2019/11/19 - AWS Config - 12 new api methods
Changes Update config client to latest version
See also: AWS API Documentation
Request Syntax
client.get_conformance_pack_compliance_summary(
ConformancePackNames=[
'string',
],
Limit=123,
NextToken='string'
)
list
[REQUIRED]
(string) --
integer
string
dict
Response Syntax
{
'ConformancePackComplianceSummaryList': [
{
'ConformancePackName': 'string',
'ConformancePackComplianceStatus': 'COMPLIANT'|'NON_COMPLIANT'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ConformancePackComplianceSummaryList (list) --
(dict) --
ConformancePackName (string) --
ConformancePackComplianceStatus (string) --
NextToken (string) --
Returns compliance details of a conformance pack for all AWS resources that are monitered by conformance pack.
See also: AWS API Documentation
Request Syntax
client.get_conformance_pack_compliance_details(
ConformancePackName='string',
Filters={
'ConfigRuleNames': [
'string',
],
'ComplianceType': 'COMPLIANT'|'NON_COMPLIANT',
'ResourceType': 'string',
'ResourceIds': [
'string',
]
},
Limit=123,
NextToken='string'
)
string
[REQUIRED]
Name of the conformance pack.
dict
A ConformancePackEvaluationFilters object.
ConfigRuleNames (list) --
Filters the results by AWS Config rule names.
(string) --
ComplianceType (string) --
Filters the results by compliance.
The allowed values are COMPLIANT and NON_COMPLIANT.
ResourceType (string) --
Filters the results by the resource type (for example, "AWS::EC2::Instance").
ResourceIds (list) --
Filters the results by resource IDs.
(string) --
integer
The maximum number of evaluation results returned on each page. If you do no specify a number, AWS Config uses the default. The default is 100.
string
The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
dict
Response Syntax
{
'ConformancePackName': 'string',
'ConformancePackRuleEvaluationResults': [
{
'ComplianceType': 'COMPLIANT'|'NON_COMPLIANT',
'EvaluationResultIdentifier': {
'EvaluationResultQualifier': {
'ConfigRuleName': 'string',
'ResourceType': 'string',
'ResourceId': 'string'
},
'OrderingTimestamp': datetime(2015, 1, 1)
},
'ConfigRuleInvokedTime': datetime(2015, 1, 1),
'ResultRecordedTime': datetime(2015, 1, 1),
'Annotation': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ConformancePackName (string) --
Name of the conformance pack.
ConformancePackRuleEvaluationResults (list) --
Returns a list of ConformancePackEvaluationResult objects.
(dict) --
The details of a conformance pack evaluation. Provides AWS Config rule and AWS resource type that was evaluated, the compliance of the conformance pack, related time stamps, and supplementary information.
ComplianceType (string) --
Filters the results by compliance.
The allowed values are COMPLIANT and NON_COMPLIANT.
EvaluationResultIdentifier (dict) --
Uniquely identifies an evaluation result.
EvaluationResultQualifier (dict) --
Identifies an AWS Config rule used to evaluate an AWS resource, and provides the type and ID of the evaluated resource.
ConfigRuleName (string) --
The name of the AWS Config rule that was used in the evaluation.
ResourceType (string) --
The type of AWS resource that was evaluated.
ResourceId (string) --
The ID of the evaluated AWS resource.
OrderingTimestamp (datetime) --
The time of the event that triggered the evaluation of your AWS resources. The time can indicate when AWS Config delivered a configuration item change notification, or it can indicate when AWS Config delivered the configuration snapshot, depending on which event triggered the evaluation.
ConfigRuleInvokedTime (datetime) --
The time when AWS Config rule evaluated AWS resource.
ResultRecordedTime (datetime) --
The time when AWS Config recorded the evaluation result.
Annotation (string) --
Supplementary information about how the evaluation determined the compliance.
NextToken (string) --
The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
Provides organization conformance pack deployment status for an organization.
See also: AWS API Documentation
Request Syntax
client.describe_organization_conformance_pack_statuses(
OrganizationConformancePackNames=[
'string',
],
Limit=123,
NextToken='string'
)
list
The names of organization conformance packs for which you want status details. If you do not specify any names, AWS Config returns details for all your organization conformance packs.
(string) --
integer
The maximum number of OrganizationConformancePackStatuses returned on each page. If you do no specify a number, AWS Config uses the default. The default is 100.
string
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
dict
Response Syntax
{
'OrganizationConformancePackStatuses': [
{
'OrganizationConformancePackName': 'string',
'Status': 'CREATE_SUCCESSFUL'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_SUCCESSFUL'|'DELETE_FAILED'|'DELETE_IN_PROGRESS'|'UPDATE_SUCCESSFUL'|'UPDATE_IN_PROGRESS'|'UPDATE_FAILED',
'ErrorCode': 'string',
'ErrorMessage': 'string',
'LastUpdateTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
OrganizationConformancePackStatuses (list) --
A list of OrganizationConformancePackStatus objects.
