[][src]Crate rusoto_config

AWS Config

AWS Config provides a way to keep track of the configurations of all the AWS resources associated with your AWS account. You can use AWS Config to get the current and historical configurations of each AWS resource and also to get information about the relationship between the resources. An AWS resource can be an Amazon Compute Cloud (Amazon EC2) instance, an Elastic Block Store (EBS) volume, an elastic network Interface (ENI), or a security group. For a complete list of resources currently supported by AWS Config, see Supported AWS Resources.

You can access and manage AWS Config through the AWS Management Console, the AWS Command Line Interface (AWS CLI), the AWS Config API, or the AWS SDKs for AWS Config. This reference guide contains documentation for the AWS Config API and the AWS CLI commands that you can use to manage AWS Config. The AWS Config API uses the Signature Version 4 protocol for signing requests. For more information about how to sign a request with this protocol, see Signature Version 4 Signing Process. For detailed information about AWS Config features and their associated actions or commands, as well as how to work with AWS Management Console, see What Is AWS Config in the AWS Config Developer Guide.

If you're using the service, you're probably looking for ConfigServiceClient and ConfigService.

Structs

AccountAggregationSource

A collection of accounts and regions.

AggregateComplianceByConfigRule

Indicates whether an AWS Config rule is compliant based on account ID, region, compliance, and rule name.

A rule is compliant if all of the resources that the rule evaluated comply with it. It is noncompliant if any of these resources do not comply.

AggregateComplianceCount

Returns the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator.

AggregateEvaluationResult

The details of an AWS Config evaluation for an account ID and region in an aggregator. Provides the AWS resource that was evaluated, the compliance of the resource, related time stamps, and supplementary information.

AggregateResourceIdentifier

The details that identify a resource that is collected by AWS Config aggregator, including the resource type, ID, (if available) the custom resource name, the source account, and source region.

AggregatedSourceStatus

The current sync status between the source and the aggregator account.

AggregationAuthorization

An object that represents the authorizations granted to aggregator accounts and regions.

BaseConfigurationItem

The detailed configuration of a specified resource.

BatchGetAggregateResourceConfigRequest
BatchGetAggregateResourceConfigResponse
BatchGetResourceConfigRequest
BatchGetResourceConfigResponse
Compliance

Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.

ComplianceByConfigRule

Indicates whether an AWS Config rule is compliant. A rule is compliant if all of the resources that the rule evaluated comply with it. A rule is noncompliant if any of these resources do not comply.

ComplianceByResource

Indicates whether an AWS resource that is evaluated according to one or more AWS Config rules is compliant. A resource is compliant if it complies with all of the rules that evaluate it. A resource is noncompliant if it does not comply with one or more of these rules.

ComplianceContributorCount

The number of AWS resources or AWS Config rules responsible for the current compliance of the item, up to a maximum number.

ComplianceSummary

The number of AWS Config rules or AWS resources that are compliant and noncompliant.

ComplianceSummaryByResourceType

The number of AWS resources of a specific type that are compliant or noncompliant, up to a maximum of 100 for each.

ConfigExportDeliveryInfo

Provides status of the delivery of the snapshot or the configuration history to the specified Amazon S3 bucket. Also provides the status of notifications about the Amazon S3 delivery to the specified Amazon SNS topic.

ConfigRule

An AWS Config rule represents an AWS Lambda function that you create for a custom rule or a predefined function for an AWS managed rule. The function evaluates configuration items to assess whether your AWS resources comply with your desired configurations. This function can run when AWS Config detects a configuration change to an AWS resource and at a periodic frequency that you choose (for example, every 24 hours).

You can use the AWS CLI and AWS SDKs if you want to create a rule that triggers evaluations for your resources when AWS Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.

For more information about developing and using AWS Config rules, see Evaluating AWS Resource Configurations with AWS Config in the AWS Config Developer Guide.

ConfigRuleComplianceFilters

Filters the compliance results based on account ID, region, compliance type, and rule name.

ConfigRuleComplianceSummaryFilters

Filters the results based on the account IDs and regions.

