2019/09/05 - AWS Config - 3 new 14 updated api methods
Changes AWS Config now includes the option for marking RemediationConfigurations as automatic, removing the need to call the StartRemediationExecution API. Manual control over resource execution rate is also included, and RemediationConfigurations are now ARN addressable. Exceptions to exclude account resources from being remediated can be configured with the new PutRemediationExceptions, DescribeRemediationExceptions, and DeleteRemediationExceptions APIs.
Returns the details of one or more remediation exceptions. A detailed view of a remediation exception for a set of resources that includes an explanation of an exception and the time when the exception will be deleted. When you specify the limit and the next token, you receive a paginated response.
Note
When you specify the limit and the next token, you receive a paginated response.
Limit and next token are not applicable if you request resources in batch. It is only applicable, when you request all resources.
See also: AWS API Documentation
Request Syntax
client.describe_remediation_exceptions(
ConfigRuleName='string',
ResourceKeys=[
{
'ResourceType': 'string',
'ResourceId': 'string'
},
],
Limit=123,
NextToken='string'
)
string
[REQUIRED]
The name of the AWS Config rule.
list
An exception list of resource exception keys to be processed with the current request. AWS Config adds exception for each resource key. For example, AWS Config adds 3 exceptions for 3 resource keys.
(dict) --
The details that identify a resource within AWS Config, including the resource type and resource ID.
ResourceType (string) --
The type of a resource.
ResourceId (string) --
The ID of the resource (for example., sg-xxxxxx).
integer
The maximum number of RemediationExceptionResourceKey returned on each page. The default is 25. If you specify 0, AWS Config uses the default.
string
The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
dict
Response Syntax
{
'RemediationExceptions': [
{
'ConfigRuleName': 'string',
'ResourceType': 'string',
'ResourceId': 'string',
'Message': 'string',
'ExpirationTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
RemediationExceptions (list) --
Returns a list of remediation exception objects.
(dict) --
An object that represents the details about the remediation exception. The details include the rule name, an explanation of an exception, the time when the exception will be deleted, the resource ID, and resource type.
ConfigRuleName (string) --
The name of the AWS Config rule.
ResourceType (string) --
The type of a resource.
ResourceId (string) --
The ID of the resource (for example., sg-xxxxxx).
Message (string) --
An explanation of an remediation exception.
ExpirationTime (datetime) --
The time when the remediation exception will be deleted.
NextToken (string) --
The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
A remediation exception is when a specific resource is no longer considered for auto-remediation. This API adds a new exception or updates an exisiting exception for a specific resource with a specific AWS Config rule.
See also: AWS API Documentation
Request Syntax
client.put_remediation_exceptions(
ConfigRuleName='string',
ResourceKeys=[
{
'ResourceType': 'string',
'ResourceId': 'string'
},
],
Message='string',
ExpirationTime=datetime(2015, 1, 1)
)
string
[REQUIRED]
The name of the AWS Config rule for which you want to create remediation exception.
list
[REQUIRED]
An exception list of resource exception keys to be processed with the current request. AWS Config adds exception for each resource key. For example, AWS Config adds 3 exceptions for 3 resource keys.
(dict) --
The details that identify a resource within AWS Config, including the resource type and resource ID.
ResourceType (string) --
The type of a resource.
ResourceId (string) --
The ID of the resource (for example., sg-xxxxxx).
string
The message contains an explanation of the exception.
datetime
The exception is automatically deleted after the expiration date.
dict
Response Syntax
{
'FailedBatches': [
{
'FailureMessage': 'string',
'FailedItems': [
{
'ConfigRuleName': 'string',
'ResourceType': 'string',
'ResourceId': 'string',
'Message': 'string',
'ExpirationTime': datetime(2015, 1, 1)
},
]
},
]
}
Response Structure
(dict) --
FailedBatches (list) --
Returns a list of failed remediation exceptions batch objects. Each object in the batch consists of a list of failed items and failure messages.
(dict) --
List of each of the failed remediation exceptions with specific reasons.
FailureMessage (string) --
Returns a failure message. For example, the auto-remediation has failed.
FailedItems (list) --
Returns remediation exception resource key object of the failed items.
(dict) --
An object that represents the details about the remediation exception. The details include the rule name, an explanation of an exception, the time when the exception will be deleted, the resource ID, and resource type.
ConfigRuleName (string) --
The name of the AWS Config rule.
ResourceType (string) --
The type of a resource.
ResourceId (string) --
The ID of the resource (for example., sg-xxxxxx).
Message (string) --
An explanation of an remediation exception.
ExpirationTime (datetime) --
The time when the remediation exception will be deleted.
Deletes one or more remediation exceptions mentioned in the resource keys.
See also: AWS API Documentation
Request Syntax
client.delete_remediation_exceptions(
ConfigRuleName='string',
ResourceKeys=[
{
'ResourceType': 'string',
'ResourceId': 'string'
},
]
)
string
[REQUIRED]
The name of the AWS Config rule for which you want to delete remediation exception configuration.
list
[REQUIRED]
An exception list of resource exception keys to be processed with the current request. AWS Config adds exception for each resource key. For example, AWS Config adds 3 exceptions for 3 resource keys.
(dict) --
The details that identify a resource within AWS Config, including the resource type and resource ID.
ResourceType (string) --
The type of a resource.
ResourceId (string) --
The ID of the resource (for example., sg-xxxxxx).
dict
Response Syntax
{
'FailedBatches': [
{
'FailureMessage': 'string',
'FailedItems': [
{
'ResourceType': 'string',
'ResourceId': 'string'
},
]
},
]
}
Response Structure
(dict) --
FailedBatches (list) --
Returns a list of failed delete remediation exceptions batch objects. Each object in the batch consists of a list of failed items and failure messages.
(dict) --
List of each of the failed delete remediation exceptions with specific reasons.
FailureMessage (string) --
Returns a failure message for delete remediation exception. For example, AWS Config creates an exception due to an internal error.
FailedItems (list) --
Returns remediation exception resource key object of the failed items.
(dict) --
The details that identify a resource within AWS Config, including the resource type and resource ID.
ResourceType (string) --
The type of a resource.
ResourceId (string) --
The ID of the resource (for example., sg-xxxxxx).
{'ResourceIdentifiers': {'ResourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}
Response {'BaseConfigurationItems': {'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}},
'UnprocessedResourceIdentifiers': {'ResourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}
Returns the current configuration items for resources that are present in your AWS Config aggregator. The operation also returns a list of resources that are not processed in the current request. If there are no unprocessed resources, the operation returns an empty unprocessedResourceIdentifiers list.
Note
The API does not return results for deleted resources.
The API does not return tags and relationships.
See also: AWS API Documentation
Request Syntax
client.batch_get_aggregate_resource_config(
ConfigurationAggregatorName='string',
ResourceIdentifiers=[
{
'SourceAccountId': 'string',
'SourceRegion': 'string',
'ResourceId': 'string',
'ResourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'ResourceName': 'string'
},
]
)
string
[REQUIRED]
The name of the configuration aggregator.
list
[REQUIRED]
A list of aggregate ResourceIdentifiers objects.
