2024/11/27 - AWS Config - 5 new5 updated api methods
Changes AWS Config adds support for service-linked recorders, a new type of Config recorder managed by AWS services to record specific subsets of resource configuration data and functioning independently from customer managed AWS Config recorders.
Deletes an existing service-linked configuration recorder.
This operation does not delete the configuration information that was previously recorded. You will be able to access the previously recorded information by using the GetResourceConfigHistory operation, but you will not be able to access this information in the Config console until you have created a new service-linked configuration recorder for the same service.
See also: AWS API Documentation
Request Syntax
client.delete_service_linked_configuration_recorder(
ServicePrincipal='string'
)
string
[REQUIRED]
The service principal of the Amazon Web Services service for the service-linked configuration recorder that you want to delete.
dict
Response Syntax
{
'Arn': 'string',
'Name': 'string'
}
Response Structure
(dict) --
Arn (string) --
The Amazon Resource Name (ARN) of the specified configuration recorder.
Name (string) --
The name of the specified configuration recorder.
Creates a service-linked configuration recorder that is linked to a specific Amazon Web Services service based on the ServicePrincipal you specify.
The configuration recorder's name, recordingGroup, recordingMode, and recordingScope is set by the service that is linked to the configuration recorder.
For more information, see **Working with the Configuration Recorder** in the Config Developer Guide.
This API creates a service-linked role AWSServiceRoleForConfig in your account. The service-linked role is created only when the role does not exist in your account.
See also: AWS API Documentation
Request Syntax
client.put_service_linked_configuration_recorder(
ServicePrincipal='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
string
[REQUIRED]
The service principal of the Amazon Web Services service for the service-linked configuration recorder that you want to create.
list
The tags for a service-linked configuration recorder. Each tag consists of a key and an optional value, both of which you define.
(dict) --
The tags for the resource. The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Key (string) --
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
Value (string) --
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
dict
Response Syntax
{
'Arn': 'string',
'Name': 'string'
}
Response Structure
(dict) --
Arn (string) --
The Amazon Resource Name (ARN) of the specified configuration recorder.
Name (string) --
The name of the specified configuration recorder.
For service-linked configuration recorders, Config automatically assigns a name that has the prefix " AWS" to the new service-linked configuration recorder.
Returns a list of configuration recorders depending on the filters you specify.
See also: AWS API Documentation
Request Syntax
client.list_configuration_recorders(
Filters=[
{
'filterName': 'recordingScope',
'filterValue': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
list
Filters the results based on a list of ConfigurationRecorderFilter objects that you specify.
(dict) --
Filters configuration recorders by recording scope.
filterName (string) --
The name of the type of filter. Currently, only recordingScope is supported.
filterValue (list) --
The value of the filter. For recordingScope, valid values include: INTERNAL and PAID.
INTERNAL indicates that the ConfigurationItems in scope for the configuration recorder are recorded for free.
PAID indicates that the ConfigurationItems in scope for the configuration recorder impact the costs to your bill.
(string) --
integer
The maximum number of results to include in the response.
string
The NextToken string returned on a previous page that you use to get the next page of results in a paginated response.
dict
Response Syntax
{
'ConfigurationRecorderSummaries': [
{
'arn': 'string',
'name': 'string',
'servicePrincipal': 'string',
'recordingScope': 'INTERNAL'|'PAID'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ConfigurationRecorderSummaries (list) --
A list of ConfigurationRecorderSummary objects that includes.
(dict) --
A summary of a configuration recorder, including the arn, name, servicePrincipal, and recordingScope.
arn (string) --
The Amazon Resource Name (ARN) of the configuration recorder.
name (string) --
The name of the configuration recorder.
servicePrincipal (string) --
For service-linked configuration recorders, indicates which Amazon Web Services service the configuration recorder is linked to.
recordingScope (string) --
Indicates whether the ConfigurationItems in scope for the configuration recorder are recorded for free ( INTERNAL) or if you are charged a service fee for recording ( PAID).
NextToken (string) --
The NextToken string returned on a previous page that you use to get the next page of results in a paginated response.
{'ConfigurationAggregators': {'AggregatorFilters': {'ResourceType': {'Type': 'INCLUDE',
'Value': ['string']},
'ServicePrincipal': {'Type': 'INCLUDE',
'Value': ['string']}}}}
Returns the details of one or more configuration aggregators. If the configuration aggregator is not specified, this operation returns the details for all the configuration aggregators associated with the account.