ConfigRuleEvaluationStatus

Status information for your AWS managed Config rules. The status includes information such as the last time the rule ran, the last time it failed, and the related error for the last failure.

This action does not return status information about custom AWS Config rules.

ConfigServiceClient

A client for the Config Service API.

ConfigSnapshotDeliveryProperties

Provides options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket in your delivery channel.

The frequency for a rule that triggers evaluations for your resources when AWS Config delivers the configuration snapshot is set by one of two values, depending on which is less frequent:

  • The value for the deliveryFrequency parameter within the delivery channel configuration, which sets how often AWS Config delivers configuration snapshots. This value also sets how often AWS Config invokes evaluations for AWS Config rules.

  • The value for the MaximumExecutionFrequency parameter, which sets the maximum frequency with which AWS Config invokes evaluations for the rule. For more information, see ConfigRule.

If the deliveryFrequency value is less frequent than the MaximumExecutionFrequency value for a rule, AWS Config invokes the rule only as often as the deliveryFrequency value.

  1. For example, you want your rule to run evaluations when AWS Config delivers the configuration snapshot.

  2. You specify the MaximumExecutionFrequency value for Six_Hours.

  3. You then specify the delivery channel deliveryFrequency value for TwentyFour_Hours.

  4. Because the value for deliveryFrequency is less frequent than MaximumExecutionFrequency, AWS Config invokes evaluations for the rule every 24 hours.

You should set the MaximumExecutionFrequency value to be at least as frequent as the deliveryFrequency value. You can view the deliveryFrequency value by using the DescribeDeliveryChannnels action.

To update the deliveryFrequency with which AWS Config delivers your configuration snapshots, use the PutDeliveryChannel action.

ConfigStreamDeliveryInfo

A list that contains the status of the delivery of the configuration stream notification to the Amazon SNS topic.

ConfigurationAggregator

The details about the configuration aggregator, including information about source accounts, regions, and metadata of the aggregator.

ConfigurationItem

A list that contains detailed configurations of a specified resource.

ConfigurationRecorder

An object that represents the recording of configuration changes of an AWS resource.

ConfigurationRecorderStatus

The current status of the configuration recorder.

DeleteAggregationAuthorizationRequest
DeleteConfigRuleRequest

DeleteConfigurationAggregatorRequest
DeleteConfigurationRecorderRequest

The request object for the DeleteConfigurationRecorder action.

DeleteDeliveryChannelRequest

The input for the DeleteDeliveryChannel action. The action accepts the following data, in JSON format.

DeleteEvaluationResultsRequest

DeleteEvaluationResultsResponse

The output when you delete the evaluation results for the specified AWS Config rule.

DeletePendingAggregationRequestRequest
DeleteRemediationConfigurationRequest
DeleteRemediationConfigurationResponse
DeleteRetentionConfigurationRequest
DeliverConfigSnapshotRequest

The input for the DeliverConfigSnapshot action.

DeliverConfigSnapshotResponse

The output for the DeliverConfigSnapshot action, in JSON format.

DeliveryChannel

The channel through which AWS Config delivers notifications and updated configuration states.

DeliveryChannelStatus

The status of a specified delivery channel.

Valid values: Success | Failure

DescribeAggregateComplianceByConfigRulesRequest
DescribeAggregateComplianceByConfigRulesResponse
DescribeAggregationAuthorizationsRequest
DescribeAggregationAuthorizationsResponse
DescribeComplianceByConfigRuleRequest

DescribeComplianceByConfigRuleResponse

DescribeComplianceByResourceRequest

DescribeComplianceByResourceResponse

DescribeConfigRuleEvaluationStatusRequest

DescribeConfigRuleEvaluationStatusResponse

DescribeConfigRulesRequest

DescribeConfigRulesResponse

DescribeConfigurationAggregatorSourcesStatusRequest
DescribeConfigurationAggregatorSourcesStatusResponse
DescribeConfigurationAggregatorsRequest
DescribeConfigurationAggregatorsResponse
DescribeConfigurationRecorderStatusRequest

The input for the DescribeConfigurationRecorderStatus action.