(dict) --
Returns the status for an organization conformance pack in an organization.
OrganizationConformancePackName (string) --
The name that you assign to organization conformance pack.
Status (string) --
Indicates deployment status of an organization conformance pack. When master account calls PutOrganizationConformancePack for the first time, conformance pack status is created in all the member accounts. When master account calls PutOrganizationConformancePack for the second time, conformance pack status is updated in all the member accounts. Additionally, conformance pack status is updated when one or more member accounts join or leave an organization. Conformance pack status is deleted when the master account deletes OrganizationConformancePack in all the member accounts and disables service access for config-multiaccountsetup.amazonaws.com.
AWS Config sets the state of the conformance pack to:
CREATE_SUCCESSFUL when an organization conformance pack has been successfully created in all the member accounts.
CREATE_IN_PROGRESS when an organization conformance pack creation is in progress.
CREATE_FAILED when an organization conformance pack creation failed in one or more member accounts within that organization.
DELETE_FAILED when an organization conformance pack deletion failed in one or more member accounts within that organization.
DELETE_IN_PROGRESS when an organization conformance pack deletion is in progress.
DELETE_SUCCESSFUL when an organization conformance pack has been successfully deleted from all the member accounts.
UPDATE_SUCCESSFUL when an organization conformance pack has been successfully updated in all the member accounts.
UPDATE_IN_PROGRESS when an organization conformance pack update is in progress.
UPDATE_FAILED when an organization conformance pack update failed in one or more member accounts within that organization.
ErrorCode (string) --
An error code that is returned when organization conformance pack creation or deletion has failed in the member account.
ErrorMessage (string) --
An error message indicating that organization conformance pack creation or deletion failed due to an error.
LastUpdateTime (datetime) --
The timestamp of the last update.
NextToken (string) --
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
Creates or updates a conformance pack. A conformance pack is a collection of AWS Config rules that can be easily deployed in an account and a region.
This API creates a service linked role AWSServiceRoleForConfigConforms in your account. The service linked role is created only when the role does not exist in your account. AWS Config verifies the existence of role with GetRole action.
See also: AWS API Documentation
Request Syntax
client.put_conformance_pack(
ConformancePackName='string',
TemplateS3Uri='string',
TemplateBody='string',
DeliveryS3Bucket='string',
DeliveryS3KeyPrefix='string',
ConformancePackInputParameters=[
{
'ParameterName': 'string',
'ParameterValue': 'string'
},
]
)
string
[REQUIRED]
Name of the conformance pack you want to create.
string
Location of file containing the template body. The uri must point to the conformance pack template (max size: 300,000 bytes) that is located in an Amazon S3 bucket in the same region as the conformance pack.
string
A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
string
[REQUIRED]
Location of an Amazon S3 bucket where AWS Config can deliver evaluation results. AWS Config stores intermediate files while processing conformance pack template.
string
The prefix for the Amazon S3 bucket.
list
A list of ConformancePackInputParameter objects.
(dict) --
Input parameters in the form of key-value pairs for the conformance pack, both of which you define. Keys can have a maximum character length of 128 characters, and values can have a maximum length of 256 characters.
ParameterName (string) -- [REQUIRED]
One part of a key-value pair.
ParameterValue (string) -- [REQUIRED]
Another part of the key-value pair.
dict
Response Syntax
{
'ConformancePackArn': 'string'
}
Response Structure
(dict) --
ConformancePackArn (string) --
ARN of the conformance pack.
Deletes the specified organization conformance pack and all of the config rules and remediation actions from all member accounts in that organization. Only a master account can delete an organization conformance pack.
AWS Config sets the state of a conformance pack to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a conformance pack while it is in this state.
See also: AWS API Documentation
Request Syntax
client.delete_organization_conformance_pack(
OrganizationConformancePackName='string'
)
string
[REQUIRED]
The name of organization conformance pack that you want to delete.
None
Provides one or more conformance packs deployment status.
See also: AWS API Documentation
Request Syntax
client.describe_conformance_pack_status(
ConformancePackNames=[
'string',
],
Limit=123,
NextToken='string'
)
list
Comma-separated list of conformance pack names.
