com.amazonaws.services.config.AmazonConfig Maven / Gradle / Ivy
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.config;
import javax.annotation.Generated;
import com.amazonaws.*;
import com.amazonaws.regions.*;
import com.amazonaws.services.config.model.*;
/**
* Interface for accessing Config Service.
*
* Note: Do not directly implement this interface, new methods are added to it regularly. Extend from
* {@link com.amazonaws.services.config.AbstractAmazonConfig} instead.
*
*
* Config
*
* Config provides a way to keep track of the configurations of all the Amazon Web Services resources associated with
* your Amazon Web Services account. You can use Config to get the current and historical configurations of each Amazon
* Web Services resource and also to get information about the relationship between the resources. An Amazon Web
* Services resource can be an Amazon Compute Cloud (Amazon EC2) instance, an Elastic Block Store (EBS) volume, an
* elastic network Interface (ENI), or a security group. For a complete list of resources currently supported by Config,
* see Supported Amazon Web Services resources.
*
*
* You can access and manage Config through the Amazon Web Services Management Console, the Amazon Web Services Command
* Line Interface (Amazon Web Services CLI), the Config API, or the Amazon Web Services SDKs for Config. This reference
* guide contains documentation for the Config API and the Amazon Web Services CLI commands that you can use to manage
* Config. The Config API uses the Signature Version 4 protocol for signing requests. For more information about how to
* sign a request with this protocol, see Signature Version 4 Signing
* Process. For detailed information about Config features and their associated actions or commands, as well as how
* to work with Amazon Web Services Management Console, see What Is Config in the Config
* Developer Guide.
*
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public interface AmazonConfig {
/**
* The region metadata service name for computing region endpoints. You can use this value to retrieve metadata
* (such as supported regions) of the service.
*
* @see RegionUtils#getRegionsForService(String)
*/
String ENDPOINT_PREFIX = "config";
/**
* Overrides the default endpoint for this client ("config.us-east-1.amazonaws.com/"). Callers can use this method
* to control which AWS region they want to work with.
*
* Callers can pass in just the endpoint (ex: "config.us-east-1.amazonaws.com/") or a full URL, including the
* protocol (ex: "config.us-east-1.amazonaws.com/"). If the protocol is not specified here, the default protocol
* from this client's {@link ClientConfiguration} will be used, which by default is HTTPS.
*
* For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available
* endpoints for all AWS services, see: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-region-selection.html#region-selection-
* choose-endpoint
*
* This method is not threadsafe. An endpoint should be configured when the client is created and before any
* service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in
* transit or retrying.
*
* @param endpoint
* The endpoint (ex: "config.us-east-1.amazonaws.com/") or a full URL, including the protocol (ex:
* "config.us-east-1.amazonaws.com/") of the region specific AWS endpoint this client will communicate with.
* @deprecated use {@link AwsClientBuilder#setEndpointConfiguration(AwsClientBuilder.EndpointConfiguration)} for
* example:
* {@code builder.setEndpointConfiguration(new EndpointConfiguration(endpoint, signingRegion));}
*/
@Deprecated
void setEndpoint(String endpoint);
/**
* An alternative to {@link AmazonConfig#setEndpoint(String)}, sets the regional endpoint for this client's service
* calls. Callers can use this method to control which AWS region they want to work with.
*
* By default, all service endpoints in all regions use the https protocol. To use http instead, specify it in the
* {@link ClientConfiguration} supplied at construction.
*
* This method is not threadsafe. A region should be configured when the client is created and before any service
* requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit
* or retrying.
*
* @param region
* The region this client will communicate with. See {@link Region#getRegion(com.amazonaws.regions.Regions)}
* for accessing a given region. Must not be null and must be a region where the service is available.
*
* @see Region#getRegion(com.amazonaws.regions.Regions)
* @see Region#createClient(Class, com.amazonaws.auth.AWSCredentialsProvider, ClientConfiguration)
* @see Region#isServiceSupported(String)
* @deprecated use {@link AwsClientBuilder#setRegion(String)}
*/
@Deprecated
void setRegion(Region region);
/**
*
* Returns the current configuration items for resources that are present in your Config aggregator. The operation
* also returns a list of resources that are not processed in the current request. If there are no unprocessed
* resources, the operation returns an empty unprocessedResourceIdentifiers list.
*
*
*
* -
*
* The API does not return results for deleted resources.
*
*
* -
*
* The API does not return tags and relationships.
*
*
*
*
*
* @param batchGetAggregateResourceConfigRequest
* @return Result of the BatchGetAggregateResourceConfig operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.BatchGetAggregateResourceConfig
* @see AWS API Documentation
*/
BatchGetAggregateResourceConfigResult batchGetAggregateResourceConfig(BatchGetAggregateResourceConfigRequest batchGetAggregateResourceConfigRequest);
/**
*
* Returns the BaseConfigurationItem for one or more requested resources. The operation also returns a
* list of resources that are not processed in the current request. If there are no unprocessed resources, the
* operation returns an empty unprocessedResourceKeys list.
*
*
*
* -
*
* The API does not return results for deleted resources.
*
*
* -
*
* The API does not return any tags for the requested resources. This information is filtered out of the
* supplementaryConfiguration section of the API response.
*
*
*
*
*
* @param batchGetResourceConfigRequest
* @return Result of the BatchGetResourceConfig operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws NoAvailableConfigurationRecorderException
* There are no configuration recorders available to provide the role needed to describe your resources.
* Create a configuration recorder.
* @sample AmazonConfig.BatchGetResourceConfig
* @see AWS
* API Documentation
*/
BatchGetResourceConfigResult batchGetResourceConfig(BatchGetResourceConfigRequest batchGetResourceConfigRequest);
/**
*
* Deletes the authorization granted to the specified configuration aggregator account in a specified region.
*
*
* @param deleteAggregationAuthorizationRequest
* @return Result of the DeleteAggregationAuthorization operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.DeleteAggregationAuthorization
* @see AWS API Documentation
*/
DeleteAggregationAuthorizationResult deleteAggregationAuthorization(DeleteAggregationAuthorizationRequest deleteAggregationAuthorizationRequest);
/**
*
* Deletes the specified Config rule and all of its evaluation results.
*
*
* Config sets the state of a rule to DELETING until the deletion is complete. You cannot update a rule
* while it is in this state. If you make a PutConfigRule or DeleteConfigRule request for
* the rule, you will receive a ResourceInUseException.
*
*
* You can check the state of a rule by using the DescribeConfigRules request.
*
*
* @param deleteConfigRuleRequest
* @return Result of the DeleteConfigRule operation returned by the service.
* @throws NoSuchConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that
* the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
* @throws ResourceInUseException
* You see this exception in the following cases:
*
* -
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this
* rule. Delete the remediation action associated with the rule before deleting the rule and try your
* request again later.
*
*
* -
*
* For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again
* later.
*
*
* -
*
* For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request
* again later.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and
* deletion is in progress. Try your request again later.
*
*
* -
*
* For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your
* request again later.
*
*
* @sample AmazonConfig.DeleteConfigRule
* @see AWS API
* Documentation
*/
DeleteConfigRuleResult deleteConfigRule(DeleteConfigRuleRequest deleteConfigRuleRequest);
/**
*
* Deletes the specified configuration aggregator and the aggregated data associated with the aggregator.
*
*
* @param deleteConfigurationAggregatorRequest
* @return Result of the DeleteConfigurationAggregator operation returned by the service.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.DeleteConfigurationAggregator
* @see AWS API Documentation
*/
DeleteConfigurationAggregatorResult deleteConfigurationAggregator(DeleteConfigurationAggregatorRequest deleteConfigurationAggregatorRequest);
/**
*
* Deletes the configuration recorder.
*
*
* After the configuration recorder is deleted, Config will not record resource configuration changes until you
* create a new configuration recorder.
*
*
* This action does not delete the configuration information that was previously recorded. You will be able to
* access the previously recorded information by using the GetResourceConfigHistory action, but you
* will not be able to access this information in the Config console until you create a new configuration recorder.
*
*
* @param deleteConfigurationRecorderRequest
* The request object for the DeleteConfigurationRecorder action.
* @return Result of the DeleteConfigurationRecorder operation returned by the service.
* @throws NoSuchConfigurationRecorderException
* You have specified a configuration recorder that does not exist.
* @sample AmazonConfig.DeleteConfigurationRecorder
* @see AWS API Documentation
*/
DeleteConfigurationRecorderResult deleteConfigurationRecorder(DeleteConfigurationRecorderRequest deleteConfigurationRecorderRequest);
/**
*
* Deletes the specified conformance pack and all the Config rules, remediation actions, and all evaluation results
* within that conformance pack.