(dict) --
The details that identify a resource that is collected by AWS Config aggregator, including the resource type, ID, (if available) the custom resource name, the source account, and source region.
SourceAccountId (string) -- [REQUIRED]
The 12-digit account ID of the source account.
SourceRegion (string) -- [REQUIRED]
The source region where data is aggregated.
ResourceId (string) -- [REQUIRED]
The ID of the AWS resource.
ResourceType (string) -- [REQUIRED]
The type of the AWS resource.
ResourceName (string) --
The name of the AWS resource.
dict
Response Syntax
{
'BaseConfigurationItems': [
{
'version': 'string',
'accountId': 'string',
'configurationItemCaptureTime': datetime(2015, 1, 1),
'configurationItemStatus': 'OK'|'ResourceDiscovered'|'ResourceNotRecorded'|'ResourceDeleted'|'ResourceDeletedNotRecorded',
'configurationStateId': 'string',
'arn': 'string',
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'resourceId': 'string',
'resourceName': 'string',
'awsRegion': 'string',
'availabilityZone': 'string',
'resourceCreationTime': datetime(2015, 1, 1),
'configuration': 'string',
'supplementaryConfiguration': {
'string': 'string'
}
},
],
'UnprocessedResourceIdentifiers': [
{
'SourceAccountId': 'string',
'SourceRegion': 'string',
'ResourceId': 'string',
'ResourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'ResourceName': 'string'
},
]
}
Response Structure
(dict) --
BaseConfigurationItems (list) --
A list that contains the current configuration of one or more resources.
(dict) --
The detailed configuration of a specified resource.
version (string) --
The version number of the resource configuration.
accountId (string) --
The 12-digit AWS account ID associated with the resource.
configurationItemCaptureTime (datetime) --
The time when the configuration recording was initiated.
configurationItemStatus (string) --
The configuration item status.
configurationStateId (string) --
An identifier that indicates the ordering of the configuration items of a resource.
arn (string) --
The Amazon Resource Name (ARN) of the resource.
resourceType (string) --
The type of AWS resource.
resourceId (string) --
The ID of the resource (for example., sg-xxxxxx).
resourceName (string) --
The custom name of the resource, if available.
awsRegion (string) --
The region where the resource resides.
availabilityZone (string) --
The Availability Zone associated with the resource.
resourceCreationTime (datetime) --
The time stamp when the resource was created.
configuration (string) --
The description of the resource configuration.
supplementaryConfiguration (dict) --
Configuration attributes that AWS Config returns for certain resource types to supplement the information returned for the configuration parameter.
(string) --
(string) --
UnprocessedResourceIdentifiers (list) --
A list of resource identifiers that were not processed with current scope. The list is empty if all the resources are processed.
(dict) --
The details that identify a resource that is collected by AWS Config aggregator, including the resource type, ID, (if available) the custom resource name, the source account, and source region.
SourceAccountId (string) --
The 12-digit account ID of the source account.
SourceRegion (string) --
The source region where data is aggregated.
ResourceId (string) --
The ID of the AWS resource.
ResourceType (string) --
The type of the AWS resource.
ResourceName (string) --
The name of the AWS resource.
{'resourceKeys': {'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}
Response {'baseConfigurationItems': {'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}},
'unprocessedResourceKeys': {'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}
Returns the current configuration for one or more requested resources. The operation also returns a list of resources that are not processed in the current request. If there are no unprocessed resources, the operation returns an empty unprocessedResourceKeys list.
Note
The API does not return results for deleted resources.
The API does not return any tags for the requested resources. This information is filtered out of the supplementaryConfiguration section of the API response.
See also: AWS API Documentation
Request Syntax
client.batch_get_resource_config(
resourceKeys=[
{
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'resourceId': 'string'
},
]
)
list
[REQUIRED]
A list of resource keys to be processed with the current request. Each element in the list consists of the resource type and resource ID.
(dict) --
The details that identify a resource within AWS Config, including the resource type and resource ID.
resourceType (string) -- [REQUIRED]
The resource type.
resourceId (string) -- [REQUIRED]
The ID of the resource (for example., sg-xxxxxx).
dict
Response Syntax
{
'baseConfigurationItems': [
{
'version': 'string',
'accountId': 'string',
'configurationItemCaptureTime': datetime(2015, 1, 1),
'configurationItemStatus': 'OK'|'ResourceDiscovered'|'ResourceNotRecorded'|'ResourceDeleted'|'ResourceDeletedNotRecorded',
'configurationStateId': 'string',
'arn': 'string',
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'resourceId': 'string',
'resourceName': 'string',
'awsRegion': 'string',
'availabilityZone': 'string',
'resourceCreationTime': datetime(2015, 1, 1),
'configuration': 'string',
'supplementaryConfiguration': {
'string': 'string'
}
},
],
'unprocessedResourceKeys': [
{
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'resourceId': 'string'
},
]
}
Response Structure
(dict) --
baseConfigurationItems (list) --
A list that contains the current configuration of one or more resources.
(dict) --
The detailed configuration of a specified resource.
version (string) --
The version number of the resource configuration.
accountId (string) --
The 12-digit AWS account ID associated with the resource.
configurationItemCaptureTime (datetime) --
The time when the configuration recording was initiated.
configurationItemStatus (string) --
The configuration item status.
configurationStateId (string) --
An identifier that indicates the ordering of the configuration items of a resource.
arn (string) --
The Amazon Resource Name (ARN) of the resource.
resourceType (string) --
The type of AWS resource.
resourceId (string) --
The ID of the resource (for example., sg-xxxxxx).
resourceName (string) --
The custom name of the resource, if available.
awsRegion (string) --
The region where the resource resides.
availabilityZone (string) --
The Availability Zone associated with the resource.
resourceCreationTime (datetime) --
The time stamp when the resource was created.
configuration (string) --
The description of the resource configuration.
supplementaryConfiguration (dict) --
Configuration attributes that AWS Config returns for certain resource types to supplement the information returned for the configuration parameter.
(string) --
(string) --
unprocessedResourceKeys (list) --
A list of resource keys that were not processed with the current response. The unprocessesResourceKeys value is in the same form as ResourceKeys, so the value can be directly provided to a subsequent BatchGetResourceConfig operation. If there are no unprocessed resource keys, the response contains an empty unprocessedResourceKeys list.
(dict) --
The details that identify a resource within AWS Config, including the resource type and resource ID.
resourceType (string) --
The resource type.
resourceId (string) --
The ID of the resource (for example., sg-xxxxxx).
{'ConfigurationRecorders': {'recordingGroup': {'resourceTypes': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}}
Returns the details for the specified configuration recorders. If the configuration recorder is not specified, this action returns the details for all configuration recorders associated with the account.
Note
Currently, you can specify only one configuration recorder per region in your account.