(string) --
integer
The maximum number of conformance packs returned on each page.
string
The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
dict
Response Syntax
{
'ConformancePackStatusDetails': [
{
'ConformancePackName': 'string',
'ConformancePackId': 'string',
'ConformancePackArn': 'string',
'ConformancePackState': 'CREATE_IN_PROGRESS'|'CREATE_COMPLETE'|'CREATE_FAILED'|'DELETE_IN_PROGRESS'|'DELETE_FAILED',
'StackArn': 'string',
'ConformancePackStatusReason': 'string',
'LastUpdateRequestedTime': datetime(2015, 1, 1),
'LastUpdateCompletedTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ConformancePackStatusDetails (list) --
A list of ConformancePackStatusDetail objects.
(dict) --
Status details of a conformance pack.
ConformancePackName (string) --
Name of the conformance pack.
ConformancePackId (string) --
ID of the conformance pack.
ConformancePackArn (string) --
Amazon Resource Name (ARN) of comformance pack.
ConformancePackState (string) --
Indicates deployment status of conformance pack.
AWS Config sets the state of the conformance pack to:
CREATE_IN_PROGRESS when a conformance pack creation is in progress for an account.
CREATE_COMPLETE when a conformance pack has been successfully created in your account.
CREATE_FAILED when a conformance pack creation failed in your account.
DELETE_IN_PROGRESS when a conformance pack deletion is in progress.
DELETE_FAILED when a conformance pack deletion failed from your account.
StackArn (string) --
Amazon Resource Name (ARN) of AWS CloudFormation stack.
ConformancePackStatusReason (string) --
The reason of conformance pack creation failure.
LastUpdateRequestedTime (datetime) --
Last time when conformation pack creation and update was requested.
LastUpdateCompletedTime (datetime) --
Last time when conformation pack creation and update was successful.
NextToken (string) --
The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
Returns a list of one or more conformance packs.
See also: AWS API Documentation
Request Syntax
client.describe_conformance_packs(
ConformancePackNames=[
'string',
],
Limit=123,
NextToken='string'
)
list
Comma-separated list of conformance pack names for which you want details. If you do not specify any names, AWS Config returns details for all your conformance packs.
(string) --
integer
The maximum number of conformance packs returned on each page.
string
The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
dict
Response Syntax
{
'ConformancePackDetails': [
{
'ConformancePackName': 'string',
'ConformancePackArn': 'string',
'ConformancePackId': 'string',
'DeliveryS3Bucket': 'string',
'DeliveryS3KeyPrefix': 'string',
'ConformancePackInputParameters': [
{
'ParameterName': 'string',
'ParameterValue': 'string'
},
],
'LastUpdateRequestedTime': datetime(2015, 1, 1),
'CreatedBy': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ConformancePackDetails (list) --
Returns a list of ConformancePackDetail objects.
(dict) --
Returns details of a conformance pack. A conformance pack is a collection of AWS Config rules that can be easily deployed in an account and a region.
ConformancePackName (string) --
Name of the conformance pack.
ConformancePackArn (string) --
Amazon Resource Name (ARN) of the conformance pack.
ConformancePackId (string) --
ID of the conformance pack.
DeliveryS3Bucket (string) --
Location of an Amazon S3 bucket where AWS Config can deliver evaluation results and conformance pack template that is used to create a pack.
DeliveryS3KeyPrefix (string) --
Any folder structure you want to add to an Amazon S3 bucket.
ConformancePackInputParameters (list) --
A list of ConformancePackInputParameter objects.
(dict) --
Input parameters in the form of key-value pairs for the conformance pack, both of which you define. Keys can have a maximum character length of 128 characters, and values can have a maximum length of 256 characters.
ParameterName (string) --
One part of a key-value pair.
ParameterValue (string) --
Another part of the key-value pair.
LastUpdateRequestedTime (datetime) --
Last time when conformation pack update was requested.
CreatedBy (string) --
NextToken (string) --
The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
Deletes the specified conformance pack and all the AWS Config rules and all evaluation results within that conformance pack.
AWS Config sets the conformance pack to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a conformance pack while it is in this state.
See also: AWS API Documentation
Request Syntax
client.delete_conformance_pack(
ConformancePackName='string'
)
string
[REQUIRED]
Name of the conformance pack you want to delete.
None
Deploys conformance packs across member accounts in an AWS Organization.
This API enables organization service access through the EnableAWSServiceAccess action and creates a service linked role AWSServiceRoleForConfigMultiAccountSetup in the master account of your organization. The service linked role is created only when the role does not exist in the master account. AWS Config verifies the existence of role with GetRole action.