*
*
* Config sets the conformance pack to DELETE_IN_PROGRESS until the deletion is complete. You cannot
* update a conformance pack while it is in this state.
*
*
* @param deleteConformancePackRequest
* @return Result of the DeleteConformancePack operation returned by the service.
* @throws NoSuchConformancePackException
* You specified one or more conformance packs that do not exist.
* @throws ResourceInUseException
* You see this exception in the following cases:
*
* -
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this
* rule. Delete the remediation action associated with the rule before deleting the rule and try your
* request again later.
*
*
* -
*
* For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again
* later.
*
*
* -
*
* For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request
* again later.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and
* deletion is in progress. Try your request again later.
*
*
* -
*
* For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your
* request again later.
*
*
* @sample AmazonConfig.DeleteConformancePack
* @see AWS
* API Documentation
*/
DeleteConformancePackResult deleteConformancePack(DeleteConformancePackRequest deleteConformancePackRequest);
/**
*
* Deletes the delivery channel.
*
*
* Before you can delete the delivery channel, you must stop the configuration recorder by using the
* StopConfigurationRecorder action.
*
*
* @param deleteDeliveryChannelRequest
* The input for the DeleteDeliveryChannel action. The action accepts the following data, in JSON
* format.
* @return Result of the DeleteDeliveryChannel operation returned by the service.
* @throws NoSuchDeliveryChannelException
* You have specified a delivery channel that does not exist.
* @throws LastDeliveryChannelDeleteFailedException
* You cannot delete the delivery channel you specified because the configuration recorder is running.
* @sample AmazonConfig.DeleteDeliveryChannel
* @see AWS
* API Documentation
*/
DeleteDeliveryChannelResult deleteDeliveryChannel(DeleteDeliveryChannelRequest deleteDeliveryChannelRequest);
/**
*
* Deletes the evaluation results for the specified Config rule. You can specify one Config rule per request. After
* you delete the evaluation results, you can call the StartConfigRulesEvaluation API to start evaluating
* your Amazon Web Services resources against the rule.
*
*
* @param deleteEvaluationResultsRequest
* @return Result of the DeleteEvaluationResults operation returned by the service.
* @throws NoSuchConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that
* the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
* @throws ResourceInUseException
* You see this exception in the following cases:
*
* -
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this
* rule. Delete the remediation action associated with the rule before deleting the rule and try your
* request again later.
*
*
* -
*
* For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again
* later.
*
*
* -
*
* For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request
* again later.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and
* deletion is in progress. Try your request again later.
*
*
* -
*
* For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your
* request again later.
*
*
* @sample AmazonConfig.DeleteEvaluationResults
* @see AWS
* API Documentation
*/
DeleteEvaluationResultsResult deleteEvaluationResults(DeleteEvaluationResultsRequest deleteEvaluationResultsRequest);
/**
*
* Deletes the specified organization Config rule and all of its evaluation results from all member accounts in that
* organization.
*
*
* Only a management account and a delegated administrator account can delete an organization Config rule. When
* calling this API with a delegated administrator, you must ensure Organizations
* ListDelegatedAdministrator permissions are added.
*
*
* Config sets the state of a rule to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a rule
* while it is in this state.
*
*
* @param deleteOrganizationConfigRuleRequest
* @return Result of the DeleteOrganizationConfigRule operation returned by the service.
* @throws NoSuchOrganizationConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an organization Config Process Check
* rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying
* again.
* @throws ResourceInUseException
* You see this exception in the following cases:
*
* -
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this
* rule. Delete the remediation action associated with the rule before deleting the rule and try your
* request again later.
*
*
* -
*
* For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again
* later.
*
*
* -
*
* For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request
* again later.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and
* deletion is in progress. Try your request again later.
*
*
* -
*
* For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your
* request again later.
*
*
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following
* reasons:
*
* -
*
* No permission to call EnableAWSServiceAccess API
*
*
* -
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management
* account or the delegated administrator role changed. Delete this aggregator and create a new one with the
* current Amazon Web Services Organization.
*
*
* -
*
* The configuration aggregator is associated with a previous Amazon Web Services Organization and Config
* cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a
* new one with the current Amazon Web Services Organization.
*
*
* -
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
*
*
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.DeleteOrganizationConfigRule
* @see AWS API Documentation
*/
DeleteOrganizationConfigRuleResult deleteOrganizationConfigRule(DeleteOrganizationConfigRuleRequest deleteOrganizationConfigRuleRequest);
/**
*
* Deletes the specified organization conformance pack and all of the Config rules and remediation actions from all
* member accounts in that organization.
*
*
* Only a management account or a delegated administrator account can delete an organization conformance pack. When
* calling this API with a delegated administrator, you must ensure Organizations
* ListDelegatedAdministrator permissions are added.
*
*
* Config sets the state of a conformance pack to DELETE_IN_PROGRESS until the deletion is complete. You cannot
* update a conformance pack while it is in this state.
*
*
* @param deleteOrganizationConformancePackRequest
* @return Result of the DeleteOrganizationConformancePack operation returned by the service.
* @throws NoSuchOrganizationConformancePackException
* Config organization conformance pack that you passed in the filter does not exist.
*
* For DeleteOrganizationConformancePack, you tried to delete an organization conformance pack that does not
* exist.
* @throws ResourceInUseException
* You see this exception in the following cases:
*
*
* -
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this
* rule. Delete the remediation action associated with the rule before deleting the rule and try your
* request again later.
*
*
* -
*
* For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again
* later.
*
*
* -
*
* For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request
* again later.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and
* deletion is in progress. Try your request again later.
*
*
* -
*
* For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your
* request again later.
*
*
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following
* reasons:
*
* -
*
* No permission to call EnableAWSServiceAccess API
*
*
* -
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management
* account or the delegated administrator role changed. Delete this aggregator and create a new one with the
* current Amazon Web Services Organization.
*
*
* -
*
* The configuration aggregator is associated with a previous Amazon Web Services Organization and Config
* cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a
* new one with the current Amazon Web Services Organization.
*
*
* -
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
*
*
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.DeleteOrganizationConformancePack
* @see AWS API Documentation
*/
DeleteOrganizationConformancePackResult deleteOrganizationConformancePack(DeleteOrganizationConformancePackRequest deleteOrganizationConformancePackRequest);
/**
*
* Deletes pending authorization requests for a specified aggregator account in a specified region.
*
*
* @param deletePendingAggregationRequestRequest
* @return Result of the DeletePendingAggregationRequest operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.DeletePendingAggregationRequest
* @see AWS API Documentation
*/
DeletePendingAggregationRequestResult deletePendingAggregationRequest(DeletePendingAggregationRequestRequest deletePendingAggregationRequestRequest);
/**
*
* Deletes the remediation configuration.
*
*
* @param deleteRemediationConfigurationRequest
* @return Result of the DeleteRemediationConfiguration operation returned by the service.
* @throws NoSuchRemediationConfigurationException
* You specified an Config rule without a remediation configuration.
* @throws RemediationInProgressException
* Remediation action is in progress. You can either cancel execution in Amazon Web Services Systems Manager
* or wait and try again later.
* @throws InsufficientPermissionsException
* Indicates one of the following errors:
*
* -
*
* For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions
* to perform the config:Put* action.
*
*
* -
*
* For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the
* function's permissions.
*
*
* -
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because
* you do not have the following permissions:
*
*
* -
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.
*
*
*
*
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.DeleteRemediationConfiguration
* @see AWS API Documentation
*/
DeleteRemediationConfigurationResult deleteRemediationConfiguration(DeleteRemediationConfigurationRequest deleteRemediationConfigurationRequest);
/**
*
* Deletes one or more remediation exceptions mentioned in the resource keys.
*
*
*
* Config generates a remediation exception when a problem occurs executing a remediation action to a specific
* resource. Remediation exceptions blocks auto-remediation until the exception is cleared.
*
*
*
* @param deleteRemediationExceptionsRequest
* @return Result of the DeleteRemediationExceptions operation returned by the service.
* @throws NoSuchRemediationExceptionException
* You tried to delete a remediation exception that does not exist.
* @sample AmazonConfig.DeleteRemediationExceptions
* @see AWS API Documentation
*/
DeleteRemediationExceptionsResult deleteRemediationExceptions(DeleteRemediationExceptionsRequest deleteRemediationExceptionsRequest);
/**
*
* Records the configuration state for a custom resource that has been deleted. This API records a new
* ConfigurationItem with a ResourceDeleted status. You can retrieve the ConfigurationItems recorded for this
* resource in your Config History.