See also: AWS API Documentation
Request Syntax
client.describe_configuration_recorders(
ConfigurationRecorderNames=[
'string',
]
)
list
A list of configuration recorder names.
(string) --
dict
Response Syntax
{
'ConfigurationRecorders': [
{
'name': 'string',
'roleARN': 'string',
'recordingGroup': {
'allSupported': True|False,
'includeGlobalResourceTypes': True|False,
'resourceTypes': [
'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
]
}
},
]
}
Response Structure
(dict) --
The output for the DescribeConfigurationRecorders action.
ConfigurationRecorders (list) --
A list that contains the descriptions of the specified configuration recorders.
(dict) --
An object that represents the recording of configuration changes of an AWS resource.
name (string) --
The name of the recorder. By default, AWS Config automatically assigns the name "default" when creating the configuration recorder. You cannot change the assigned name.
roleARN (string) --
Amazon Resource Name (ARN) of the IAM role used to describe the AWS resources associated with the account.
recordingGroup (dict) --
Specifies the types of AWS resources for which AWS Config records configuration changes.
allSupported (boolean) --
Specifies whether AWS Config records configuration changes for every supported type of regional resource.
If you set this option to true , when AWS Config adds support for a new type of regional resource, it starts recording resources of that type automatically.
If you set this option to true , you cannot enumerate a list of resourceTypes .
includeGlobalResourceTypes (boolean) --
Specifies whether AWS Config includes all supported types of global resources (for example, IAM resources) with the resources that it records.
Before you can set this option to true , you must set the allSupported option to true .
If you set this option to true , when AWS Config adds support for a new type of global resource, it starts recording resources of that type automatically.
The configuration details for any global resource are the same in all regions. To prevent duplicate configuration items, you should consider customizing AWS Config in only one region to record global resources.
resourceTypes (list) --
A comma-separated list that specifies the types of AWS resources for which AWS Config records configuration changes (for example, AWS::EC2::Instance or AWS::CloudTrail::Trail ).
Before you can set this option to true , you must set the allSupported option to false .
If you set this option to true , when AWS Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group.
For a list of valid resourceTypes values, see the resourceType Value column in Supported AWS Resource Types.
(string) --
{'RemediationConfigurations': {'Arn': 'string',
'Automatic': 'boolean',
'CreatedByService': 'string',
'ExecutionControls': {'SsmControls': {'ConcurrentExecutionRatePercentage': 'integer',
'ErrorPercentage': 'integer'}},
'MaximumAutomaticAttempts': 'integer',
'RetryAttemptSeconds': 'long'}}
Returns the details of one or more remediation configurations.
See also: AWS API Documentation
Request Syntax
client.describe_remediation_configurations(
ConfigRuleNames=[
'string',
]
)
list
[REQUIRED]
A list of AWS Config rule names of remediation configurations for which you want details.
(string) --
dict
Response Syntax
{
'RemediationConfigurations': [
{
'ConfigRuleName': 'string',
'TargetType': 'SSM_DOCUMENT',
'TargetId': 'string',
'TargetVersion': 'string',
'Parameters': {
'string': {
'ResourceValue': {
'Value': 'RESOURCE_ID'
},
'StaticValue': {
'Values': [
'string',
]
}
}
},
'ResourceType': 'string',
'Automatic': True|False,
'ExecutionControls': {
'SsmControls': {
'ConcurrentExecutionRatePercentage': 123,
'ErrorPercentage': 123
}
},
'MaximumAutomaticAttempts': 123,
'RetryAttemptSeconds': 123,
'Arn': 'string',
'CreatedByService': 'string'
},
]
}
Response Structure
(dict) --
RemediationConfigurations (list) --
Returns a remediation configuration object.
(dict) --
An object that represents the details about the remediation configuration that includes the remediation action, parameters, and data to execute the action.
ConfigRuleName (string) --
The name of the AWS Config rule.
TargetType (string) --
The type of the target. Target executes remediation. For example, SSM document.
TargetId (string) --
Target ID is the name of the public document.
TargetVersion (string) --
Version of the target. For example, version of the SSM document.
Parameters (dict) --
An object of the RemediationParameterValue.
(string) --
(dict) --
The value is either a dynamic (resource) value or a static value. You must select either a dynamic value or a static value.
ResourceValue (dict) --
The value is dynamic and changes at run-time.
Value (string) --
The value is a resource ID.
StaticValue (dict) --
The value is static and does not change at run-time.
Values (list) --
A list of values. For example, the ARN of the assumed role.
(string) --
ResourceType (string) --
The type of a resource.
Automatic (boolean) --
The remediation is triggered automatically.
ExecutionControls (dict) --
An ExecutionControls object.
SsmControls (dict) --
A SsmControls object.
ConcurrentExecutionRatePercentage (integer) --
The maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. You can specify a percentage, such as 10%. The default value is 10.
ErrorPercentage (integer) --
The percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. You can specify a percentage of errors, for example 10%. If you do not specifiy a percentage, the default is 50%. For example, if you set the ErrorPercentage to 40% for 10 non-compliant resources, then SSM stops running the automations when the fifth error is received.
MaximumAutomaticAttempts (integer) --
The maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
For example, if you specify MaximumAutomaticAttempts as 5 with RetryAttemptsSeconds as 50 seconds, AWS Config throws an exception after the 5th failed attempt within 50 seconds.
RetryAttemptSeconds (integer) --
Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
For example, if you specify RetryAttemptsSeconds as 50 seconds and MaximumAutomaticAttempts as 5, AWS Config will run auto-remediations 5 times within 50 seconds before throwing an exception.
Arn (string) --
Amazon Resource Name (ARN) of remediation configuration.
CreatedByService (string) --
Name of the service that owns the service linked rule, if applicable.
{'ResourceKeys': {'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}
Response {'RemediationExecutionStatuses': {'ResourceKey': {'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}}
Provides a detailed view of a Remediation Execution for a set of resources including state, timestamps for when steps for the remediation execution occur, and any error messages for steps that have failed. When you specify the limit and the next token, you receive a paginated response.
See also: AWS API Documentation
Request Syntax
client.describe_remediation_execution_status(
ConfigRuleName='string',
ResourceKeys=[
{
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'resourceId': 'string'
},
],
Limit=123,
NextToken='string'
)
string
[REQUIRED]
A list of AWS Config rule names.
list
A list of resource keys to be processed with the current request. Each element in the list consists of the resource type and resource ID.
(dict) --
The details that identify a resource within AWS Config, including the resource type and resource ID.
resourceType (string) -- [REQUIRED]
The resource type.
resourceId (string) -- [REQUIRED]
The ID of the resource (for example., sg-xxxxxx).
integer
The maximum number of RemediationExecutionStatuses returned on each page. The default is maximum. If you specify 0, AWS Config uses the default.
string
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
dict
Response Syntax
{
'RemediationExecutionStatuses': [
{
'ResourceKey': {
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'resourceId': 'string'
},
'State': 'QUEUED'|'IN_PROGRESS'|'SUCCEEDED'|'FAILED',
'StepDetails': [
{
'Name': 'string',
'State': 'SUCCEEDED'|'PENDING'|'FAILED',
'ErrorMessage': 'string',
'StartTime': datetime(2015, 1, 1),
'StopTime': datetime(2015, 1, 1)
},
],
'InvocationTime': datetime(2015, 1, 1),
'LastUpdatedTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
RemediationExecutionStatuses (list) --
Returns a list of remediation execution statuses objects.
