>The time that AWS Config last failed to evaluate your AWS resources against the rule.</p>",
"ConfigRuleEvaluationStatus$FirstActivatedTime": "<p>The time that you first activated the AWS Config rule.</p>",
"ConfigRuleEvaluationStatus$LastDeactivatedTime": "<p>The time that you last turned off the AWS Config rule.</p>",
"ConfigStreamDeliveryInfo$lastStatusChangeTime": "<p>The time from the last status change.</p>",
"ConfigurationAggregator$CreationTime": "<p>The time stamp when the configuration aggregator was created.</p>",
"ConfigurationAggregator$LastUpdatedTime": "<p>The time of the last update.</p>",
"ConfigurationRecorderStatus$lastStartTime": "<p>The time the recorder was last started.</p>",
"ConfigurationRecorderStatus$lastStopTime": "<p>The time the recorder was last stopped.</p>",
"ConfigurationRecorderStatus$lastStatusChangeTime": "<p>The time when the status was last changed.</p>",
"ConformancePackDetail$LastUpdateRequestedTime": "<p>Last time when conformation pack update was requested. </p>",
"ConformancePackEvaluationResult$ConfigRuleInvokedTime": "<p>The time when AWS Config rule evaluated AWS resource.</p>",
"ConformancePackEvaluationResult$ResultRecordedTime": "<p>The time when AWS Config recorded the evaluation result. </p>",
"ConformancePackStatusDetail$LastUpdateRequestedTime": "<p>Last time when conformation pack creation and update was requested.</p>",
"ConformancePackStatusDetail$LastUpdateCompletedTime": "<p>Last time when conformation pack creation and update was successful.</p>",
"EvaluationResult$ResultRecordedTime": "<p>The time when AWS Config recorded the evaluation result.</p>",
"EvaluationResult$ConfigRuleInvokedTime": "<p>The time when the AWS Config rule evaluated the AWS resource.</p>",
"EvaluationResultIdentifier$OrderingTimestamp": "<p>The time of the event that triggered the evaluation of your AWS resources. The time can indicate when AWS Config delivered a configuration item change notification, or it can indicate when AWS Config delivered the configuration snapshot, depending on which event triggered the evaluation.</p>",
"MemberAccountStatus$LastUpdateTime": "<p>The timestamp of the last status update.</p>",
"OrganizationConfigRule$LastUpdateTime": "<p>The timestamp of the last update.</p>",
"OrganizationConfigRuleStatus$LastUpdateTime": "<p>The timestamp of the last update.</p>",
"OrganizationConformancePack$LastUpdateTime": "<p>Last time when organization conformation pack was updated.</p>",
"OrganizationConformancePackDetailedStatus$LastUpdateTime": "<p>The timestamp of the last status update.</p>",
"OrganizationConformancePackStatus$LastUpdateTime": "<p>The timestamp of the last update.</p>",
"PutRemediationExceptionsRequest$ExpirationTime": "<p>The exception is automatically deleted after the expiration date.</p>",
"RemediationException$ExpirationTime": "<p>The time when the remediation exception will be deleted.</p>",
"RemediationExecutionStatus$InvocationTime": "<p>Start time when the remediation was executed.</p>",
"RemediationExecutionStatus$LastUpdatedTime": "<p>The time when the remediation execution was last updated.</p>",
"RemediationExecutionStep$StartTime": "<p>The time when the step started.</p>",
"RemediationExecutionStep$StopTime": "<p>The time when the step stopped.</p>"
}
},
"DeleteAggregationAuthorizationRequest": {
"base": null,
"refs": {
}
},
"DeleteConfigRuleRequest": {
"base": "<p/>",
"refs": {
}
},
"DeleteConfigurationAggregatorRequest": {
"base": null,
"refs": {
}
},
"DeleteConfigurationRecorderRequest": {
"base": "<p>The request object for the <code>DeleteConfigurationRecorder</code> action.</p>",
"refs": {
}
},
"DeleteConformancePackRequest": {
"base": null,
"refs": {
}
},
"DeleteDeliveryChannelRequest": {
"base": "<p>The input for the <a>DeleteDeliveryChannel</a> action. The action accepts the following data, in JSON format. </p>",
"refs": {
}
},
"DeleteEvaluationResultsRequest": {
"base": "<p/>",
"refs": {
}
},
"DeleteEvaluationResultsResponse": {
"base": "<p>The output when you delete the evaluation results for the specified AWS Config rule.</p>",
"refs": {
}
},
"DeleteOrganizationConfigRuleRequest": {
"base": null,
"refs": {
}
},
"DeleteOrganizationConformancePackRequest": {
"base": null,
"refs": {
}
},
"DeletePendingAggregationRequestRequest": {
"base": null,
"refs": {
}
},
"DeleteRemediationConfigurationRequest": {
"base": null,
"refs": {
}
},
"DeleteRemediationConfigurationResponse": {
"base": null,
"refs": {
}
},
"DeleteRemediationExceptionsRequest": {
"base": null,
"refs": {
}
},
"DeleteRemediationExceptionsResponse": {
"base": null,
"refs": {
}
},
"DeleteResourceConfigRequest": {
"base": null,
"refs": {
}
},
"DeleteRetentionConfigurationRequest": {
"base": null,
"refs": {
}
},
"DeliverConfigSnapshotRequest": {
"base": "<p>The input for the <a>DeliverConfigSnapshot</a> action.</p>",
"refs": {
}
},
"DeliverConfigSnapshotResponse": {
"base": "<p>The output for the <a>DeliverConfigSnapshot</a> action, in JSON format.</p>",
"refs": {
}