*
*
* @param deleteResourceConfigRequest
* @return Result of the DeleteResourceConfig operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws NoRunningConfigurationRecorderException
* There is no configuration recorder running.
* @sample AmazonConfig.DeleteResourceConfig
* @see AWS
* API Documentation
*/
DeleteResourceConfigResult deleteResourceConfig(DeleteResourceConfigRequest deleteResourceConfigRequest);
/**
*
* Deletes the retention configuration.
*
*
* @param deleteRetentionConfigurationRequest
* @return Result of the DeleteRetentionConfiguration operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws NoSuchRetentionConfigurationException
* You have specified a retention configuration that does not exist.
* @sample AmazonConfig.DeleteRetentionConfiguration
* @see AWS API Documentation
*/
DeleteRetentionConfigurationResult deleteRetentionConfiguration(DeleteRetentionConfigurationRequest deleteRetentionConfigurationRequest);
/**
*
* Deletes the stored query for a single Amazon Web Services account and a single Amazon Web Services Region.
*
*
* @param deleteStoredQueryRequest
* @return Result of the DeleteStoredQuery operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws ResourceNotFoundException
* You have specified a resource that does not exist.
* @sample AmazonConfig.DeleteStoredQuery
* @see AWS API
* Documentation
*/
DeleteStoredQueryResult deleteStoredQuery(DeleteStoredQueryRequest deleteStoredQueryRequest);
/**
*
* Schedules delivery of a configuration snapshot to the Amazon S3 bucket in the specified delivery channel. After
* the delivery has started, Config sends the following notifications using an Amazon SNS topic that you have
* specified.
*
*
* -
*
* Notification of the start of the delivery.
*
*
* -
*
* Notification of the completion of the delivery, if the delivery was successfully completed.
*
*
* -
*
* Notification of delivery failure, if the delivery failed.
*
*
*
*
* @param deliverConfigSnapshotRequest
* The input for the DeliverConfigSnapshot action.
* @return Result of the DeliverConfigSnapshot operation returned by the service.
* @throws NoSuchDeliveryChannelException
* You have specified a delivery channel that does not exist.
* @throws NoAvailableConfigurationRecorderException
* There are no configuration recorders available to provide the role needed to describe your resources.
* Create a configuration recorder.
* @throws NoRunningConfigurationRecorderException
* There is no configuration recorder running.
* @sample AmazonConfig.DeliverConfigSnapshot
* @see AWS
* API Documentation
*/
DeliverConfigSnapshotResult deliverConfigSnapshot(DeliverConfigSnapshotRequest deliverConfigSnapshotRequest);
/**
*
* Returns a list of compliant and noncompliant rules with the number of resources for compliant and noncompliant
* rules. Does not display rules that do not have compliance results.
*
*
*
* The results can return an empty result page, but if you have a nextToken, the results are displayed
* on the next page.
*
*
*
* @param describeAggregateComplianceByConfigRulesRequest
* @return Result of the DescribeAggregateComplianceByConfigRules operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.DescribeAggregateComplianceByConfigRules
* @see AWS API Documentation
*/
DescribeAggregateComplianceByConfigRulesResult describeAggregateComplianceByConfigRules(
DescribeAggregateComplianceByConfigRulesRequest describeAggregateComplianceByConfigRulesRequest);
/**
*
* Returns a list of the conformance packs and their associated compliance status with the count of compliant and
* noncompliant Config rules within each conformance pack. Also returns the total rule count which includes
* compliant rules, noncompliant rules, and rules that cannot be evaluated due to insufficient data.
*
*
*
* The results can return an empty result page, but if you have a nextToken, the results are displayed
* on the next page.
*
*
*
* @param describeAggregateComplianceByConformancePacksRequest
* @return Result of the DescribeAggregateComplianceByConformancePacks operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.DescribeAggregateComplianceByConformancePacks
* @see AWS API Documentation
*/
DescribeAggregateComplianceByConformancePacksResult describeAggregateComplianceByConformancePacks(
DescribeAggregateComplianceByConformancePacksRequest describeAggregateComplianceByConformancePacksRequest);
/**
*
* Returns a list of authorizations granted to various aggregator accounts and regions.
*
*
* @param describeAggregationAuthorizationsRequest
* @return Result of the DescribeAggregationAuthorizations operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @sample AmazonConfig.DescribeAggregationAuthorizations
* @see AWS API Documentation
*/
DescribeAggregationAuthorizationsResult describeAggregationAuthorizations(DescribeAggregationAuthorizationsRequest describeAggregationAuthorizationsRequest);
/**
*
* Indicates whether the specified Config rules are compliant. If a rule is noncompliant, this action returns the
* number of Amazon Web Services resources that do not comply with the rule.
*
*
* A rule is compliant if all of the evaluated resources comply with it. It is noncompliant if any of these
* resources do not comply.
*
*
* If Config has no current evaluation results for the rule, it returns INSUFFICIENT_DATA. This result
* might indicate one of the following conditions:
*
*
* -
*
* Config has never invoked an evaluation for the rule. To check whether it has, use the
* DescribeConfigRuleEvaluationStatus action to get the LastSuccessfulInvocationTime and
* LastFailedInvocationTime.
*
*
* -
*
* The rule's Lambda function is failing to send evaluation results to Config. Verify that the role you assigned to
* your configuration recorder includes the config:PutEvaluations permission. If the rule is a custom
* rule, verify that the Lambda execution role includes the config:PutEvaluations permission.
*
*
* -
*
* The rule's Lambda function has returned NOT_APPLICABLE for all evaluation results. This can occur if
* the resources were deleted or removed from the rule's scope.
*
*
*
*
* @param describeComplianceByConfigRuleRequest
* @return Result of the DescribeComplianceByConfigRule operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws NoSuchConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that
* the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.DescribeComplianceByConfigRule
* @see AWS API Documentation
*/
DescribeComplianceByConfigRuleResult describeComplianceByConfigRule(DescribeComplianceByConfigRuleRequest describeComplianceByConfigRuleRequest);
/**
* Simplified method form for invoking the DescribeComplianceByConfigRule operation.
*
* @see #describeComplianceByConfigRule(DescribeComplianceByConfigRuleRequest)
*/
DescribeComplianceByConfigRuleResult describeComplianceByConfigRule();
/**
*
* Indicates whether the specified Amazon Web Services resources are compliant. If a resource is noncompliant, this
* action returns the number of Config rules that the resource does not comply with.
*
*
* A resource is compliant if it complies with all the Config rules that evaluate it. It is noncompliant if it does
* not comply with one or more of these rules.
*
*
* If Config has no current evaluation results for the resource, it returns INSUFFICIENT_DATA. This
* result might indicate one of the following conditions about the rules that evaluate the resource:
*
*
* -
*
* Config has never invoked an evaluation for the rule. To check whether it has, use the
* DescribeConfigRuleEvaluationStatus action to get the LastSuccessfulInvocationTime and
* LastFailedInvocationTime.
*
*
* -
*
* The rule's Lambda function is failing to send evaluation results to Config. Verify that the role that you
* assigned to your configuration recorder includes the config:PutEvaluations permission. If the rule
* is a custom rule, verify that the Lambda execution role includes the config:PutEvaluations
* permission.
*
*
* -
*
* The rule's Lambda function has returned NOT_APPLICABLE for all evaluation results. This can occur if
* the resources were deleted or removed from the rule's scope.
*
*
*
*
* @param describeComplianceByResourceRequest
* @return Result of the DescribeComplianceByResource operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.DescribeComplianceByResource
* @see AWS API Documentation
*/
DescribeComplianceByResourceResult describeComplianceByResource(DescribeComplianceByResourceRequest describeComplianceByResourceRequest);
/**
* Simplified method form for invoking the DescribeComplianceByResource operation.
*
* @see #describeComplianceByResource(DescribeComplianceByResourceRequest)
*/
DescribeComplianceByResourceResult describeComplianceByResource();
/**
*
* Returns status information for each of your Config managed rules. The status includes information such as the
* last time Config invoked the rule, the last time Config failed to invoke the rule, and the related error for the
* last failure.
*
*
* @param describeConfigRuleEvaluationStatusRequest
* @return Result of the DescribeConfigRuleEvaluationStatus operation returned by the service.
