Crate rusoto_config
source · [−]Expand description
AWS Config provides a way to keep track of the configurations of all the AWS resources associated with your AWS account. You can use AWS Config to get the current and historical configurations of each AWS resource and also to get information about the relationship between the resources. An AWS resource can be an Amazon Compute Cloud (Amazon EC2) instance, an Elastic Block Store (EBS) volume, an elastic network Interface (ENI), or a security group. For a complete list of resources currently supported by AWS Config, see Supported AWS Resources.
You can access and manage AWS Config through the AWS Management Console, the AWS Command Line Interface (AWS CLI), the AWS Config API, or the AWS SDKs for AWS Config. This reference guide contains documentation for the AWS Config API and the AWS CLI commands that you can use to manage AWS Config. The AWS Config API uses the Signature Version 4 protocol for signing requests. For more information about how to sign a request with this protocol, see Signature Version 4 Signing Process. For detailed information about AWS Config features and their associated actions or commands, as well as how to work with AWS Management Console, see What Is AWS Config in the AWS Config Developer Guide.
If you’re using the service, you’re probably looking for ConfigServiceClient and ConfigService.
Structs
A collection of accounts and regions.
Indicates whether an AWS Config rule is compliant based on account ID, region, compliance, and rule name.
A rule is compliant if all of the resources that the rule evaluated comply with it. It is noncompliant if any of these resources do not comply.
Provides aggregate compliance of the conformance pack. Indicates whether a conformance pack is compliant based on the name of the conformance pack, account ID, and region.
A conformance pack is compliant if all of the rules in a conformance packs are compliant. It is noncompliant if any of the rules are not compliant. The compliance status of a conformance pack is INSUFFICIENT_DATA only if all rules within a conformance pack cannot be evaluated due to insufficient data. If some of the rules in a conformance pack are compliant but the compliance status of other rules in that same conformance pack is INSUFFICIENT_DATA, the conformance pack shows compliant.
Returns the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator.
Provides the number of compliant and noncompliant rules within a conformance pack. Also provides the compliance status of the conformance pack and the total rule count which includes compliant rules, noncompliant rules, and rules that cannot be evaluated due to insufficient data.
A conformance pack is compliant if all of the rules in a conformance packs are compliant. It is noncompliant if any of the rules are not compliant. The compliance status of a conformance pack is INSUFFICIENT_DATA only if all rules within a conformance pack cannot be evaluated due to insufficient data. If some of the rules in a conformance pack are compliant but the compliance status of other rules in that same conformance pack is INSUFFICIENT_DATA, the conformance pack shows compliant.
The number of conformance packs that are compliant and noncompliant.
Filters the conformance packs based on an account ID, region, compliance type, and the name of the conformance pack.
Provides a summary of compliance based on either account ID or region.
Filters the results based on account ID and region.
The details of an AWS Config evaluation for an account ID and region in an aggregator. Provides the AWS resource that was evaluated, the compliance of the resource, related time stamps, and supplementary information.
The details that identify a resource that is collected by AWS Config aggregator, including the resource type, ID, (if available) the custom resource name, the source account, and source region.
The current sync status between the source and the aggregator account.
An object that represents the authorizations granted to aggregator accounts and regions.
The detailed configuration of a specified resource.
Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.
Indicates whether an AWS Config rule is compliant. A rule is compliant if all of the resources that the rule evaluated comply with it. A rule is noncompliant if any of these resources do not comply.
Indicates whether an AWS resource that is evaluated according to one or more AWS Config rules is compliant. A resource is compliant if it complies with all of the rules that evaluate it. A resource is noncompliant if it does not comply with one or more of these rules.
The number of AWS resources or AWS Config rules responsible for the current compliance of the item, up to a maximum number.
The number of AWS Config rules or AWS resources that are compliant and noncompliant.
The number of AWS resources of a specific type that are compliant or noncompliant, up to a maximum of 100 for each.
Provides status of the delivery of the snapshot or the configuration history to the specified Amazon S3 bucket. Also provides the status of notifications about the Amazon S3 delivery to the specified Amazon SNS topic.
An AWS Config rule represents an AWS Lambda function that you create for a custom rule or a predefined function for an AWS managed rule. The function evaluates configuration items to assess whether your AWS resources comply with your desired configurations. This function can run when AWS Config detects a configuration change to an AWS resource and at a periodic frequency that you choose (for example, every 24 hours).