DescribeConfigurationRecorderStatusResponse

The output for the DescribeConfigurationRecorderStatus action, in JSON format.

DescribeConfigurationRecordersRequest

The input for the DescribeConfigurationRecorders action.

DescribeConfigurationRecordersResponse

The output for the DescribeConfigurationRecorders action.

DescribeDeliveryChannelStatusRequest

The input for the DeliveryChannelStatus action.

DescribeDeliveryChannelStatusResponse

The output for the DescribeDeliveryChannelStatus action.

DescribeDeliveryChannelsRequest

The input for the DescribeDeliveryChannels action.

DescribeDeliveryChannelsResponse

The output for the DescribeDeliveryChannels action.

DescribePendingAggregationRequestsRequest
DescribePendingAggregationRequestsResponse
DescribeRemediationConfigurationsRequest
DescribeRemediationConfigurationsResponse
DescribeRemediationExecutionStatusRequest
DescribeRemediationExecutionStatusResponse
DescribeRetentionConfigurationsRequest
DescribeRetentionConfigurationsResponse
Evaluation

Identifies an AWS resource and indicates whether it complies with the AWS Config rule that it was evaluated against.

EvaluationResult

The details of an AWS Config evaluation. Provides the AWS resource that was evaluated, the compliance of the resource, related time stamps, and supplementary information.

EvaluationResultIdentifier

Uniquely identifies an evaluation result.

EvaluationResultQualifier

Identifies an AWS Config rule that evaluated an AWS resource, and provides the type and ID of the resource that the rule evaluated.

FailedRemediationBatch

List of each of the failed remediations with specific reasons.

FieldInfo

Details about the fields such as name of the field.

GetAggregateComplianceDetailsByConfigRuleRequest
GetAggregateComplianceDetailsByConfigRuleResponse
GetAggregateConfigRuleComplianceSummaryRequest
GetAggregateConfigRuleComplianceSummaryResponse
GetAggregateDiscoveredResourceCountsRequest
GetAggregateDiscoveredResourceCountsResponse
GetAggregateResourceConfigRequest
GetAggregateResourceConfigResponse
GetComplianceDetailsByConfigRuleRequest

GetComplianceDetailsByConfigRuleResponse

GetComplianceDetailsByResourceRequest

GetComplianceDetailsByResourceResponse

GetComplianceSummaryByConfigRuleResponse

GetComplianceSummaryByResourceTypeRequest

GetComplianceSummaryByResourceTypeResponse

GetDiscoveredResourceCountsRequest
GetDiscoveredResourceCountsResponse
GetResourceConfigHistoryRequest

The input for the GetResourceConfigHistory action.

GetResourceConfigHistoryResponse

The output for the GetResourceConfigHistory action.

GroupedResourceCount

The count of resources that are grouped by the group name.

ListAggregateDiscoveredResourcesRequest
ListAggregateDiscoveredResourcesResponse
ListDiscoveredResourcesRequest

ListDiscoveredResourcesResponse

ListTagsForResourceRequest
ListTagsForResourceResponse
OrganizationAggregationSource

This object contains regions to set up the aggregator and an IAM role to retrieve organization details.

PendingAggregationRequest

An object that represents the account ID and region of an aggregator account that is requesting authorization but is not yet authorized.

PutAggregationAuthorizationRequest
PutAggregationAuthorizationResponse
PutConfigRuleRequest
PutConfigurationAggregatorRequest
PutConfigurationAggregatorResponse
PutConfigurationRecorderRequest

The input for the PutConfigurationRecorder action.

PutDeliveryChannelRequest

The input for the PutDeliveryChannel action.

PutEvaluationsRequest

PutEvaluationsResponse

PutRemediationConfigurationsRequest
PutRemediationConfigurationsResponse
PutRetentionConfigurationRequest
PutRetentionConfigurationResponse
QueryInfo

Details about the query.

RecordingGroup

Specifies the types of AWS resource for which AWS Config records configuration changes.

In the recording group, you specify whether all supported types or specific types of resources are recorded.