* @throws NoSuchConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that
* the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.DescribeConfigRuleEvaluationStatus
* @see AWS API Documentation
*/
DescribeConfigRuleEvaluationStatusResult describeConfigRuleEvaluationStatus(
DescribeConfigRuleEvaluationStatusRequest describeConfigRuleEvaluationStatusRequest);
/**
* Simplified method form for invoking the DescribeConfigRuleEvaluationStatus operation.
*
* @see #describeConfigRuleEvaluationStatus(DescribeConfigRuleEvaluationStatusRequest)
*/
DescribeConfigRuleEvaluationStatusResult describeConfigRuleEvaluationStatus();
/**
*
* Returns details about your Config rules.
*
*
* @param describeConfigRulesRequest
* @return Result of the DescribeConfigRules operation returned by the service.
* @throws NoSuchConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that
* the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.DescribeConfigRules
* @see AWS API
* Documentation
*/
DescribeConfigRulesResult describeConfigRules(DescribeConfigRulesRequest describeConfigRulesRequest);
/**
* Simplified method form for invoking the DescribeConfigRules operation.
*
* @see #describeConfigRules(DescribeConfigRulesRequest)
*/
DescribeConfigRulesResult describeConfigRules();
/**
*
* Returns status information for sources within an aggregator. The status includes information about the last time
* Config verified authorization between the source account and an aggregator account. In case of a failure, the
* status contains the related error code or message.
*
*
* @param describeConfigurationAggregatorSourcesStatusRequest
* @return Result of the DescribeConfigurationAggregatorSourcesStatus operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @sample AmazonConfig.DescribeConfigurationAggregatorSourcesStatus
* @see AWS API Documentation
*/
DescribeConfigurationAggregatorSourcesStatusResult describeConfigurationAggregatorSourcesStatus(
DescribeConfigurationAggregatorSourcesStatusRequest describeConfigurationAggregatorSourcesStatusRequest);
/**
*
* Returns the details of one or more configuration aggregators. If the configuration aggregator is not specified,
* this action returns the details for all the configuration aggregators associated with the account.
*
*
* @param describeConfigurationAggregatorsRequest
* @return Result of the DescribeConfigurationAggregators operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @sample AmazonConfig.DescribeConfigurationAggregators
* @see AWS API Documentation
*/
DescribeConfigurationAggregatorsResult describeConfigurationAggregators(DescribeConfigurationAggregatorsRequest describeConfigurationAggregatorsRequest);
/**
*
* Returns the current status of the specified configuration recorder as well as the status of the last recording
* event for the recorder. If a configuration recorder is not specified, this action returns the status of all
* configuration recorders associated with the account.
*
*
*
* >You can specify only one configuration recorder for each Amazon Web Services Region for each account. For a
* detailed status of recording events over time, add your Config events to Amazon CloudWatch metrics and use
* CloudWatch metrics.
*
*
*
* @param describeConfigurationRecorderStatusRequest
* The input for the DescribeConfigurationRecorderStatus action.
* @return Result of the DescribeConfigurationRecorderStatus operation returned by the service.
* @throws NoSuchConfigurationRecorderException
* You have specified a configuration recorder that does not exist.
* @sample AmazonConfig.DescribeConfigurationRecorderStatus
* @see AWS API Documentation
*/
DescribeConfigurationRecorderStatusResult describeConfigurationRecorderStatus(
DescribeConfigurationRecorderStatusRequest describeConfigurationRecorderStatusRequest);
/**
* Simplified method form for invoking the DescribeConfigurationRecorderStatus operation.
*
* @see #describeConfigurationRecorderStatus(DescribeConfigurationRecorderStatusRequest)
*/
DescribeConfigurationRecorderStatusResult describeConfigurationRecorderStatus();
/**
*
* Returns the details for the specified configuration recorders. If the configuration recorder is not specified,
* this action returns the details for all configuration recorders associated with the account.
*
*
*
* You can specify only one configuration recorder for each Amazon Web Services Region for each account.
*
*
*
* @param describeConfigurationRecordersRequest
* The input for the DescribeConfigurationRecorders action.
* @return Result of the DescribeConfigurationRecorders operation returned by the service.
* @throws NoSuchConfigurationRecorderException
* You have specified a configuration recorder that does not exist.
* @sample AmazonConfig.DescribeConfigurationRecorders
* @see AWS API Documentation
*/
DescribeConfigurationRecordersResult describeConfigurationRecorders(DescribeConfigurationRecordersRequest describeConfigurationRecordersRequest);
/**
* Simplified method form for invoking the DescribeConfigurationRecorders operation.
*
* @see #describeConfigurationRecorders(DescribeConfigurationRecordersRequest)
*/
DescribeConfigurationRecordersResult describeConfigurationRecorders();
/**
*
* Returns compliance details for each rule in that conformance pack.
*
*
*
* You must provide exact rule names.
*
*
*
* @param describeConformancePackComplianceRequest
* @return Result of the DescribeConformancePackCompliance operation returned by the service.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws NoSuchConfigRuleInConformancePackException
* Config rule that you passed in the filter does not exist.
* @throws NoSuchConformancePackException
* You specified one or more conformance packs that do not exist.
* @sample AmazonConfig.DescribeConformancePackCompliance
* @see AWS API Documentation
*/
DescribeConformancePackComplianceResult describeConformancePackCompliance(DescribeConformancePackComplianceRequest describeConformancePackComplianceRequest);
/**
*
* Provides one or more conformance packs deployment status.
*
*
*
* If there are no conformance packs then you will see an empty result.
*
*
*
* @param describeConformancePackStatusRequest
* @return Result of the DescribeConformancePackStatus operation returned by the service.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.DescribeConformancePackStatus
* @see AWS API Documentation
*/
DescribeConformancePackStatusResult describeConformancePackStatus(DescribeConformancePackStatusRequest describeConformancePackStatusRequest);
/**
*
* Returns a list of one or more conformance packs.
*
*
* @param describeConformancePacksRequest
* @return Result of the DescribeConformancePacks operation returned by the service.
* @throws NoSuchConformancePackException
* You specified one or more conformance packs that do not exist.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.DescribeConformancePacks
* @see AWS API Documentation
*/
DescribeConformancePacksResult describeConformancePacks(DescribeConformancePacksRequest describeConformancePacksRequest);
/**
*
* Returns the current status of the specified delivery channel. If a delivery channel is not specified, this action
* returns the current status of all delivery channels associated with the account.
*
*
*
* Currently, you can specify only one delivery channel per region in your account.
*
*
*
* @param describeDeliveryChannelStatusRequest
* The input for the DeliveryChannelStatus action.
* @return Result of the DescribeDeliveryChannelStatus operation returned by the service.
* @throws NoSuchDeliveryChannelException
* You have specified a delivery channel that does not exist.
* @sample AmazonConfig.DescribeDeliveryChannelStatus
* @see AWS API Documentation
*/
DescribeDeliveryChannelStatusResult describeDeliveryChannelStatus(DescribeDeliveryChannelStatusRequest describeDeliveryChannelStatusRequest);
/**
* Simplified method form for invoking the DescribeDeliveryChannelStatus operation.
*
* @see #describeDeliveryChannelStatus(DescribeDeliveryChannelStatusRequest)
*/
DescribeDeliveryChannelStatusResult describeDeliveryChannelStatus();
/**
*
* Returns details about the specified delivery channel. If a delivery channel is not specified, this action returns
* the details of all delivery channels associated with the account.
*
*
*
* Currently, you can specify only one delivery channel per region in your account.
*
*
*
* @param describeDeliveryChannelsRequest
* The input for the DescribeDeliveryChannels action.
* @return Result of the DescribeDeliveryChannels operation returned by the service.
* @throws NoSuchDeliveryChannelException
* You have specified a delivery channel that does not exist.
* @sample AmazonConfig.DescribeDeliveryChannels
* @see AWS API Documentation
*/
DescribeDeliveryChannelsResult describeDeliveryChannels(DescribeDeliveryChannelsRequest describeDeliveryChannelsRequest);
/**
* Simplified method form for invoking the DescribeDeliveryChannels operation.
*
* @see #describeDeliveryChannels(DescribeDeliveryChannelsRequest)
*/
DescribeDeliveryChannelsResult describeDeliveryChannels();
/**
*
* Provides organization Config rule deployment status for an organization.
*
*
*
* The status is not considered successful until organization Config rule is successfully deployed in all the member
* accounts with an exception of excluded accounts.