(dict) --
Provides details of the current status of the invoked remediation action for that resource.
ResourceKey (dict) --
The details that identify a resource within AWS Config, including the resource type and resource ID.
resourceType (string) --
The resource type.
resourceId (string) --
The ID of the resource (for example., sg-xxxxxx).
State (string) --
ENUM of the values.
StepDetails (list) --
Details of every step.
(dict) --
Name of the step from the SSM document.
Name (string) --
The details of the step.
State (string) --
The valid status of the step.
ErrorMessage (string) --
An error message if the step was interrupted during execution.
StartTime (datetime) --
The time when the step started.
StopTime (datetime) --
The time when the step stopped.
InvocationTime (datetime) --
Start time when the remediation was executed.
LastUpdatedTime (datetime) --
The time when the remediation execution was last updated.
NextToken (string) --
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
{'Filters': {'ResourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}
Returns the resource counts across accounts and regions that are present in your AWS Config aggregator. You can request the resource counts by providing filters and GroupByKey.
For example, if the input contains accountID 12345678910 and region us-east-1 in filters, the API returns the count of resources in account ID 12345678910 and region us-east-1. If the input contains ACCOUNT_ID as a GroupByKey, the API returns resource counts for all source accounts that are present in your aggregator.
See also: AWS API Documentation
Request Syntax
client.get_aggregate_discovered_resource_counts(
ConfigurationAggregatorName='string',
Filters={
'ResourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'AccountId': 'string',
'Region': 'string'
},
GroupByKey='RESOURCE_TYPE'|'ACCOUNT_ID'|'AWS_REGION',
Limit=123,
NextToken='string'
)
string
[REQUIRED]
The name of the configuration aggregator.
dict
Filters the results based on the ResourceCountFilters object.
ResourceType (string) --
The type of the AWS resource.
AccountId (string) --
The 12-digit ID of the account.
Region (string) --
The region where the account is located.
string
The key to group the resource counts.
integer
The maximum number of GroupedResourceCount objects returned on each page. The default is 1000. You cannot specify a number greater than 1000. If you specify 0, AWS Config uses the default.
string
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
dict
Response Syntax
{
'TotalDiscoveredResources': 123,
'GroupByKey': 'string',
'GroupedResourceCounts': [
{
'GroupName': 'string',
'ResourceCount': 123
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
TotalDiscoveredResources (integer) --
The total number of resources that are present in an aggregator with the filters that you provide.
GroupByKey (string) --
The key passed into the request object. If GroupByKey is not provided, the result will be empty.
GroupedResourceCounts (list) --
Returns a list of GroupedResourceCount objects.
(dict) --
The count of resources that are grouped by the group name.
GroupName (string) --
The name of the group that can be region, account ID, or resource type. For example, region1, region2 if the region was chosen as GroupByKey .
ResourceCount (integer) --
The number of resources in the group.
NextToken (string) --
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
{'ResourceIdentifier': {'ResourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}
Response {'ConfigurationItem': {'relationships': {'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}},
'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}
Returns configuration item that is aggregated for your specific resource in a specific source account and region.
See also: AWS API Documentation
Request Syntax
client.get_aggregate_resource_config(
ConfigurationAggregatorName='string',
ResourceIdentifier={
'SourceAccountId': 'string',
'SourceRegion': 'string',
'ResourceId': 'string',
'ResourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'ResourceName': 'string'
}
)
string
[REQUIRED]
The name of the configuration aggregator.
dict
[REQUIRED]
An object that identifies aggregate resource.
SourceAccountId (string) -- [REQUIRED]
The 12-digit account ID of the source account.
SourceRegion (string) -- [REQUIRED]
The source region where data is aggregated.
ResourceId (string) -- [REQUIRED]
The ID of the AWS resource.
ResourceType (string) -- [REQUIRED]
The type of the AWS resource.
ResourceName (string) --
The name of the AWS resource.
dict
Response Syntax
{
'ConfigurationItem': {
'version': 'string',
'accountId': 'string',
'configurationItemCaptureTime': datetime(2015, 1, 1),
'configurationItemStatus': 'OK'|'ResourceDiscovered'|'ResourceNotRecorded'|'ResourceDeleted'|'ResourceDeletedNotRecorded',
'configurationStateId': 'string',
'configurationItemMD5Hash': 'string',
'arn': 'string',
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'resourceId': 'string',
'resourceName': 'string',
'awsRegion': 'string',
'availabilityZone': 'string',
'resourceCreationTime': datetime(2015, 1, 1),
'tags': {
'string': 'string'
},
'relatedEvents': [
'string',
],
'relationships': [
{
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'resourceId': 'string',
'resourceName': 'string',
'relationshipName': 'string'
},
],
'configuration': 'string',
'supplementaryConfiguration': {
'string': 'string'
}
}
}
Response Structure
(dict) --
ConfigurationItem (dict) --
Returns a ConfigurationItem object.
version (string) --
The version number of the resource configuration.
accountId (string) --
The 12-digit AWS account ID associated with the resource.
configurationItemCaptureTime (datetime) --
The time when the configuration recording was initiated.
configurationItemStatus (string) --
The configuration item status.
configurationStateId (string) --
An identifier that indicates the ordering of the configuration items of a resource.
configurationItemMD5Hash (string) --
Unique MD5 hash that represents the configuration item's state.
You can use MD5 hash to compare the states of two or more configuration items that are associated with the same resource.
arn (string) --
accoun
resourceType (string) --
The type of AWS resource.
resourceId (string) --
The ID of the resource (for example, sg-xxxxxx ).
resourceName (string) --
The custom name of the resource, if available.
awsRegion (string) --
The region where the resource resides.
availabilityZone (string) --
The Availability Zone associated with the resource.
resourceCreationTime (datetime) --
The time stamp when the resource was created.
tags (dict) --
A mapping of key value tags associated with the resource.
(string) --
(string) --
relatedEvents (list) --
A list of CloudTrail event IDs.
A populated field indicates that the current configuration was initiated by the events recorded in the CloudTrail log. For more information about CloudTrail, see What Is AWS CloudTrail.
An empty field indicates that the current configuration was not initiated by any event.
(string) --
relationships (list) --
A list of related AWS resources.
(dict) --
The relationship of the related resource to the main resource.
resourceType (string) --
The resource type of the related resource.
resourceId (string) --
The ID of the related resource (for example, sg-xxxxxx ).
resourceName (string) --
The custom name of the related resource, if available.
relationshipName (string) --
The type of relationship with the related resource.
configuration (string) --
The description of the resource configuration.
supplementaryConfiguration (dict) --
Configuration attributes that AWS Config returns for certain resource types to supplement the information returned for the configuration parameter.