By default, AWS Config records configuration changes for all supported types of regional resources that AWS Config discovers in the region in which it is running. Regional resources are tied to a region and can be used only in that region. Examples of regional resources are EC2 instances and EBS volumes.

You can also have AWS Config record configuration changes for supported types of global resources (for example, IAM resources). Global resources are not tied to an individual region and can be used in all regions.

The configuration details for any global resource are the same in all regions. If you customize AWS Config in multiple regions to record global resources, it will create multiple configuration items each time a global resource changes: one configuration item for each region. These configuration items will contain identical data. To prevent duplicate configuration items, you should consider customizing AWS Config in only one region to record global resources, unless you want the configuration items to be available in multiple regions.

If you don't want AWS Config to record all resources, you can specify which types of resources it will record with the resourceTypes parameter.

For a list of supported resource types, see Supported Resource Types.

For more information, see Selecting Which Resources AWS Config Records.

Relationship

The relationship of the related resource to the main resource.

RemediationConfiguration

An object that represents the details about the remediation configuration that includes the remediation action, parameters, and data to execute the action.

RemediationExecutionStatus

Provides details of the current status of the invoked remediation action for that resource.

RemediationExecutionStep

Name of the step from the SSM document.

RemediationParameterValue

The value is either a dynamic (resource) value or a static value. You must select either a dynamic value or a static value.

ResourceCount

An object that contains the resource type and the number of resources.

ResourceCountFilters

Filters the resource count based on account ID, region, and resource type.

ResourceFilters

Filters the results by resource account ID, region, resource ID, and resource name.

ResourceIdentifier

The details that identify a resource that is discovered by AWS Config, including the resource type, ID, and (if available) the custom resource name.

ResourceKey

The details that identify a resource within AWS Config, including the resource type and resource ID.

ResourceValue

The dynamic value of the resource.

RetentionConfiguration

An object with the name of the retention configuration and the retention period in days. The object stores the configuration for data retention in AWS Config.

Scope

Defines which resources trigger an evaluation for an AWS Config rule. The scope can include one or more resource types, a combination of a tag key and value, or a combination of one resource type and one resource ID. Specify a scope to constrain which resources trigger an evaluation for a rule. Otherwise, evaluations for the rule are triggered when any resource in your recording group changes in configuration.

SelectResourceConfigRequest
SelectResourceConfigResponse
Source

Provides the AWS Config rule owner (AWS or customer), the rule identifier, and the events that trigger the evaluation of your AWS resources.

SourceDetail

Provides the source and the message types that trigger AWS Config to evaluate your AWS resources against a rule. It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic. You can specify the parameter values for SourceDetail only for custom rules.

StartConfigRulesEvaluationRequest

StartConfigRulesEvaluationResponse

The output when you start the evaluation for the specified AWS Config rule.

StartConfigurationRecorderRequest

The input for the StartConfigurationRecorder action.

StartRemediationExecutionRequest
StartRemediationExecutionResponse
StaticValue

The static value of the resource.

StopConfigurationRecorderRequest

The input for the StopConfigurationRecorder action.

Tag

The tags for the resource. The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