*
*
* When you specify the limit and the next token, you receive a paginated response. Limit and next token are not
* applicable if you specify organization Config rule names. It is only applicable, when you request all the
* organization Config rules.
*
*
*
* @param describeOrganizationConfigRuleStatusesRequest
* @return Result of the DescribeOrganizationConfigRuleStatuses operation returned by the service.
* @throws NoSuchOrganizationConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an organization Config Process Check
* rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying
* again.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following
* reasons:
*
* -
*
* No permission to call EnableAWSServiceAccess API
*
*
* -
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management
* account or the delegated administrator role changed. Delete this aggregator and create a new one with the
* current Amazon Web Services Organization.
*
*
* -
*
* The configuration aggregator is associated with a previous Amazon Web Services Organization and Config
* cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a
* new one with the current Amazon Web Services Organization.
*
*
* -
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
*
*
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.DescribeOrganizationConfigRuleStatuses
* @see AWS API Documentation
*/
DescribeOrganizationConfigRuleStatusesResult describeOrganizationConfigRuleStatuses(
DescribeOrganizationConfigRuleStatusesRequest describeOrganizationConfigRuleStatusesRequest);
/**
*
* Returns a list of organization Config rules.
*
*
*
* When you specify the limit and the next token, you receive a paginated response.
*
*
* Limit and next token are not applicable if you specify organization Config rule names. It is only applicable,
* when you request all the organization Config rules.
*
*
* For accounts within an organization
*
*
* If you deploy an organizational rule or conformance pack in an organization administrator account, and then
* establish a delegated administrator and deploy an organizational rule or conformance pack in the delegated
* administrator account, you won't be able to see the organizational rule or conformance pack in the organization
* administrator account from the delegated administrator account or see the organizational rule or conformance pack
* in the delegated administrator account from organization administrator account. The
* DescribeOrganizationConfigRules and DescribeOrganizationConformancePacks APIs can only
* see and interact with the organization-related resource that were deployed from within the account calling those
* APIs.
*
*
*
* @param describeOrganizationConfigRulesRequest
* @return Result of the DescribeOrganizationConfigRules operation returned by the service.
* @throws NoSuchOrganizationConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an organization Config Process Check
* rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying
* again.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following
* reasons:
*
* -
*
* No permission to call EnableAWSServiceAccess API
*
*
* -
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management
* account or the delegated administrator role changed. Delete this aggregator and create a new one with the
* current Amazon Web Services Organization.
*
*
* -
*
* The configuration aggregator is associated with a previous Amazon Web Services Organization and Config
* cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a
* new one with the current Amazon Web Services Organization.
*
*
* -
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
*
*
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.DescribeOrganizationConfigRules
* @see AWS API Documentation
*/
DescribeOrganizationConfigRulesResult describeOrganizationConfigRules(DescribeOrganizationConfigRulesRequest describeOrganizationConfigRulesRequest);
/**
*
* Provides organization conformance pack deployment status for an organization.
*
*
*
* The status is not considered successful until organization conformance pack is successfully deployed in all the
* member accounts with an exception of excluded accounts.
*
*
* When you specify the limit and the next token, you receive a paginated response. Limit and next token are not
* applicable if you specify organization conformance pack names. They are only applicable, when you request all the
* organization conformance packs.
*
*
*
* @param describeOrganizationConformancePackStatusesRequest
* @return Result of the DescribeOrganizationConformancePackStatuses operation returned by the service.
* @throws NoSuchOrganizationConformancePackException
* Config organization conformance pack that you passed in the filter does not exist.
*
* For DeleteOrganizationConformancePack, you tried to delete an organization conformance pack that does not
* exist.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following reasons:
*
*
* -
*
* No permission to call EnableAWSServiceAccess API
*
*
* -
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management
* account or the delegated administrator role changed. Delete this aggregator and create a new one with the
* current Amazon Web Services Organization.
*
*
* -
*
* The configuration aggregator is associated with a previous Amazon Web Services Organization and Config
* cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a
* new one with the current Amazon Web Services Organization.
*
*
* -
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
*
*
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.DescribeOrganizationConformancePackStatuses
* @see AWS API Documentation
*/
DescribeOrganizationConformancePackStatusesResult describeOrganizationConformancePackStatuses(
DescribeOrganizationConformancePackStatusesRequest describeOrganizationConformancePackStatusesRequest);
/**
*
* Returns a list of organization conformance packs.
*
*
*
* When you specify the limit and the next token, you receive a paginated response.
*
*
* Limit and next token are not applicable if you specify organization conformance packs names. They are only
* applicable, when you request all the organization conformance packs.
*
*
* For accounts within an organization
*
*
* If you deploy an organizational rule or conformance pack in an organization administrator account, and then
* establish a delegated administrator and deploy an organizational rule or conformance pack in the delegated
* administrator account, you won't be able to see the organizational rule or conformance pack in the organization
* administrator account from the delegated administrator account or see the organizational rule or conformance pack
* in the delegated administrator account from organization administrator account. The
* DescribeOrganizationConfigRules and DescribeOrganizationConformancePacks APIs can only
* see and interact with the organization-related resource that were deployed from within the account calling those
* APIs.
*
*
*
* @param describeOrganizationConformancePacksRequest
* @return Result of the DescribeOrganizationConformancePacks operation returned by the service.
* @throws NoSuchOrganizationConformancePackException
* Config organization conformance pack that you passed in the filter does not exist.
*
* For DeleteOrganizationConformancePack, you tried to delete an organization conformance pack that does not
* exist.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following reasons:
*
*
* -
*
* No permission to call EnableAWSServiceAccess API
*
*
* -
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management
* account or the delegated administrator role changed. Delete this aggregator and create a new one with the
* current Amazon Web Services Organization.
*
*
* -
*
* The configuration aggregator is associated with a previous Amazon Web Services Organization and Config
* cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a
* new one with the current Amazon Web Services Organization.
*
*
* -
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
*
*
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.DescribeOrganizationConformancePacks
* @see AWS API Documentation
*/
DescribeOrganizationConformancePacksResult describeOrganizationConformancePacks(
DescribeOrganizationConformancePacksRequest describeOrganizationConformancePacksRequest);
/**
*
* Returns a list of all pending aggregation requests.
*
*
* @param describePendingAggregationRequestsRequest
* @return Result of the DescribePendingAggregationRequests operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @sample AmazonConfig.DescribePendingAggregationRequests
* @see AWS API Documentation
*/
DescribePendingAggregationRequestsResult describePendingAggregationRequests(
DescribePendingAggregationRequestsRequest describePendingAggregationRequestsRequest);
/**
*
* Returns the details of one or more remediation configurations.
*
*
* @param describeRemediationConfigurationsRequest
* @return Result of the DescribeRemediationConfigurations operation returned by the service.
* @sample AmazonConfig.DescribeRemediationConfigurations
* @see AWS API Documentation
*/
DescribeRemediationConfigurationsResult describeRemediationConfigurations(DescribeRemediationConfigurationsRequest describeRemediationConfigurationsRequest);
/**
*
* Returns the details of one or more remediation exceptions. A detailed view of a remediation exception for a set
* of resources that includes an explanation of an exception and the time when the exception will be deleted. When
* you specify the limit and the next token, you receive a paginated response.
*
*
*
* Config generates a remediation exception when a problem occurs executing a remediation action to a specific
* resource. Remediation exceptions blocks auto-remediation until the exception is cleared.
*
*
* When you specify the limit and the next token, you receive a paginated response.
*
*
* Limit and next token are not applicable if you request resources in batch. It is only applicable, when you
* request all resources.
*
*
*
* @param describeRemediationExceptionsRequest
* @return Result of the DescribeRemediationExceptions operation returned by the service.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.DescribeRemediationExceptions
* @see AWS API Documentation
*/
DescribeRemediationExceptionsResult describeRemediationExceptions(DescribeRemediationExceptionsRequest describeRemediationExceptionsRequest);
/**
*
* Provides a detailed view of a Remediation Execution for a set of resources including state, timestamps for when
* steps for the remediation execution occur, and any error messages for steps that have failed. When you specify
* the limit and the next token, you receive a paginated response.
*
*
* @param describeRemediationExecutionStatusRequest
* @return Result of the DescribeRemediationExecutionStatus operation returned by the service.
* @throws NoSuchRemediationConfigurationException
* You specified an Config rule without a remediation configuration.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.DescribeRemediationExecutionStatus
* @see AWS API Documentation
*/
DescribeRemediationExecutionStatusResult describeRemediationExecutionStatus(
DescribeRemediationExecutionStatusRequest describeRemediationExecutionStatusRequest);
/**
*
* Returns the details of one or more retention configurations. If the retention configuration name is not
* specified, this action returns the details for all the retention configurations for that account.