You can use the AWS CLI and AWS SDKs if you want to create a rule that triggers evaluations for your resources when AWS Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
For more information about developing and using AWS Config rules, see Evaluating AWS Resource Configurations with AWS Config in the AWS Config Developer Guide.
Filters the compliance results based on account ID, region, compliance type, and rule name.
Filters the results based on the account IDs and regions.
Status information for your AWS managed Config rules. The status includes information such as the last time the rule ran, the last time it failed, and the related error for the last failure.
This action does not return status information about custom AWS Config rules.
A client for the Config Service API.
Provides options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket in your delivery channel.
The frequency for a rule that triggers evaluations for your resources when AWS Config delivers the configuration snapshot is set by one of two values, depending on which is less frequent:
-
The value for the
deliveryFrequencyparameter within the delivery channel configuration, which sets how often AWS Config delivers configuration snapshots. This value also sets how often AWS Config invokes evaluations for AWS Config rules. -
The value for the
MaximumExecutionFrequencyparameter, which sets the maximum frequency with which AWS Config invokes evaluations for the rule. For more information, see ConfigRule.
If the deliveryFrequency value is less frequent than the MaximumExecutionFrequency value for a rule, AWS Config invokes the rule only as often as the deliveryFrequency value.
-
For example, you want your rule to run evaluations when AWS Config delivers the configuration snapshot.
-
You specify the
MaximumExecutionFrequencyvalue forSix_Hours. -
You then specify the delivery channel
deliveryFrequencyvalue forTwentyFour_Hours. -
Because the value for
deliveryFrequencyis less frequent thanMaximumExecutionFrequency, AWS Config invokes evaluations for the rule every 24 hours.
You should set the MaximumExecutionFrequency value to be at least as frequent as the deliveryFrequency value. You can view the deliveryFrequency value by using the DescribeDeliveryChannnels action.
To update the deliveryFrequency with which AWS Config delivers your configuration snapshots, use the PutDeliveryChannel action.
A list that contains the status of the delivery of the configuration stream notification to the Amazon SNS topic.
The details about the configuration aggregator, including information about source accounts, regions, and metadata of the aggregator.
A list that contains detailed configurations of a specified resource.
An object that represents the recording of configuration changes of an AWS resource.
The current status of the configuration recorder.
Filters the conformance pack by compliance types and AWS Config rule names.
Summary includes the name and status of the conformance pack.
Returns details of a conformance pack. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed in an account and a region.
Filters a conformance pack by AWS Config rule names, compliance types, AWS resource types, and resource IDs.
The details of a conformance pack evaluation. Provides AWS Config rule and AWS resource type that was evaluated, the compliance of the conformance pack, related time stamps, and supplementary information.
Input parameters in the form of key-value pairs for the conformance pack, both of which you define. Keys can have a maximum character length of 255 characters, and values can have a maximum length of 4096 characters.
Compliance information of one or more AWS Config rules within a conformance pack. You can filter using AWS Config rule names and compliance types.
Status details of a conformance pack.
The request object for the DeleteConfigurationRecorder action.
The input for the DeleteDeliveryChannel action. The action accepts the following data, in JSON format.
The output when you delete the evaluation results for the specified AWS Config rule.
The input for the DeliverConfigSnapshot action.
The output for the DeliverConfigSnapshot action, in JSON format.
The channel through which AWS Config delivers notifications and updated configuration states.
The status of a specified delivery channel.
Valid values: Success | Failure
The input for the DescribeConfigurationRecorderStatus action.
The output for the DescribeConfigurationRecorderStatus action, in JSON format.
The input for the DescribeConfigurationRecorders action.
The output for the DescribeConfigurationRecorders action.
The input for the DeliveryChannelStatus action.
The output for the DescribeDeliveryChannelStatus action.
The input for the DescribeDeliveryChannels action.
The output for the DescribeDeliveryChannels action.
Identifies an AWS resource and indicates whether it complies with the AWS Config rule that it was evaluated against.
The details of an AWS Config evaluation. Provides the AWS resource that was evaluated, the compliance of the resource, related time stamps, and supplementary information.
Uniquely identifies an evaluation result.
Identifies an AWS Config rule that evaluated an AWS resource, and provides the type and ID of the resource that the rule evaluated.
The controls that AWS Config uses for executing remediations.
Identifies an AWS resource and indicates whether it complies with the AWS Config rule that it was evaluated against.
List of each of the failed delete remediation exceptions with specific reasons.