(string) --
(string) --
{'resourceCounts': {'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}
Returns the resource types, the number of each resource type, and the total number of resources that AWS Config is recording in this region for your AWS account.
Example
AWS Config is recording three resource types in the US East (Ohio) Region for your account: 25 EC2 instances, 20 IAM users, and 15 S3 buckets.
You make a call to the GetDiscoveredResourceCounts action and specify that you want all resource types.
AWS Config returns the following:
The resource types (EC2 instances, IAM users, and S3 buckets).
The number of each resource type (25, 20, and 15).
The total number of all resources (60).
The response is paginated. By default, AWS Config lists 100 ResourceCount objects on each page. You can customize this number with the limit parameter. The response includes a nextToken string. To get the next page of results, run the request again and specify the string for the nextToken parameter.
Note
If you make a call to the GetDiscoveredResourceCounts action, you might not immediately receive resource counts in the following situations:
You are a new AWS Config customer.
You just enabled resource recording.
It might take a few minutes for AWS Config to record and count your resources. Wait a few minutes and then retry the GetDiscoveredResourceCounts action.
See also: AWS API Documentation
Request Syntax
client.get_discovered_resource_counts(
resourceTypes=[
'string',
],
limit=123,
nextToken='string'
)
list
The comma-separated list that specifies the resource types that you want AWS Config to return (for example, "AWS::EC2::Instance" , "AWS::IAM::User" ).
If a value for resourceTypes is not specified, AWS Config returns all resource types that AWS Config is recording in the region for your account.
Note
If the configuration recorder is turned off, AWS Config returns an empty list of ResourceCount objects. If the configuration recorder is not recording a specific resource type (for example, S3 buckets), that resource type is not returned in the list of ResourceCount objects.
(string) --
integer
The maximum number of ResourceCount objects returned on each page. The default is 100. You cannot specify a number greater than 100. If you specify 0, AWS Config uses the default.
string
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
dict
Response Syntax
{
'totalDiscoveredResources': 123,
'resourceCounts': [
{
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'count': 123
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
totalDiscoveredResources (integer) --
The total number of resources that AWS Config is recording in the region for your account. If you specify resource types in the request, AWS Config returns only the total number of resources for those resource types.
Example
AWS Config is recording three resource types in the US East (Ohio) Region for your account: 25 EC2 instances, 20 IAM users, and 15 S3 buckets, for a total of 60 resources.
You make a call to the GetDiscoveredResourceCounts action and specify the resource type, "AWS::EC2::Instances" , in the request.
AWS Config returns 25 for totalDiscoveredResources .
resourceCounts (list) --
The list of ResourceCount objects. Each object is listed in descending order by the number of resources.
(dict) --
An object that contains the resource type and the number of resources.
resourceType (string) --
The resource type (for example, "AWS::EC2::Instance" ).
count (integer) --
The number of resources.
nextToken (string) --
The string that you use in a subsequent request to get the next page of results in a paginated response.
{'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}
Response {'configurationItems': {'relationships': {'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}},
'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}
Returns a list of configuration items for the specified resource. The list contains details about each state of the resource during the specified time interval. If you specified a retention period to retain your ConfigurationItems between a minimum of 30 days and a maximum of 7 years (2557 days), AWS Config returns the ConfigurationItems for the specified retention period.
The response is paginated. By default, AWS Config returns a limit of 10 configuration items per page. You can customize this number with the limit parameter. The response includes a nextToken string. To get the next page of results, run the request again and specify the string for the nextToken parameter.
Note
Each call to the API is limited to span a duration of seven days. It is likely that the number of records returned is smaller than the specified limit . In such cases, you can make another call, using the nextToken .
See also: AWS API Documentation
Request Syntax
client.get_resource_config_history(
resourceType='AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
resourceId='string',
laterTime=datetime(2015, 1, 1),
earlierTime=datetime(2015, 1, 1),
chronologicalOrder='Reverse'|'Forward',
limit=123,
nextToken='string'
)
string
[REQUIRED]
The resource type.
string
[REQUIRED]
The ID of the resource (for example., sg-xxxxxx ).
datetime
The time stamp that indicates a later time. If not specified, current time is taken.
datetime
The time stamp that indicates an earlier time. If not specified, the action returns paginated results that contain configuration items that start when the first configuration item was recorded.
string
The chronological order for configuration items listed. By default, the results are listed in reverse chronological order.
integer
The maximum number of configuration items returned on each page. The default is 10. You cannot specify a number greater than 100. If you specify 0, AWS Config uses the default.
string
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
dict
Response Syntax
{
'configurationItems': [
{
'version': 'string',
'accountId': 'string',
'configurationItemCaptureTime': datetime(2015, 1, 1),
'configurationItemStatus': 'OK'|'ResourceDiscovered'|'ResourceNotRecorded'|'ResourceDeleted'|'ResourceDeletedNotRecorded',
'configurationStateId': 'string',
'configurationItemMD5Hash': 'string',
'arn': 'string',
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'resourceId': 'string',
'resourceName': 'string',
'awsRegion': 'string',
'availabilityZone': 'string',
'resourceCreationTime': datetime(2015, 1, 1),
'tags': {
'string': 'string'
},
'relatedEvents': [
'string',
],
'relationships': [
{
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'resourceId': 'string',
'resourceName': 'string',
'relationshipName': 'string'
},
],
'configuration': 'string',
'supplementaryConfiguration': {
'string': 'string'
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
The output for the GetResourceConfigHistory action.
configurationItems (list) --
A list that contains the configuration history of one or more resources.
(dict) --
A list that contains detailed configurations of a specified resource.
version (string) --
The version number of the resource configuration.
accountId (string) --
The 12-digit AWS account ID associated with the resource.
configurationItemCaptureTime (datetime) --
The time when the configuration recording was initiated.
configurationItemStatus (string) --
The configuration item status.
configurationStateId (string) --
An identifier that indicates the ordering of the configuration items of a resource.
configurationItemMD5Hash (string) --
Unique MD5 hash that represents the configuration item's state.
You can use MD5 hash to compare the states of two or more configuration items that are associated with the same resource.
arn (string) --
accoun
resourceType (string) --
The type of AWS resource.
resourceId (string) --
The ID of the resource (for example, sg-xxxxxx ).
resourceName (string) --
The custom name of the resource, if available.
awsRegion (string) --
The region where the resource resides.
availabilityZone (string) --
The Availability Zone associated with the resource.
resourceCreationTime (datetime) --
The time stamp when the resource was created.
tags (dict) --
A mapping of key value tags associated with the resource.
(string) --
(string) --
relatedEvents (list) --
A list of CloudTrail event IDs.
A populated field indicates that the current configuration was initiated by the events recorded in the CloudTrail log. For more information about CloudTrail, see What Is AWS CloudTrail.