*
*
*
* Currently, Config supports only one retention configuration per region in your account.
*
*
*
* @param describeRetentionConfigurationsRequest
* @return Result of the DescribeRetentionConfigurations operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws NoSuchRetentionConfigurationException
* You have specified a retention configuration that does not exist.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.DescribeRetentionConfigurations
* @see AWS API Documentation
*/
DescribeRetentionConfigurationsResult describeRetentionConfigurations(DescribeRetentionConfigurationsRequest describeRetentionConfigurationsRequest);
/**
*
* Returns the evaluation results for the specified Config rule for a specific resource in a rule. The results
* indicate which Amazon Web Services resources were evaluated by the rule, when each resource was last evaluated,
* and whether each resource complies with the rule.
*
*
*
* The results can return an empty result page. But if you have a nextToken, the results are displayed
* on the next page.
*
*
*
* @param getAggregateComplianceDetailsByConfigRuleRequest
* @return Result of the GetAggregateComplianceDetailsByConfigRule operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.GetAggregateComplianceDetailsByConfigRule
* @see AWS API Documentation
*/
GetAggregateComplianceDetailsByConfigRuleResult getAggregateComplianceDetailsByConfigRule(
GetAggregateComplianceDetailsByConfigRuleRequest getAggregateComplianceDetailsByConfigRuleRequest);
/**
*
* Returns the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator.
*
*
*
* The results can return an empty result page, but if you have a nextToken, the results are displayed on the next
* page.
*
*
*
* @param getAggregateConfigRuleComplianceSummaryRequest
* @return Result of the GetAggregateConfigRuleComplianceSummary operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.GetAggregateConfigRuleComplianceSummary
* @see AWS API Documentation
*/
GetAggregateConfigRuleComplianceSummaryResult getAggregateConfigRuleComplianceSummary(
GetAggregateConfigRuleComplianceSummaryRequest getAggregateConfigRuleComplianceSummaryRequest);
/**
*
* Returns the count of compliant and noncompliant conformance packs across all Amazon Web Services accounts and
* Amazon Web Services Regions in an aggregator. You can filter based on Amazon Web Services account ID or Amazon
* Web Services Region.
*
*
*
* The results can return an empty result page, but if you have a nextToken, the results are displayed on the next
* page.
*
*
*
* @param getAggregateConformancePackComplianceSummaryRequest
* @return Result of the GetAggregateConformancePackComplianceSummary operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.GetAggregateConformancePackComplianceSummary
* @see AWS API Documentation
*/
GetAggregateConformancePackComplianceSummaryResult getAggregateConformancePackComplianceSummary(
GetAggregateConformancePackComplianceSummaryRequest getAggregateConformancePackComplianceSummaryRequest);
/**
*
* Returns the resource counts across accounts and regions that are present in your Config aggregator. You can
* request the resource counts by providing filters and GroupByKey.
*
*
* For example, if the input contains accountID 12345678910 and region us-east-1 in filters, the API returns the
* count of resources in account ID 12345678910 and region us-east-1. If the input contains ACCOUNT_ID as a
* GroupByKey, the API returns resource counts for all source accounts that are present in your aggregator.
*
*
* @param getAggregateDiscoveredResourceCountsRequest
* @return Result of the GetAggregateDiscoveredResourceCounts operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.GetAggregateDiscoveredResourceCounts
* @see AWS API Documentation
*/
GetAggregateDiscoveredResourceCountsResult getAggregateDiscoveredResourceCounts(
GetAggregateDiscoveredResourceCountsRequest getAggregateDiscoveredResourceCountsRequest);
/**
*
* Returns configuration item that is aggregated for your specific resource in a specific source account and region.
*
*
* @param getAggregateResourceConfigRequest
* @return Result of the GetAggregateResourceConfig operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @throws OversizedConfigurationItemException
* The configuration item size is outside the allowable range.
* @throws ResourceNotDiscoveredException
* You have specified a resource that is either unknown or has not been discovered.
* @sample AmazonConfig.GetAggregateResourceConfig
* @see AWS API Documentation
*/
GetAggregateResourceConfigResult getAggregateResourceConfig(GetAggregateResourceConfigRequest getAggregateResourceConfigRequest);
/**
*
* Returns the evaluation results for the specified Config rule. The results indicate which Amazon Web Services
* resources were evaluated by the rule, when each resource was last evaluated, and whether each resource complies
* with the rule.
*
*
* @param getComplianceDetailsByConfigRuleRequest
* @return Result of the GetComplianceDetailsByConfigRule operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that
* the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
* @sample AmazonConfig.GetComplianceDetailsByConfigRule
* @see AWS API Documentation
*/
GetComplianceDetailsByConfigRuleResult getComplianceDetailsByConfigRule(GetComplianceDetailsByConfigRuleRequest getComplianceDetailsByConfigRuleRequest);
/**
*
* Returns the evaluation results for the specified Amazon Web Services resource. The results indicate which Config
* rules were used to evaluate the resource, when each rule was last invoked, and whether the resource complies with
* each rule.
*
*
* @param getComplianceDetailsByResourceRequest
* @return Result of the GetComplianceDetailsByResource operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.GetComplianceDetailsByResource
* @see AWS API Documentation
*/
GetComplianceDetailsByResourceResult getComplianceDetailsByResource(GetComplianceDetailsByResourceRequest getComplianceDetailsByResourceRequest);
/**
*
* Returns the number of Config rules that are compliant and noncompliant, up to a maximum of 25 for each.
*
*
* @param getComplianceSummaryByConfigRuleRequest
* @return Result of the GetComplianceSummaryByConfigRule operation returned by the service.
* @sample AmazonConfig.GetComplianceSummaryByConfigRule
* @see AWS API Documentation
*/
GetComplianceSummaryByConfigRuleResult getComplianceSummaryByConfigRule(GetComplianceSummaryByConfigRuleRequest getComplianceSummaryByConfigRuleRequest);
/**
* Simplified method form for invoking the GetComplianceSummaryByConfigRule operation.
*
* @see #getComplianceSummaryByConfigRule(GetComplianceSummaryByConfigRuleRequest)
*/
GetComplianceSummaryByConfigRuleResult getComplianceSummaryByConfigRule();
/**
*
* Returns the number of resources that are compliant and the number that are noncompliant. You can specify one or
* more resource types to get these numbers for each resource type. The maximum number returned is 100.
*
*
* @param getComplianceSummaryByResourceTypeRequest
* @return Result of the GetComplianceSummaryByResourceType operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.GetComplianceSummaryByResourceType
* @see AWS API Documentation
*/
GetComplianceSummaryByResourceTypeResult getComplianceSummaryByResourceType(
GetComplianceSummaryByResourceTypeRequest getComplianceSummaryByResourceTypeRequest);
/**
* Simplified method form for invoking the GetComplianceSummaryByResourceType operation.
*
* @see #getComplianceSummaryByResourceType(GetComplianceSummaryByResourceTypeRequest)
*/
GetComplianceSummaryByResourceTypeResult getComplianceSummaryByResourceType();
/**
*
* Returns compliance details of a conformance pack for all Amazon Web Services resources that are monitered by
* conformance pack.
*
*
* @param getConformancePackComplianceDetailsRequest
* @return Result of the GetConformancePackComplianceDetails operation returned by the service.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConformancePackException
* You specified one or more conformance packs that do not exist.
* @throws NoSuchConfigRuleInConformancePackException
* Config rule that you passed in the filter does not exist.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.GetConformancePackComplianceDetails
* @see AWS API Documentation
*/
GetConformancePackComplianceDetailsResult getConformancePackComplianceDetails(
GetConformancePackComplianceDetailsRequest getConformancePackComplianceDetailsRequest);
/**
*
* Returns compliance details for the conformance pack based on the cumulative compliance results of all the rules
* in that conformance pack.
*
*
* @param getConformancePackComplianceSummaryRequest
* @return Result of the GetConformancePackComplianceSummary operation returned by the service.
* @throws NoSuchConformancePackException
* You specified one or more conformance packs that do not exist.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.GetConformancePackComplianceSummary
* @see AWS API Documentation
*/
GetConformancePackComplianceSummaryResult getConformancePackComplianceSummary(
GetConformancePackComplianceSummaryRequest getConformancePackComplianceSummaryRequest);
/**
*
* Returns the policy definition containing the logic for your Config Custom Policy rule.