List of each of the failed remediations with specific reasons.
List of each of the failed remediation exceptions with specific reasons.
Details about the fields such as name of the field.
The input for the GetResourceConfigHistory action.
The output for the GetResourceConfigHistory action.
The count of resources that are grouped by the group name.
Organization config rule creation or deletion status in each member account. This includes the name of the rule, the status, error code and error message when the rule creation or deletion failed.
This object contains regions to set up the aggregator and an IAM role to retrieve organization details.
An organization config rule that has information about config rules that AWS Config creates in member accounts.
Returns the status for an organization config rule in an organization.
An organization conformance pack that has information about conformance packs that AWS Config creates in member accounts.
Organization conformance pack creation or deletion status in each member account. This includes the name of the conformance pack, the status, error code and error message when the conformance pack creation or deletion failed.
Returns the status for an organization conformance pack in an organization.
An object that specifies organization custom rule metadata such as resource type, resource ID of AWS resource, Lamdba function ARN, and organization trigger types that trigger AWS Config to evaluate your AWS resources against a rule. It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.
An object that specifies organization managed rule metadata such as resource type and ID of AWS resource along with the rule identifier. It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.
Status filter object to filter results based on specific member account ID or status type for an organization conformance pack.
An object that represents the account ID and region of an aggregator account that is requesting authorization but is not yet authorized.
The input for the PutConfigurationRecorder action.
The input for the PutDeliveryChannel action.
Details about the query.
Specifies the types of AWS resource for which AWS Config records configuration changes.
In the recording group, you specify whether all supported types or specific types of resources are recorded.
By default, AWS Config records configuration changes for all supported types of regional resources that AWS Config discovers in the region in which it is running. Regional resources are tied to a region and can be used only in that region. Examples of regional resources are EC2 instances and EBS volumes.
You can also have AWS Config record configuration changes for supported types of global resources (for example, IAM resources). Global resources are not tied to an individual region and can be used in all regions.
The configuration details for any global resource are the same in all regions. If you customize AWS Config in multiple regions to record global resources, it will create multiple configuration items each time a global resource changes: one configuration item for each region. These configuration items will contain identical data. To prevent duplicate configuration items, you should consider customizing AWS Config in only one region to record global resources, unless you want the configuration items to be available in multiple regions.
If you don't want AWS Config to record all resources, you can specify which types of resources it will record with the resourceTypes parameter.
For a list of supported resource types, see Supported Resource Types.
For more information, see Selecting Which Resources AWS Config Records.
The relationship of the related resource to the main resource.
An object that represents the details about the remediation configuration that includes the remediation action, parameters, and data to execute the action.
An object that represents the details about the remediation exception. The details include the rule name, an explanation of an exception, the time when the exception will be deleted, the resource ID, and resource type.
The details that identify a resource within AWS Config, including the resource type and resource ID.
Provides details of the current status of the invoked remediation action for that resource.
Name of the step from the SSM document.
The value is either a dynamic (resource) value or a static value. You must select either a dynamic value or a static value.
An object that contains the resource type and the number of resources.
Filters the resource count based on account ID, region, and resource type.
Filters the results by resource account ID, region, resource ID, and resource name.
The details that identify a resource that is discovered by AWS Config, including the resource type, ID, and (if available) the custom resource name.
The details that identify a resource within AWS Config, including the resource type and resource ID.
The dynamic value of the resource.
An object with the name of the retention configuration and the retention period in days. The object stores the configuration for data retention in AWS Config.
Defines which resources trigger an evaluation for an AWS Config rule. The scope can include one or more resource types, a combination of a tag key and value, or a combination of one resource type and one resource ID. Specify a scope to constrain which resources trigger an evaluation for a rule. Otherwise, evaluations for the rule are triggered when any resource in your recording group changes in configuration.
Provides the AWS Config rule owner (AWS or customer), the rule identifier, and the events that trigger the evaluation of your AWS resources.
Provides the source and the message types that trigger AWS Config to evaluate your AWS resources against a rule. It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic. You can specify the parameter values for SourceDetail only for custom rules.
AWS Systems Manager (SSM) specific remediation controls.
The output when you start the evaluation for the specified AWS Config rule.
The input for the StartConfigurationRecorder action.
The static value of the resource.
Status filter object to filter results based on specific member account ID or status type for an organization config rule.
The input for the StopConfigurationRecorder action.
Provides the details of a stored query.