An empty field indicates that the current configuration was not initiated by any event.
(string) --
relationships (list) --
A list of related AWS resources.
(dict) --
The relationship of the related resource to the main resource.
resourceType (string) --
The resource type of the related resource.
resourceId (string) --
The ID of the related resource (for example, sg-xxxxxx ).
resourceName (string) --
The custom name of the related resource, if available.
relationshipName (string) --
The type of relationship with the related resource.
configuration (string) --
The description of the resource configuration.
supplementaryConfiguration (dict) --
Configuration attributes that AWS Config returns for certain resource types to supplement the information returned for the configuration parameter.
(string) --
(string) --
nextToken (string) --
The string that you use in a subsequent request to get the next page of results in a paginated response.
{'ResourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}
Response {'ResourceIdentifiers': {'ResourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}
Accepts a resource type and returns a list of resource identifiers that are aggregated for a specific resource type across accounts and regions. A resource identifier includes the resource type, ID, (if available) the custom resource name, source account, and source region. You can narrow the results to include only resources that have specific resource IDs, or a resource name, or source account ID, or source region.
For example, if the input consists of accountID 12345678910 and the region is us-east-1 for resource type AWS::EC2::Instance then the API returns all the EC2 instance identifiers of accountID 12345678910 and region us-east-1.
See also: AWS API Documentation
Request Syntax
client.list_aggregate_discovered_resources(
ConfigurationAggregatorName='string',
ResourceType='AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
Filters={
'AccountId': 'string',
'ResourceId': 'string',
'ResourceName': 'string',
'Region': 'string'
},
Limit=123,
NextToken='string'
)
string
[REQUIRED]
The name of the configuration aggregator.
string
[REQUIRED]
The type of resources that you want AWS Config to list in the response.
dict
Filters the results based on the ResourceFilters object.
AccountId (string) --
The 12-digit source account ID.
ResourceId (string) --
The ID of the resource.
ResourceName (string) --
The name of the resource.
Region (string) --
The source region.
integer
The maximum number of resource identifiers returned on each page. The default is 100. You cannot specify a number greater than 100. If you specify 0, AWS Config uses the default.
string
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
dict
Response Syntax
{
'ResourceIdentifiers': [
{
'SourceAccountId': 'string',
'SourceRegion': 'string',
'ResourceId': 'string',
'ResourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'ResourceName': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ResourceIdentifiers (list) --
Returns a list of ResourceIdentifiers objects.
(dict) --
The details that identify a resource that is collected by AWS Config aggregator, including the resource type, ID, (if available) the custom resource name, the source account, and source region.
SourceAccountId (string) --
The 12-digit account ID of the source account.
SourceRegion (string) --
The source region where data is aggregated.
ResourceId (string) --
The ID of the AWS resource.
ResourceType (string) --
The type of the AWS resource.
ResourceName (string) --
The name of the AWS resource.
NextToken (string) --
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
{'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}
Response {'resourceIdentifiers': {'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}
Accepts a resource type and returns a list of resource identifiers for the resources of that type. A resource identifier includes the resource type, ID, and (if available) the custom resource name. The results consist of resources that AWS Config has discovered, including those that AWS Config is not currently recording. You can narrow the results to include only resources that have specific resource IDs or a resource name.
Note
You can specify either resource IDs or a resource name, but not both, in the same request.
The response is paginated. By default, AWS Config lists 100 resource identifiers on each page. You can customize this number with the limit parameter. The response includes a nextToken string. To get the next page of results, run the request again and specify the string for the nextToken parameter.
See also: AWS API Documentation
Request Syntax
client.list_discovered_resources(
resourceType='AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
resourceIds=[
'string',
],
resourceName='string',
limit=123,
includeDeletedResources=True|False,
nextToken='string'
)
string
[REQUIRED]
The type of resources that you want AWS Config to list in the response.
list
The IDs of only those resources that you want AWS Config to list in the response. If you do not specify this parameter, AWS Config lists all resources of the specified type that it has discovered.
(string) --
string
The custom name of only those resources that you want AWS Config to list in the response. If you do not specify this parameter, AWS Config lists all resources of the specified type that it has discovered.
integer
The maximum number of resource identifiers returned on each page. The default is 100. You cannot specify a number greater than 100. If you specify 0, AWS Config uses the default.
boolean
Specifies whether AWS Config includes deleted resources in the results. By default, deleted resources are not included.
string
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
dict
Response Syntax
{
'resourceIdentifiers': [
{
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'resourceId': 'string',
'resourceName': 'string',
'resourceDeletionTime': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
resourceIdentifiers (list) --
The details that identify a resource that is discovered by AWS Config, including the resource type, ID, and (if available) the custom resource name.
(dict) --
The details that identify a resource that is discovered by AWS Config, including the resource type, ID, and (if available) the custom resource name.
resourceType (string) --
The type of resource.
resourceId (string) --
The ID of the resource (for example, sg-xxxxxx ).
resourceName (string) --
The custom name of the resource (if available).
resourceDeletionTime (datetime) --
The time that the resource was deleted.
nextToken (string) --
The string that you use in a subsequent request to get the next page of results in a paginated response.
{'ConfigurationRecorder': {'recordingGroup': {'resourceTypes': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}}
Creates a new configuration recorder to record the selected resource configurations.
You can use this action to change the role roleARN or the recordingGroup of an existing recorder. To change the role, call the action on the existing configuration recorder and specify a role.
Note
Currently, you can specify only one configuration recorder per region in your account.
If ConfigurationRecorder does not have the recordingGroup parameter specified, the default is to record all supported resource types.
See also: AWS API Documentation
Request Syntax
client.put_configuration_recorder(
ConfigurationRecorder={
'name': 'string',
'roleARN': 'string',
'recordingGroup': {
'allSupported': True|False,
'includeGlobalResourceTypes': True|False,
'resourceTypes': [
'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
]
}
}
)
dict
[REQUIRED]
The configuration recorder object that records each configuration change made to the resources.
name (string) --
The name of the recorder. By default, AWS Config automatically assigns the name "default" when creating the configuration recorder. You cannot change the assigned name.
roleARN (string) --
Amazon Resource Name (ARN) of the IAM role used to describe the AWS resources associated with the account.
recordingGroup (dict) --
Specifies the types of AWS resources for which AWS Config records configuration changes.
allSupported (boolean) --
Specifies whether AWS Config records configuration changes for every supported type of regional resource.
If you set this option to true , when AWS Config adds support for a new type of regional resource, it starts recording resources of that type automatically.
If you set this option to true , you cannot enumerate a list of resourceTypes .
includeGlobalResourceTypes (boolean) --
Specifies whether AWS Config includes all supported types of global resources (for example, IAM resources) with the resources that it records.
Before you can set this option to true , you must set the allSupported option to true .
If you set this option to true , when AWS Config adds support for a new type of global resource, it starts recording resources of that type automatically.