*
*
* @param getCustomRulePolicyRequest
* @return Result of the GetCustomRulePolicy operation returned by the service.
* @throws NoSuchConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that
* the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
* @sample AmazonConfig.GetCustomRulePolicy
* @see AWS API
* Documentation
*/
GetCustomRulePolicyResult getCustomRulePolicy(GetCustomRulePolicyRequest getCustomRulePolicyRequest);
/**
*
* Returns the resource types, the number of each resource type, and the total number of resources that Config is
* recording in this region for your Amazon Web Services account.
*
*
* Example
*
*
* -
*
* Config is recording three resource types in the US East (Ohio) Region for your account: 25 EC2 instances, 20 IAM
* users, and 15 S3 buckets.
*
*
* -
*
* You make a call to the GetDiscoveredResourceCounts action and specify that you want all resource
* types.
*
*
* -
*
* Config returns the following:
*
*
* -
*
* The resource types (EC2 instances, IAM users, and S3 buckets).
*
*
* -
*
* The number of each resource type (25, 20, and 15).
*
*
* -
*
* The total number of all resources (60).
*
*
*
*
*
*
* The response is paginated. By default, Config lists 100 ResourceCount objects on each page. You can
* customize this number with the limit parameter. The response includes a nextToken
* string. To get the next page of results, run the request again and specify the string for the
* nextToken parameter.
*
*
*
* If you make a call to the GetDiscoveredResourceCounts action, you might not immediately receive resource
* counts in the following situations:
*
*
* -
*
* You are a new Config customer.
*
*
* -
*
* You just enabled resource recording.
*
*
*
*
* It might take a few minutes for Config to record and count your resources. Wait a few minutes and then retry the
* GetDiscoveredResourceCounts action.
*
*
*
* @param getDiscoveredResourceCountsRequest
* @return Result of the GetDiscoveredResourceCounts operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.GetDiscoveredResourceCounts
* @see AWS API Documentation
*/
GetDiscoveredResourceCountsResult getDiscoveredResourceCounts(GetDiscoveredResourceCountsRequest getDiscoveredResourceCountsRequest);
/**
*
* Returns detailed status for each member account within an organization for a given organization Config rule.
*
*
* @param getOrganizationConfigRuleDetailedStatusRequest
* @return Result of the GetOrganizationConfigRuleDetailedStatus operation returned by the service.
* @throws NoSuchOrganizationConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an organization Config Process Check
* rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying
* again.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following
* reasons:
*
* -
*
* No permission to call EnableAWSServiceAccess API
*
*
* -
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management
* account or the delegated administrator role changed. Delete this aggregator and create a new one with the
* current Amazon Web Services Organization.
*
*
* -
*
* The configuration aggregator is associated with a previous Amazon Web Services Organization and Config
* cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a
* new one with the current Amazon Web Services Organization.
*
*
* -
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
*
*
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.GetOrganizationConfigRuleDetailedStatus
* @see AWS API Documentation
*/
GetOrganizationConfigRuleDetailedStatusResult getOrganizationConfigRuleDetailedStatus(
GetOrganizationConfigRuleDetailedStatusRequest getOrganizationConfigRuleDetailedStatusRequest);
/**
*
* Returns detailed status for each member account within an organization for a given organization conformance pack.
*
*
* @param getOrganizationConformancePackDetailedStatusRequest
* @return Result of the GetOrganizationConformancePackDetailedStatus operation returned by the service.
* @throws NoSuchOrganizationConformancePackException
* Config organization conformance pack that you passed in the filter does not exist.
*
* For DeleteOrganizationConformancePack, you tried to delete an organization conformance pack that does not
* exist.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following reasons:
*
*
* -
*
* No permission to call EnableAWSServiceAccess API
*
*
* -
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management
* account or the delegated administrator role changed. Delete this aggregator and create a new one with the
* current Amazon Web Services Organization.
*
*
* -
*
* The configuration aggregator is associated with a previous Amazon Web Services Organization and Config
* cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a
* new one with the current Amazon Web Services Organization.
*
*
* -
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
*
*
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.GetOrganizationConformancePackDetailedStatus
* @see AWS API Documentation
*/
GetOrganizationConformancePackDetailedStatusResult getOrganizationConformancePackDetailedStatus(
GetOrganizationConformancePackDetailedStatusRequest getOrganizationConformancePackDetailedStatusRequest);
/**
*
* Returns the policy definition containing the logic for your organization Config Custom Policy rule.
*
*
* @param getOrganizationCustomRulePolicyRequest
* @return Result of the GetOrganizationCustomRulePolicy operation returned by the service.
* @throws NoSuchOrganizationConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an organization Config Process Check
* rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying
* again.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following
* reasons:
*
* -
*
* No permission to call EnableAWSServiceAccess API
*
*
* -
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management
* account or the delegated administrator role changed. Delete this aggregator and create a new one with the
* current Amazon Web Services Organization.
*
*
* -
*
* The configuration aggregator is associated with a previous Amazon Web Services Organization and Config
* cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a
* new one with the current Amazon Web Services Organization.
*
*
* -
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
*
*
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.GetOrganizationCustomRulePolicy
* @see AWS API Documentation
*/
GetOrganizationCustomRulePolicyResult getOrganizationCustomRulePolicy(GetOrganizationCustomRulePolicyRequest getOrganizationCustomRulePolicyRequest);
/**
*
*
* For accurate reporting on the compliance status, you must record the AWS::Config::ResourceCompliance
* resource type. For more information, see Selecting Which Resources
* Config Records.
*
*
*
* Returns a list of ConfigurationItems for the specified resource. The list contains details about
* each state of the resource during the specified time interval. If you specified a retention period to retain your
* ConfigurationItems between a minimum of 30 days and a maximum of 7 years (2557 days), Config returns
* the ConfigurationItems for the specified retention period.
*
*
* The response is paginated. By default, Config returns a limit of 10 configuration items per page. You can
* customize this number with the limit parameter. The response includes a nextToken
* string. To get the next page of results, run the request again and specify the string for the
* nextToken parameter.
*
*
*
* Each call to the API is limited to span a duration of seven days. It is likely that the number of records
* returned is smaller than the specified limit. In such cases, you can make another call, using the
* nextToken.
*
*
*
* @param getResourceConfigHistoryRequest
* The input for the GetResourceConfigHistory action.
* @return Result of the GetResourceConfigHistory operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidTimeRangeException
* The specified time range is not valid. The earlier time is not chronologically before the later time.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoAvailableConfigurationRecorderException
* There are no configuration recorders available to provide the role needed to describe your resources.
* Create a configuration recorder.
* @throws ResourceNotDiscoveredException
* You have specified a resource that is either unknown or has not been discovered.
* @sample AmazonConfig.GetResourceConfigHistory
* @see AWS API Documentation
*/
GetResourceConfigHistoryResult getResourceConfigHistory(GetResourceConfigHistoryRequest getResourceConfigHistoryRequest);
/**
*
* Returns a summary of resource evaluation for the specified resource evaluation ID from the proactive rules that
* were run. The results indicate which evaluation context was used to evaluate the rules, which resource details
* were evaluated, the evaluation mode that was run, and whether the resource details comply with the configuration
* of the proactive rules.
*
*
*
* To see additional information about the evaluation result, such as which rule flagged a resource as
* NON_COMPLIANT, use the GetComplianceDetailsByResource API. For more information, see the Examples section.
*
*
*
* @param getResourceEvaluationSummaryRequest
* @return Result of the GetResourceEvaluationSummary operation returned by the service.
* @throws ResourceNotFoundException
* You have specified a resource that does not exist.
* @sample AmazonConfig.GetResourceEvaluationSummary
* @see AWS API Documentation
*/
GetResourceEvaluationSummaryResult getResourceEvaluationSummary(GetResourceEvaluationSummaryRequest getResourceEvaluationSummaryRequest);
/**
*
* Returns the details of a specific stored query.
*
*
* @param getStoredQueryRequest
* @return Result of the GetStoredQuery operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws ResourceNotFoundException
* You have specified a resource that does not exist.
* @sample AmazonConfig.GetStoredQuery
* @see AWS API
* Documentation
*/
GetStoredQueryResult getStoredQuery(GetStoredQueryRequest getStoredQueryRequest);
/**
*
* Accepts a resource type and returns a list of resource identifiers that are aggregated for a specific resource
* type across accounts and regions. A resource identifier includes the resource type, ID, (if available) the custom
* resource name, source account, and source region. You can narrow the results to include only resources that have
* specific resource IDs, or a resource name, or source account ID, or source region.