Returns details of a specific query.
The tags for the resource. The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Enums
Errors returned by BatchGetAggregateResourceConfig
Errors returned by BatchGetResourceConfig
Errors returned by DeleteAggregationAuthorization
Errors returned by DeleteConfigRule
Errors returned by DeleteConfigurationAggregator
Errors returned by DeleteConfigurationRecorder
Errors returned by DeleteConformancePack
Errors returned by DeleteDeliveryChannel
Errors returned by DeleteEvaluationResults
Errors returned by DeleteOrganizationConfigRule
Errors returned by DeleteOrganizationConformancePack
Errors returned by DeletePendingAggregationRequest
Errors returned by DeleteRemediationConfiguration
Errors returned by DeleteRemediationExceptions
Errors returned by DeleteResourceConfig
Errors returned by DeleteRetentionConfiguration
Errors returned by DeleteStoredQuery
Errors returned by DeliverConfigSnapshot
Errors returned by DescribeAggregateComplianceByConfigRules
Errors returned by DescribeAggregateComplianceByConformancePacks
Errors returned by DescribeAggregationAuthorizations
Errors returned by DescribeComplianceByConfigRule
Errors returned by DescribeComplianceByResource
Errors returned by DescribeConfigRuleEvaluationStatus
Errors returned by DescribeConfigRules
Errors returned by DescribeConfigurationAggregatorSourcesStatus
Errors returned by DescribeConfigurationAggregators
Errors returned by DescribeConfigurationRecorderStatus
Errors returned by DescribeConfigurationRecorders
Errors returned by DescribeConformancePackCompliance
Errors returned by DescribeConformancePackStatus
Errors returned by DescribeConformancePacks
Errors returned by DescribeDeliveryChannelStatus
Errors returned by DescribeDeliveryChannels
Errors returned by DescribeOrganizationConfigRuleStatuses
Errors returned by DescribeOrganizationConfigRules
Errors returned by DescribeOrganizationConformancePackStatuses
Errors returned by DescribeOrganizationConformancePacks
Errors returned by DescribePendingAggregationRequests
Errors returned by DescribeRemediationConfigurations
Errors returned by DescribeRemediationExceptions
Errors returned by DescribeRemediationExecutionStatus
Errors returned by DescribeRetentionConfigurations
Errors returned by GetAggregateComplianceDetailsByConfigRule
Errors returned by GetAggregateConfigRuleComplianceSummary
Errors returned by GetAggregateConformancePackComplianceSummary
Errors returned by GetAggregateDiscoveredResourceCounts
Errors returned by GetAggregateResourceConfig
Errors returned by GetComplianceDetailsByConfigRule
Errors returned by GetComplianceDetailsByResource
Errors returned by GetComplianceSummaryByConfigRule
Errors returned by GetComplianceSummaryByResourceType
Errors returned by GetConformancePackComplianceDetails
Errors returned by GetConformancePackComplianceSummary
Errors returned by GetDiscoveredResourceCounts
Errors returned by GetOrganizationConfigRuleDetailedStatus
Errors returned by GetOrganizationConformancePackDetailedStatus
Errors returned by GetResourceConfigHistory
Errors returned by GetStoredQuery
Errors returned by ListAggregateDiscoveredResources
Errors returned by ListDiscoveredResources
Errors returned by ListStoredQueries
Errors returned by ListTagsForResource
Errors returned by PutAggregationAuthorization
Errors returned by PutConfigRule
Errors returned by PutConfigurationAggregator
Errors returned by PutConfigurationRecorder
Errors returned by PutConformancePack
Errors returned by PutDeliveryChannel
Errors returned by PutEvaluations
Errors returned by PutExternalEvaluation
Errors returned by PutOrganizationConfigRule
Errors returned by PutOrganizationConformancePack
Errors returned by PutRemediationConfigurations
Errors returned by PutRemediationExceptions
Errors returned by PutResourceConfig
Errors returned by PutRetentionConfiguration
Errors returned by PutStoredQuery
Errors returned by SelectAggregateResourceConfig
Errors returned by SelectResourceConfig
Errors returned by StartConfigRulesEvaluation
Errors returned by StartConfigurationRecorder
Errors returned by StartRemediationExecution
Errors returned by StopConfigurationRecorder
Errors returned by TagResource
Errors returned by UntagResource
Traits
Trait representing the capabilities of the Config Service API. Config Service clients implement this trait.