The configuration details for any global resource are the same in all regions. To prevent duplicate configuration items, you should consider customizing AWS Config in only one region to record global resources.
resourceTypes (list) --
A comma-separated list that specifies the types of AWS resources for which AWS Config records configuration changes (for example, AWS::EC2::Instance or AWS::CloudTrail::Trail ).
Before you can set this option to true , you must set the allSupported option to false .
If you set this option to true , when AWS Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group.
For a list of valid resourceTypes values, see the resourceType Value column in Supported AWS Resource Types.
(string) --
None
{'RemediationConfigurations': {'Arn': 'string',
'Automatic': 'boolean',
'CreatedByService': 'string',
'ExecutionControls': {'SsmControls': {'ConcurrentExecutionRatePercentage': 'integer',
'ErrorPercentage': 'integer'}},
'MaximumAutomaticAttempts': 'integer',
'RetryAttemptSeconds': 'long'}}
Response {'FailedBatches': {'FailedItems': {'Arn': 'string',
'Automatic': 'boolean',
'CreatedByService': 'string',
'ExecutionControls': {'SsmControls': {'ConcurrentExecutionRatePercentage': 'integer',
'ErrorPercentage': 'integer'}},
'MaximumAutomaticAttempts': 'integer',
'RetryAttemptSeconds': 'long'}}}
Adds or updates the remediation configuration with a specific AWS Config rule with the selected target or action. The API creates the RemediationConfiguration object for the AWS Config rule. The AWS Config rule must already exist for you to add a remediation configuration. The target (SSM document) must exist and have permissions to use the target.
See also: AWS API Documentation
Request Syntax
client.put_remediation_configurations(
RemediationConfigurations=[
{
'ConfigRuleName': 'string',
'TargetType': 'SSM_DOCUMENT',
'TargetId': 'string',
'TargetVersion': 'string',
'Parameters': {
'string': {
'ResourceValue': {
'Value': 'RESOURCE_ID'
},
'StaticValue': {
'Values': [
'string',
]
}
}
},
'ResourceType': 'string',
'Automatic': True|False,
'ExecutionControls': {
'SsmControls': {
'ConcurrentExecutionRatePercentage': 123,
'ErrorPercentage': 123
}
},
'MaximumAutomaticAttempts': 123,
'RetryAttemptSeconds': 123,
'Arn': 'string',
'CreatedByService': 'string'
},
]
)
list
[REQUIRED]
A list of remediation configuration objects.
(dict) --
An object that represents the details about the remediation configuration that includes the remediation action, parameters, and data to execute the action.
ConfigRuleName (string) -- [REQUIRED]
The name of the AWS Config rule.
TargetType (string) -- [REQUIRED]
The type of the target. Target executes remediation. For example, SSM document.
TargetId (string) -- [REQUIRED]
Target ID is the name of the public document.
TargetVersion (string) --
Version of the target. For example, version of the SSM document.
Parameters (dict) --
An object of the RemediationParameterValue.
(string) --
(dict) --
The value is either a dynamic (resource) value or a static value. You must select either a dynamic value or a static value.
ResourceValue (dict) --
The value is dynamic and changes at run-time.
Value (string) -- [REQUIRED]
The value is a resource ID.
StaticValue (dict) --
The value is static and does not change at run-time.
Values (list) -- [REQUIRED]
A list of values. For example, the ARN of the assumed role.
(string) --
ResourceType (string) --
The type of a resource.
Automatic (boolean) --
The remediation is triggered automatically.
ExecutionControls (dict) --
An ExecutionControls object.
SsmControls (dict) --
A SsmControls object.
ConcurrentExecutionRatePercentage (integer) --
The maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. You can specify a percentage, such as 10%. The default value is 10.
ErrorPercentage (integer) --
The percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. You can specify a percentage of errors, for example 10%. If you do not specifiy a percentage, the default is 50%. For example, if you set the ErrorPercentage to 40% for 10 non-compliant resources, then SSM stops running the automations when the fifth error is received.
MaximumAutomaticAttempts (integer) --
The maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
For example, if you specify MaximumAutomaticAttempts as 5 with RetryAttemptsSeconds as 50 seconds, AWS Config throws an exception after the 5th failed attempt within 50 seconds.
RetryAttemptSeconds (integer) --
Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
For example, if you specify RetryAttemptsSeconds as 50 seconds and MaximumAutomaticAttempts as 5, AWS Config will run auto-remediations 5 times within 50 seconds before throwing an exception.
Arn (string) --
Amazon Resource Name (ARN) of remediation configuration.
CreatedByService (string) --
Name of the service that owns the service linked rule, if applicable.
dict
Response Syntax
{
'FailedBatches': [
{
'FailureMessage': 'string',
'FailedItems': [
{
'ConfigRuleName': 'string',
'TargetType': 'SSM_DOCUMENT',
'TargetId': 'string',
'TargetVersion': 'string',
'Parameters': {
'string': {
'ResourceValue': {
'Value': 'RESOURCE_ID'
},
'StaticValue': {
'Values': [
'string',
]
}
}
},
'ResourceType': 'string',
'Automatic': True|False,
'ExecutionControls': {
'SsmControls': {
'ConcurrentExecutionRatePercentage': 123,
'ErrorPercentage': 123
}
},
'MaximumAutomaticAttempts': 123,
'RetryAttemptSeconds': 123,
'Arn': 'string',
'CreatedByService': 'string'
},
]
},
]
}
Response Structure
(dict) --
FailedBatches (list) --
Returns a list of failed remediation batch objects.
(dict) --
List of each of the failed remediations with specific reasons.
FailureMessage (string) --
Returns a failure message. For example, the resource is already compliant.
FailedItems (list) --
Returns remediation configurations of the failed items.
(dict) --
An object that represents the details about the remediation configuration that includes the remediation action, parameters, and data to execute the action.
ConfigRuleName (string) --
The name of the AWS Config rule.
TargetType (string) --
The type of the target. Target executes remediation. For example, SSM document.
TargetId (string) --
Target ID is the name of the public document.
TargetVersion (string) --
Version of the target. For example, version of the SSM document.
Parameters (dict) --
An object of the RemediationParameterValue.
(string) --
(dict) --
The value is either a dynamic (resource) value or a static value. You must select either a dynamic value or a static value.
ResourceValue (dict) --
The value is dynamic and changes at run-time.
Value (string) --
The value is a resource ID.
StaticValue (dict) --
The value is static and does not change at run-time.
Values (list) --
A list of values. For example, the ARN of the assumed role.
(string) --
ResourceType (string) --
The type of a resource.
Automatic (boolean) --
The remediation is triggered automatically.
ExecutionControls (dict) --
An ExecutionControls object.
SsmControls (dict) --
A SsmControls object.
ConcurrentExecutionRatePercentage (integer) --
The maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. You can specify a percentage, such as 10%. The default value is 10.
ErrorPercentage (integer) --
The percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. You can specify a percentage of errors, for example 10%. If you do not specifiy a percentage, the default is 50%. For example, if you set the ErrorPercentage to 40% for 10 non-compliant resources, then SSM stops running the automations when the fifth error is received.