TagResourceRequest
UntagResourceRequest

Enums

BatchGetAggregateResourceConfigError

Errors returned by BatchGetAggregateResourceConfig

BatchGetResourceConfigError

Errors returned by BatchGetResourceConfig

DeleteAggregationAuthorizationError

Errors returned by DeleteAggregationAuthorization

DeleteConfigRuleError

Errors returned by DeleteConfigRule

DeleteConfigurationAggregatorError

Errors returned by DeleteConfigurationAggregator

DeleteConfigurationRecorderError

Errors returned by DeleteConfigurationRecorder

DeleteDeliveryChannelError

Errors returned by DeleteDeliveryChannel

DeleteEvaluationResultsError

Errors returned by DeleteEvaluationResults

DeletePendingAggregationRequestError

Errors returned by DeletePendingAggregationRequest

DeleteRemediationConfigurationError

Errors returned by DeleteRemediationConfiguration

DeleteRetentionConfigurationError

Errors returned by DeleteRetentionConfiguration

DeliverConfigSnapshotError

Errors returned by DeliverConfigSnapshot

DescribeAggregateComplianceByConfigRulesError

Errors returned by DescribeAggregateComplianceByConfigRules

DescribeAggregationAuthorizationsError

Errors returned by DescribeAggregationAuthorizations

DescribeComplianceByConfigRuleError

Errors returned by DescribeComplianceByConfigRule

DescribeComplianceByResourceError

Errors returned by DescribeComplianceByResource

DescribeConfigRuleEvaluationStatusError

Errors returned by DescribeConfigRuleEvaluationStatus

DescribeConfigRulesError

Errors returned by DescribeConfigRules

DescribeConfigurationAggregatorSourcesStatusError

Errors returned by DescribeConfigurationAggregatorSourcesStatus

DescribeConfigurationAggregatorsError

Errors returned by DescribeConfigurationAggregators

DescribeConfigurationRecorderStatusError

Errors returned by DescribeConfigurationRecorderStatus

DescribeConfigurationRecordersError

Errors returned by DescribeConfigurationRecorders

DescribeDeliveryChannelStatusError

Errors returned by DescribeDeliveryChannelStatus

DescribeDeliveryChannelsError

Errors returned by DescribeDeliveryChannels

DescribePendingAggregationRequestsError

Errors returned by DescribePendingAggregationRequests

DescribeRemediationConfigurationsError

Errors returned by DescribeRemediationConfigurations

DescribeRemediationExecutionStatusError

Errors returned by DescribeRemediationExecutionStatus

DescribeRetentionConfigurationsError

Errors returned by DescribeRetentionConfigurations

GetAggregateComplianceDetailsByConfigRuleError

Errors returned by GetAggregateComplianceDetailsByConfigRule

GetAggregateConfigRuleComplianceSummaryError

Errors returned by GetAggregateConfigRuleComplianceSummary

GetAggregateDiscoveredResourceCountsError

Errors returned by GetAggregateDiscoveredResourceCounts

GetAggregateResourceConfigError

Errors returned by GetAggregateResourceConfig

GetComplianceDetailsByConfigRuleError

Errors returned by GetComplianceDetailsByConfigRule

GetComplianceDetailsByResourceError

Errors returned by GetComplianceDetailsByResource

GetComplianceSummaryByConfigRuleError

Errors returned by GetComplianceSummaryByConfigRule

GetComplianceSummaryByResourceTypeError

Errors returned by GetComplianceSummaryByResourceType

GetDiscoveredResourceCountsError

Errors returned by GetDiscoveredResourceCounts

GetResourceConfigHistoryError

Errors returned by GetResourceConfigHistory

ListAggregateDiscoveredResourcesError

Errors returned by ListAggregateDiscoveredResources

ListDiscoveredResourcesError

Errors returned by ListDiscoveredResources

ListTagsForResourceError

Errors returned by ListTagsForResource

PutAggregationAuthorizationError

Errors returned by PutAggregationAuthorization

PutConfigRuleError

Errors returned by PutConfigRule

PutConfigurationAggregatorError

Errors returned by PutConfigurationAggregator

PutConfigurationRecorderError

Errors returned by PutConfigurationRecorder

PutDeliveryChannelError

Errors returned by PutDeliveryChannel

PutEvaluationsError

Errors returned by PutEvaluations

PutRemediationConfigurationsError

Errors returned by PutRemediationConfigurations

PutRetentionConfigurationError

Errors returned by PutRetentionConfiguration

SelectResourceConfigError

Errors returned by SelectResourceConfig

StartConfigRulesEvaluationError

Errors returned by StartConfigRulesEvaluation

StartConfigurationRecorderError

Errors returned by StartConfigurationRecorder

StartRemediationExecutionError

Errors returned by StartRemediationExecution

StopConfigurationRecorderError

Errors returned by StopConfigurationRecorder

TagResourceError

Errors returned by TagResource

UntagResourceError

Errors returned by UntagResource

Traits

ConfigService

Trait representing the capabilities of the Config Service API. Config Service clients implement this trait.