See also: AWS API Documentation
Request Syntax
client.describe_configuration_aggregators(
ConfigurationAggregatorNames=[
'string',
],
NextToken='string',
Limit=123
)
list
The name of the configuration aggregators.
(string) --
string
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
integer
The maximum number of configuration aggregators returned on each page. The default is maximum. If you specify 0, Config uses the default.
dict
Response Syntax
{
'ConfigurationAggregators': [
{
'ConfigurationAggregatorName': 'string',
'ConfigurationAggregatorArn': 'string',
'AccountAggregationSources': [
{
'AccountIds': [
'string',
],
'AllAwsRegions': True|False,
'AwsRegions': [
'string',
]
},
],
'OrganizationAggregationSource': {
'RoleArn': 'string',
'AwsRegions': [
'string',
],
'AllAwsRegions': True|False
},
'CreationTime': datetime(2015, 1, 1),
'LastUpdatedTime': datetime(2015, 1, 1),
'CreatedBy': 'string',
'AggregatorFilters': {
'ResourceType': {
'Type': 'INCLUDE',
'Value': [
'string',
]
},
'ServicePrincipal': {
'Type': 'INCLUDE',
'Value': [
'string',
]
}
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ConfigurationAggregators (list) --
Returns a ConfigurationAggregators object.
(dict) --
The details about the configuration aggregator, including information about source accounts, regions, and metadata of the aggregator.
ConfigurationAggregatorName (string) --
The name of the aggregator.
ConfigurationAggregatorArn (string) --
The Amazon Resource Name (ARN) of the aggregator.
AccountAggregationSources (list) --
Provides a list of source accounts and regions to be aggregated.
(dict) --
A collection of accounts and regions.
AccountIds (list) --
The 12-digit account ID of the account being aggregated.
(string) --
AllAwsRegions (boolean) --
If true, aggregate existing Config regions and future regions.
AwsRegions (list) --
The source regions being aggregated.
(string) --
OrganizationAggregationSource (dict) --
Provides an organization and list of regions to be aggregated.
RoleArn (string) --
ARN of the IAM role used to retrieve Amazon Web Services Organization details associated with the aggregator account.
AwsRegions (list) --
The source regions being aggregated.
(string) --
AllAwsRegions (boolean) --
If true, aggregate existing Config regions and future regions.
CreationTime (datetime) --
The time stamp when the configuration aggregator was created.
LastUpdatedTime (datetime) --
The time of the last update.
CreatedBy (string) --
Amazon Web Services service that created the configuration aggregator.
AggregatorFilters (dict) --
An object to filter the data you specify for an aggregator.
ResourceType (dict) --
An object to filter the configuration recorders based on the resource types in scope for recording.
Type (string) --
The type of resource type filter to apply. INCLUDE specifies that the list of resource types in the Value field will be aggregated and no other resource types will be filtered.
Value (list) --
Comma-separate list of resource types to filter your aggregated configuration recorders.
(string) --
ServicePrincipal (dict) --
An object to filter service-linked configuration recorders in an aggregator based on the linked Amazon Web Services service.
Type (string) --
The type of service principal filter to apply. INCLUDE specifies that the list of service principals in the Value field will be aggregated and no other service principals will be filtered.
Value (list) --
Comma-separated list of service principals for the linked Amazon Web Services services to filter your aggregated service-linked configuration recorders.
(string) --
NextToken (string) --
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
{'Arn': 'string', 'ServicePrincipal': 'string'}
Response {'ConfigurationRecordersStatus': {'arn': 'string',
'lastStatus': {'NotApplicable'},
'servicePrincipal': 'string'}}
Returns the current status of the configuration recorder you specify as well as the status of the last recording event for the configuration recorders.
For a detailed status of recording events over time, add your Config events to Amazon CloudWatch metrics and use CloudWatch metrics.
If a configuration recorder is not specified, this operation returns the status for the customer managed configuration recorder configured for the account, if applicable.
See also: AWS API Documentation
Request Syntax
client.describe_configuration_recorder_status(
ConfigurationRecorderNames=[
'string',
],
ServicePrincipal='string',
Arn='string'
)
list
The name of the configuration recorder. If the name is not specified, the opertation returns the status for the customer managed configuration recorder configured for the account, if applicable.