MaximumAutomaticAttempts (integer) --
The maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
For example, if you specify MaximumAutomaticAttempts as 5 with RetryAttemptsSeconds as 50 seconds, AWS Config throws an exception after the 5th failed attempt within 50 seconds.
RetryAttemptSeconds (integer) --
Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
For example, if you specify RetryAttemptsSeconds as 50 seconds and MaximumAutomaticAttempts as 5, AWS Config will run auto-remediations 5 times within 50 seconds before throwing an exception.
Arn (string) --
Amazon Resource Name (ARN) of remediation configuration.
CreatedByService (string) --
Name of the service that owns the service linked rule, if applicable.
{'ResourceKeys': {'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}
Response {'FailedItems': {'resourceType': {'AWS::ApiGateway::DomainName',
'AWS::ApiGateway::Method',
'AWS::ApiGateway::RestApi',
'AWS::ApiGateway::Stage',
'AWS::ApiGatewayV2::Api',
'AWS::ApiGatewayV2::DomainName',
'AWS::ApiGatewayV2::Stage',
'AWS::EC2::EgressOnlyInternetGateway',
'AWS::EC2::FlowLog',
'AWS::EC2::NatGateway',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::VPCEndpoint',
'AWS::EC2::VPCEndpointService',
'AWS::EC2::VPCPeeringConnection',
'AWS::Lambda::Alias',
'AWS::LicenseManager::LicenseConfiguration',
'AWS::MobileHub::Project',
'AWS::RDS::DBCluster',
'AWS::RDS::DBClusterParameterGroup',
'AWS::RDS::DBClusterSnapshot',
'AWS::RDS::DBOptionGroup',
'AWS::RDS::DBParameterGroup',
'AWS::S3::AccountPublicAccessBlock',
'AWS::ServiceCatalog::CloudFormationProduct',
'AWS::ServiceCatalog::CloudFormationProvisionedProduct',
'AWS::ServiceCatalog::Portfolio'}}}
Runs an on-demand remediation for the specified AWS Config rules against the last known remediation configuration. It runs an execution against the current state of your resources. Remediation execution is asynchronous.
You can specify up to 100 resource keys per request. An existing StartRemediationExecution call for the specified resource keys must complete before you can call the API again.
See also: AWS API Documentation
Request Syntax
client.start_remediation_execution(
ConfigRuleName='string',
ResourceKeys=[
{
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'resourceId': 'string'
},
]
)
string
[REQUIRED]
The list of names of AWS Config rules that you want to run remediation execution for.
list
[REQUIRED]
A list of resource keys to be processed with the current request. Each element in the list consists of the resource type and resource ID.
(dict) --
The details that identify a resource within AWS Config, including the resource type and resource ID.
resourceType (string) -- [REQUIRED]
The resource type.
resourceId (string) -- [REQUIRED]
The ID of the resource (for example., sg-xxxxxx).
dict
Response Syntax
{
'FailureMessage': 'string',
'FailedItems': [
{
'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Host'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway'|'AWS::EC2::RegisteredHAInstance'|'AWS::EC2::NatGateway'|'AWS::EC2::EgressOnlyInternetGateway'|'AWS::EC2::VPCEndpoint'|'AWS::EC2::VPCEndpointService'|'AWS::EC2::FlowLog'|'AWS::EC2::VPCPeeringConnection'|'AWS::IAM::Group'|'AWS::IAM::Policy'|'AWS::IAM::Role'|'AWS::IAM::User'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::ACM::Certificate'|'AWS::RDS::DBInstance'|'AWS::RDS::DBParameterGroup'|'AWS::RDS::DBOptionGroup'|'AWS::RDS::DBSubnetGroup'|'AWS::RDS::DBSecurityGroup'|'AWS::RDS::DBSnapshot'|'AWS::RDS::DBCluster'|'AWS::RDS::DBClusterParameterGroup'|'AWS::RDS::DBClusterSnapshot'|'AWS::RDS::EventSubscription'|'AWS::S3::Bucket'|'AWS::S3::AccountPublicAccessBlock'|'AWS::Redshift::Cluster'|'AWS::Redshift::ClusterSnapshot'|'AWS::Redshift::ClusterParameterGroup'|'AWS::Redshift::ClusterSecurityGroup'|'AWS::Redshift::ClusterSubnetGroup'|'AWS::Redshift::EventSubscription'|'AWS::SSM::ManagedInstanceInventory'|'AWS::CloudWatch::Alarm'|'AWS::CloudFormation::Stack'|'AWS::ElasticLoadBalancing::LoadBalancer'|'AWS::AutoScaling::AutoScalingGroup'|'AWS::AutoScaling::LaunchConfiguration'|'AWS::AutoScaling::ScalingPolicy'|'AWS::AutoScaling::ScheduledAction'|'AWS::DynamoDB::Table'|'AWS::CodeBuild::Project'|'AWS::WAF::RateBasedRule'|'AWS::WAF::Rule'|'AWS::WAF::RuleGroup'|'AWS::WAF::WebACL'|'AWS::WAFRegional::RateBasedRule'|'AWS::WAFRegional::Rule'|'AWS::WAFRegional::RuleGroup'|'AWS::WAFRegional::WebACL'|'AWS::CloudFront::Distribution'|'AWS::CloudFront::StreamingDistribution'|'AWS::Lambda::Alias'|'AWS::Lambda::Function'|'AWS::ElasticBeanstalk::Application'|'AWS::ElasticBeanstalk::ApplicationVersion'|'AWS::ElasticBeanstalk::Environment'|'AWS::MobileHub::Project'|'AWS::XRay::EncryptionConfig'|'AWS::SSM::AssociationCompliance'|'AWS::SSM::PatchCompliance'|'AWS::Shield::Protection'|'AWS::ShieldRegional::Protection'|'AWS::Config::ResourceCompliance'|'AWS::LicenseManager::LicenseConfiguration'|'AWS::ApiGateway::DomainName'|'AWS::ApiGateway::Method'|'AWS::ApiGateway::Stage'|'AWS::ApiGateway::RestApi'|'AWS::ApiGatewayV2::DomainName'|'AWS::ApiGatewayV2::Stage'|'AWS::ApiGatewayV2::Api'|'AWS::CodePipeline::Pipeline'|'AWS::ServiceCatalog::CloudFormationProvisionedProduct'|'AWS::ServiceCatalog::CloudFormationProduct'|'AWS::ServiceCatalog::Portfolio',
'resourceId': 'string'
},
]
}
Response Structure
(dict) --
FailureMessage (string) --
Returns a failure message. For example, the resource is already compliant.
FailedItems (list) --
For resources that have failed to start execution, the API returns a resource key object.
(dict) --
The details that identify a resource within AWS Config, including the resource type and resource ID.
resourceType (string) --
The resource type.
resourceId (string) --
The ID of the resource (for example., sg-xxxxxx).