See also: AWS API Documentation
Request Syntax
client.put_organization_conformance_pack(
OrganizationConformancePackName='string',
TemplateS3Uri='string',
TemplateBody='string',
DeliveryS3Bucket='string',
DeliveryS3KeyPrefix='string',
ConformancePackInputParameters=[
{
'ParameterName': 'string',
'ParameterValue': 'string'
},
],
ExcludedAccounts=[
'string',
]
)
string
[REQUIRED]
Name of the organization conformance pack you want to create.
string
Location of file containing the template body. The uri must point to the conformance pack template (max size: 300,000 bytes).
string
A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
string
[REQUIRED]
Location of an Amazon S3 bucket where AWS Config can deliver evaluation results. AWS Config stores intermediate files while processing conformance pack template.
string
The prefix for the Amazon S3 bucket.
list
A list of ConformancePackInputParameter objects.
(dict) --
Input parameters in the form of key-value pairs for the conformance pack, both of which you define. Keys can have a maximum character length of 128 characters, and values can have a maximum length of 256 characters.
ParameterName (string) -- [REQUIRED]
One part of a key-value pair.
ParameterValue (string) -- [REQUIRED]
Another part of the key-value pair.
list
A list of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack.
(string) --
dict
Response Syntax
{
'OrganizationConformancePackArn': 'string'
}
Response Structure
(dict) --
OrganizationConformancePackArn (string) --
ARN of the organization conformance pack.
Returns compliance information for each rule in that conformance pack.
See also: AWS API Documentation
Request Syntax
client.describe_conformance_pack_compliance(
ConformancePackName='string',
Filters={
'ConfigRuleNames': [
'string',
],
'ComplianceType': 'COMPLIANT'|'NON_COMPLIANT'
},
Limit=123,
NextToken='string'
)
string
[REQUIRED]
Name of the conformance pack.
dict
A ConformancePackComplianceFilters object.
ConfigRuleNames (list) --
Filters the results by AWS Config rule names.
(string) --
ComplianceType (string) --
Filters the results by compliance.
The allowed values are COMPLIANT and NON_COMPLIANT.
integer
The maximum number of AWS Config rules within a conformance pack are returned on each page.
string
The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
dict
Response Syntax
{
'ConformancePackName': 'string',
'ConformancePackRuleComplianceList': [
{
'ConfigRuleName': 'string',
'ComplianceType': 'COMPLIANT'|'NON_COMPLIANT'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ConformancePackName (string) --
Name of the conformance pack.
ConformancePackRuleComplianceList (list) --
Returns a list of ConformancePackRuleCompliance objects.
(dict) --
Compliance information of one or more AWS Config rules within a conformance pack. You can filter using AWS Config rule names and compliance types.
ConfigRuleName (string) --
Filters the results by AWS Config rule name.
ComplianceType (string) --
Filters the results by compliance.
The allowed values are COMPLIANT and NON_COMPLIANT.
NextToken (string) --
The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
Returns detailed status for each member account within an organization for a given organization conformance pack.
Only a master account can call this API.
See also: AWS API Documentation
Request Syntax
client.get_organization_conformance_pack_detailed_status(
OrganizationConformancePackName='string',
Filters={
'AccountId': 'string',
'Status': 'CREATE_SUCCESSFUL'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_SUCCESSFUL'|'DELETE_FAILED'|'DELETE_IN_PROGRESS'|'UPDATE_SUCCESSFUL'|'UPDATE_IN_PROGRESS'|'UPDATE_FAILED'
},
Limit=123,
NextToken='string'
)
string
[REQUIRED]
The name of organization conformance pack for which you want status details for member accounts.
dict
An OrganizationResourceDetailedStatusFilters object.
AccountId (string) --
The 12-digit account ID of the member account within an organization.
Status (string) --
Indicates deployment status for conformance pack in a member account. When master account calls PutOrganizationConformancePack action for the first time, conformance pack status is created in the member account. When master account calls PutOrganizationConformancePack action for the second time, conformance pack status is updated in the member account. Conformance pack status is deleted when the master account deletes OrganizationConformancePack and disables service access for config-multiaccountsetup.amazonaws.com.
AWS Config sets the state of the conformance pack to:
CREATE_SUCCESSFUL when conformance pack has been created in the member account.
CREATE_IN_PROGRESS when conformance pack is being created in the member account.
CREATE_FAILED when conformance pack creation has failed in the member account.
DELETE_FAILED when conformance pack deletion has failed in the member account.
DELETE_IN_PROGRESS when conformance pack is being deleted in the member account.
DELETE_SUCCESSFUL when conformance pack has been deleted in the member account.
UPDATE_SUCCESSFUL when conformance pack has been updated in the member account.
UPDATE_IN_PROGRESS when conformance pack is being updated in the member account.