(string) --
string
For service-linked configuration recorders, you can use the service principal of the linked Amazon Web Services service to specify the configuration recorder.
string
The Amazon Resource Name (ARN) of the configuration recorder that you want to specify.
dict
Response Syntax
{
'ConfigurationRecordersStatus': [
{
'arn': 'string',
'name': 'string',
'lastStartTime': datetime(2015, 1, 1),
'lastStopTime': datetime(2015, 1, 1),
'recording': True|False,
'lastStatus': 'Pending'|'Success'|'Failure'|'NotApplicable',
'lastErrorCode': 'string',
'lastErrorMessage': 'string',
'lastStatusChangeTime': datetime(2015, 1, 1),
'servicePrincipal': 'string'
},
]
}
Response Structure
(dict) --
The output for the DescribeConfigurationRecorderStatus action, in JSON format.
ConfigurationRecordersStatus (list) --
A list that contains status of the specified recorders.
(dict) --
The current status of the configuration recorder.
For a detailed status of recording events over time, add your Config events to CloudWatch metrics and use CloudWatch metrics.
arn (string) --
The Amazon Resource Name (ARN) of the configuration recorder.
name (string) --
The name of the configuration recorder.
lastStartTime (datetime) --
The time the recorder was last started.
lastStopTime (datetime) --
The time the recorder was last stopped.
recording (boolean) --
Specifies whether or not the recorder is currently recording.
lastStatus (string) --
The status of the latest recording event processed by the recorder.
lastErrorCode (string) --
The latest error code from when the recorder last failed.
lastErrorMessage (string) --
The latest error message from when the recorder last failed.
lastStatusChangeTime (datetime) --
The time of the latest change in status of an recording event processed by the recorder.
servicePrincipal (string) --
For service-linked configuration recorders, the service principal of the linked Amazon Web Services service.
{'Arn': 'string', 'ServicePrincipal': 'string'}
Response {'ConfigurationRecorders': {'arn': 'string',
'recordingScope': 'INTERNAL | PAID',
'servicePrincipal': 'string'}}
{'AggregatorFilters': {'ResourceType': {'Type': 'INCLUDE', 'Value': ['string']},
'ServicePrincipal': {'Type': 'INCLUDE',
'Value': ['string']}}}
Response {'ConfigurationAggregator': {'AggregatorFilters': {'ResourceType': {'Type': 'INCLUDE',
'Value': ['string']},
'ServicePrincipal': {'Type': 'INCLUDE',
'Value': ['string']}}}}
Creates and updates the configuration aggregator with the selected source accounts and regions. The source account can be individual account(s) or an organization.
accountIds that are passed will be replaced with existing accounts. If you want to add additional accounts into the aggregator, call DescribeConfigurationAggregators to get the previous accounts and then append new ones.
See also: AWS API Documentation
Request Syntax
client.put_configuration_aggregator(
ConfigurationAggregatorName='string',
AccountAggregationSources=[
{
'AccountIds': [
'string',
],
'AllAwsRegions': True|False,
'AwsRegions': [
'string',
]
},
],
OrganizationAggregationSource={
'RoleArn': 'string',
'AwsRegions': [
'string',
],
'AllAwsRegions': True|False
},
Tags=[
{
'Key': 'string',
'Value': 'string'
},
],
AggregatorFilters={
'ResourceType': {
'Type': 'INCLUDE',
'Value': [
'string',
]
},
'ServicePrincipal': {
'Type': 'INCLUDE',
'Value': [
'string',
]
}
}
)
string
[REQUIRED]
The name of the configuration aggregator.
list
A list of AccountAggregationSource object.
(dict) --
A collection of accounts and regions.
AccountIds (list) -- [REQUIRED]
The 12-digit account ID of the account being aggregated.
(string) --
AllAwsRegions (boolean) --
If true, aggregate existing Config regions and future regions.
AwsRegions (list) --
The source regions being aggregated.
(string) --
dict
An OrganizationAggregationSource object.
RoleArn (string) -- [REQUIRED]
ARN of the IAM role used to retrieve Amazon Web Services Organization details associated with the aggregator account.
AwsRegions (list) --
The source regions being aggregated.
(string) --
AllAwsRegions (boolean) --
If true, aggregate existing Config regions and future regions.
list
An array of tag object.
(dict) --
The tags for the resource. The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Key (string) --
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
Value (string) --
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
dict
An object to filter configuration recorders in an aggregator. Either ResourceType or ServicePrincipal is required.
ResourceType (dict) --
An object to filter the configuration recorders based on the resource types in scope for recording.
Type (string) --
The type of resource type filter to apply. INCLUDE specifies that the list of resource types in the Value field will be aggregated and no other resource types will be filtered.
Value (list) --
Comma-separate list of resource types to filter your aggregated configuration recorders.
(string) --
ServicePrincipal (dict) --
An object to filter service-linked configuration recorders in an aggregator based on the linked Amazon Web Services service.
Type (string) --
The type of service principal filter to apply. INCLUDE specifies that the list of service principals in the Value field will be aggregated and no other service principals will be filtered.
Value (list) --
Comma-separated list of service principals for the linked Amazon Web Services services to filter your aggregated service-linked configuration recorders.
(string) --
dict
Response Syntax
{
'ConfigurationAggregator': {
'ConfigurationAggregatorName': 'string',
'ConfigurationAggregatorArn': 'string',
'AccountAggregationSources': [
{
'AccountIds': [
'string',
],
'AllAwsRegions': True|False,
'AwsRegions': [
'string',
]
},
],
'OrganizationAggregationSource': {
'RoleArn': 'string',
'AwsRegions': [
'string',
],
'AllAwsRegions': True|False
},
'CreationTime': datetime(2015, 1, 1),
'LastUpdatedTime': datetime(2015, 1, 1),
'CreatedBy': 'string',
'AggregatorFilters': {
'ResourceType': {
'Type': 'INCLUDE',
'Value': [
'string',
]
},
'ServicePrincipal': {
'Type': 'INCLUDE',
'Value': [
'string',
]
}
}
}
}
Response Structure
(dict) --
ConfigurationAggregator (dict) --
Returns a ConfigurationAggregator object.
ConfigurationAggregatorName (string) --
The name of the aggregator.
ConfigurationAggregatorArn (string) --
The Amazon Resource Name (ARN) of the aggregator.
AccountAggregationSources (list) --
Provides a list of source accounts and regions to be aggregated.
(dict) --
A collection of accounts and regions.
AccountIds (list) --
The 12-digit account ID of the account being aggregated.
(string) --
AllAwsRegions (boolean) --
If true, aggregate existing Config regions and future regions.
AwsRegions (list) --
The source regions being aggregated.
(string) --
OrganizationAggregationSource (dict) --
Provides an organization and list of regions to be aggregated.
RoleArn (string) --
ARN of the IAM role used to retrieve Amazon Web Services Organization details associated with the aggregator account.
AwsRegions (list) --
The source regions being aggregated.
(string) --
AllAwsRegions (boolean) --
If true, aggregate existing Config regions and future regions.
CreationTime (datetime) --
The time stamp when the configuration aggregator was created.
LastUpdatedTime (datetime) --
The time of the last update.
CreatedBy (string) --
Amazon Web Services service that created the configuration aggregator.
AggregatorFilters (dict) --
An object to filter the data you specify for an aggregator.
ResourceType (dict) --
An object to filter the configuration recorders based on the resource types in scope for recording.
Type (string) --
The type of resource type filter to apply. INCLUDE specifies that the list of resource types in the Value field will be aggregated and no other resource types will be filtered.
Value (list) --
Comma-separate list of resource types to filter your aggregated configuration recorders.
(string) --
ServicePrincipal (dict) --
An object to filter service-linked configuration recorders in an aggregator based on the linked Amazon Web Services service.
Type (string) --
The type of service principal filter to apply. INCLUDE specifies that the list of service principals in the Value field will be aggregated and no other service principals will be filtered.
Value (list) --
Comma-separated list of service principals for the linked Amazon Web Services services to filter your aggregated service-linked configuration recorders.
(string) --
{'ConfigurationRecorder': {'arn': 'string',
'recordingScope': 'INTERNAL | PAID',
'servicePrincipal': 'string'},
'Tags': [{'Key': 'string', 'Value': 'string'}]}