UPDATE_FAILED when conformance pack deletion has failed in the member account.
integer
The maximum number of OrganizationConformancePackDetailedStatuses returned on each page. If you do not specify a number, AWS Config uses the default. The default is 100.
string
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
dict
Response Syntax
{
'OrganizationConformancePackDetailedStatuses': [
{
'AccountId': 'string',
'ConformancePackName': 'string',
'Status': 'CREATE_SUCCESSFUL'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_SUCCESSFUL'|'DELETE_FAILED'|'DELETE_IN_PROGRESS'|'UPDATE_SUCCESSFUL'|'UPDATE_IN_PROGRESS'|'UPDATE_FAILED',
'ErrorCode': 'string',
'ErrorMessage': 'string',
'LastUpdateTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
OrganizationConformancePackDetailedStatuses (list) --
A list of OrganizationConformancePackDetailedStatus objects.
(dict) --
Organization conformance pack creation or deletion status in each member account. This includes the name of the conformance pack, the status, error code and error message when the conformance pack creation or deletion failed.
AccountId (string) --
The 12-digit account ID of a member account.
ConformancePackName (string) --
The name of conformance pack deployed in the member account.
Status (string) --
Indicates deployment status for conformance pack in a member account. When master account calls PutOrganizationConformancePack action for the first time, conformance pack status is created in the member account. When master account calls PutOrganizationConformancePack action for the second time, conformance pack status is updated in the member account. Conformance pack status is deleted when the master account deletes OrganizationConformancePack and disables service access for config-multiaccountsetup.amazonaws.com.
AWS Config sets the state of the conformance pack to:
CREATE_SUCCESSFUL when conformance pack has been created in the member account.
CREATE_IN_PROGRESS when conformance pack is being created in the member account.
CREATE_FAILED when conformance pack creation has failed in the member account.
DELETE_FAILED when conformance pack deletion has failed in the member account.
DELETE_IN_PROGRESS when conformance pack is being deleted in the member account.
DELETE_SUCCESSFUL when conformance pack has been deleted in the member account.
UPDATE_SUCCESSFUL when conformance pack has been updated in the member account.
UPDATE_IN_PROGRESS when conformance pack is being updated in the member account.
UPDATE_FAILED when conformance pack deletion has failed in the member account.
ErrorCode (string) --
An error code that is returned when conformance pack creation or deletion failed in the member account.
ErrorMessage (string) --
An error message indicating that conformance pack account creation or deletion has failed due to an error in the member account.
LastUpdateTime (datetime) --
The timestamp of the last status update.
NextToken (string) --
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
Returns a list of organization conformance packs.
See also: AWS API Documentation
Request Syntax
client.describe_organization_conformance_packs(
OrganizationConformancePackNames=[
'string',
],
Limit=123,
NextToken='string'
)
list
The name that you assign to an organization conformance pack.
(string) --
integer
The maximum number of organization config packs returned on each page. If you do no specify a number, AWS Config uses the default. The default is 100.
string
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
dict
Response Syntax
{
'OrganizationConformancePacks': [
{
'OrganizationConformancePackName': 'string',
'OrganizationConformancePackArn': 'string',
'DeliveryS3Bucket': 'string',
'DeliveryS3KeyPrefix': 'string',
'ConformancePackInputParameters': [
{
'ParameterName': 'string',
'ParameterValue': 'string'
},
],
'ExcludedAccounts': [
'string',
],
'LastUpdateTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
OrganizationConformancePacks (list) --
Returns a list of OrganizationConformancePacks objects.
(dict) --
An organization conformance pack that has information about conformance packs that AWS Config creates in member accounts.
OrganizationConformancePackName (string) --
The name you assign to an organization conformance pack.
OrganizationConformancePackArn (string) --
Amazon Resource Name (ARN) of organization conformance pack.
DeliveryS3Bucket (string) --
Location of an Amazon S3 bucket where AWS Config can deliver evaluation results and conformance pack template that is used to create a pack.
DeliveryS3KeyPrefix (string) --
Any folder structure you want to add to an Amazon S3 bucket.
ConformancePackInputParameters (list) --
A list of ConformancePackInputParameter objects.
(dict) --
Input parameters in the form of key-value pairs for the conformance pack, both of which you define. Keys can have a maximum character length of 128 characters, and values can have a maximum length of 256 characters.
ParameterName (string) --
One part of a key-value pair.
ParameterValue (string) --
Another part of the key-value pair.
ExcludedAccounts (list) --
A comma-separated list of accounts excluded from organization conformance pack.
(string) --
LastUpdateTime (datetime) --
Last time when organization conformation pack was updated.
NextToken (string) --
The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.