*
*
* For example, if the input consists of accountID 12345678910 and the region is us-east-1 for resource type
* AWS::EC2::Instance then the API returns all the EC2 instance identifiers of accountID 12345678910
* and region us-east-1.
*
*
* @param listAggregateDiscoveredResourcesRequest
* @return Result of the ListAggregateDiscoveredResources operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.ListAggregateDiscoveredResources
* @see AWS API Documentation
*/
ListAggregateDiscoveredResourcesResult listAggregateDiscoveredResources(ListAggregateDiscoveredResourcesRequest listAggregateDiscoveredResourcesRequest);
/**
*
* Returns a list of conformance pack compliance scores. A compliance score is the percentage of the number of
* compliant rule-resource combinations in a conformance pack compared to the number of total possible rule-resource
* combinations in the conformance pack. This metric provides you with a high-level view of the compliance state of
* your conformance packs. You can use it to identify, investigate, and understand the level of compliance in your
* conformance packs.
*
*
*
* Conformance packs with no evaluation results will have a compliance score of INSUFFICIENT_DATA.
*
*
*
* @param listConformancePackComplianceScoresRequest
* @return Result of the ListConformancePackComplianceScores operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.ListConformancePackComplianceScores
* @see AWS API Documentation
*/
ListConformancePackComplianceScoresResult listConformancePackComplianceScores(
ListConformancePackComplianceScoresRequest listConformancePackComplianceScoresRequest);
/**
*
* Accepts a resource type and returns a list of resource identifiers for the resources of that type. A resource
* identifier includes the resource type, ID, and (if available) the custom resource name. The results consist of
* resources that Config has discovered, including those that Config is not currently recording. You can narrow the
* results to include only resources that have specific resource IDs or a resource name.
*
*
*
* You can specify either resource IDs or a resource name, but not both, in the same request.
*
*
*
* The response is paginated. By default, Config lists 100 resource identifiers on each page. You can customize this
* number with the limit parameter. The response includes a nextToken string. To get the
* next page of results, run the request again and specify the string for the nextToken parameter.
*
*
* @param listDiscoveredResourcesRequest
* @return Result of the ListDiscoveredResources operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoAvailableConfigurationRecorderException
* There are no configuration recorders available to provide the role needed to describe your resources.
* Create a configuration recorder.
* @sample AmazonConfig.ListDiscoveredResources
* @see AWS
* API Documentation
*/
ListDiscoveredResourcesResult listDiscoveredResources(ListDiscoveredResourcesRequest listDiscoveredResourcesRequest);
/**
*
* Returns a list of proactive resource evaluations.
*
*
* @param listResourceEvaluationsRequest
* @return Result of the ListResourceEvaluations operation returned by the service.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws InvalidTimeRangeException
* The specified time range is not valid. The earlier time is not chronologically before the later time.
* @sample AmazonConfig.ListResourceEvaluations
* @see AWS
* API Documentation
*/
ListResourceEvaluationsResult listResourceEvaluations(ListResourceEvaluationsRequest listResourceEvaluationsRequest);
/**
*
* Lists the stored queries for a single Amazon Web Services account and a single Amazon Web Services Region. The
* default is 100.
*
*
* @param listStoredQueriesRequest
* @return Result of the ListStoredQueries operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.ListStoredQueries
* @see AWS API
* Documentation
*/
ListStoredQueriesResult listStoredQueries(ListStoredQueriesRequest listStoredQueriesRequest);
/**
*
* List the tags for Config resource.
*
*
* @param listTagsForResourceRequest
* @return Result of the ListTagsForResource operation returned by the service.
* @throws ResourceNotFoundException
* You have specified a resource that does not exist.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.ListTagsForResource
* @see AWS API
* Documentation
*/
ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest);
/**
*
* Authorizes the aggregator account and region to collect data from the source account and region.
*
*
*
* PutAggregationAuthorization is an idempotent API. Subsequent requests won’t create a duplicate
* resource if one was already created. If a following request has different tags values, Config will
* ignore these differences and treat it as an idempotent request of the previous. In this case, tags
* will not be updated, even if they are different.
*
*
*
* @param putAggregationAuthorizationRequest
* @return Result of the PutAggregationAuthorization operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.PutAggregationAuthorization
* @see AWS API Documentation
*/
PutAggregationAuthorizationResult putAggregationAuthorization(PutAggregationAuthorizationRequest putAggregationAuthorizationRequest);
/**
*
* Adds or updates an Config rule to evaluate if your Amazon Web Services resources comply with your desired
* configurations. For information on how many Config rules you can have per account, see Service Limits in
* the Config Developer Guide.
*
*
* There are two types of rules: Config Managed Rules and Config Custom Rules. You can use
* PutConfigRule to create both Config Managed Rules and Config Custom Rules.
*
*
* Config Managed Rules are predefined, customizable rules created by Config. For a list of managed rules, see List of Config
* Managed Rules. If you are adding an Config managed rule, you must specify the rule's identifier for the
* SourceIdentifier key.
*
*
* Config Custom Rules are rules that you create from scratch. There are two ways to create Config custom rules:
* with Lambda functions ( Lambda Developer Guide) and with Guard (Guard GitHub Repository), a policy-as-code
* language. Config custom rules created with Lambda are called Config Custom Lambda Rules and Config custom
* rules created with Guard are called Config Custom Policy Rules.
*
*
* If you are adding a new Config Custom Lambda rule, you first need to create an Lambda function that the rule
* invokes to evaluate your resources. When you use PutConfigRule to add a Custom Lambda rule to
* Config, you must specify the Amazon Resource Name (ARN) that Lambda assigns to the function. You specify the ARN
* in the SourceIdentifier key. This key is part of the Source object, which is part of
* the ConfigRule object.
*
*
* For any new Config rule that you add, specify the ConfigRuleName in the ConfigRule
* object. Do not specify the ConfigRuleArn or the ConfigRuleId. These values are
* generated by Config for new rules.
*
*
* If you are updating a rule that you added previously, you can specify the rule by ConfigRuleName,
* ConfigRuleId, or ConfigRuleArn in the ConfigRule data type that you use in
* this request.
*
*
* For more information about developing and using Config rules, see Evaluating Resources with
* Config Rules in the Config Developer Guide.
*
*
*
* PutConfigRule is an idempotent API. Subsequent requests won’t create a duplicate resource if one was
* already created. If a following request has different tags values, Config will ignore these
* differences and treat it as an idempotent request of the previous. In this case, tags will not be
* updated, even if they are different.
*
*
*
* @param putConfigRuleRequest
* @return Result of the PutConfigRule operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws MaxNumberOfConfigRulesExceededException
* Failed to add the Config rule because the account already contains the maximum number of 1000 rules.
* Consider deleting any deactivated rules before you add new rules.
* @throws ResourceInUseException
* You see this exception in the following cases:
*
* -
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this
* rule. Delete the remediation action associated with the rule before deleting the rule and try your
* request again later.
*
*
* -
*
* For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again
* later.
*
*
* -
*
* For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request
* again later.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and
* deletion is in progress. Try your request again later.
*
*
* -
*
* For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your
* request again later.
*
*
* @throws InsufficientPermissionsException
* Indicates one of the following errors:
*
* -
*
* For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions
* to perform the config:Put* action.
*
*
* -
*
* For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the
* function's permissions.
*
*
* -
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because
* you do not have the following permissions:
*
*
* -
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.
*
*
*
*
* @throws NoAvailableConfigurationRecorderException
* There are no configuration recorders available to provide the role needed to describe your resources.
* Create a configuration recorder.
* @sample AmazonConfig.PutConfigRule
* @see AWS API
* Documentation
*/
PutConfigRuleResult putConfigRule(PutConfigRuleRequest putConfigRuleRequest);
/**
*
* Creates and updates the configuration aggregator with the selected source accounts and regions. The source
* account can be individual account(s) or an organization.
*
*
* accountIds that are passed will be replaced with existing accounts. If you want to add additional
* accounts into the aggregator, call DescribeConfigurationAggregators to get the previous accounts and
* then append new ones.
*
*
*
* Config should be enabled in source accounts and regions you want to aggregate.
*
*
* If your source type is an organization, you must be signed in to the management account or a registered delegated
* administrator and all the features must be enabled in your organization. If the caller is a management account,
* Config calls EnableAwsServiceAccess API to enable integration between Config and Organizations. If
* the caller is a registered delegated administrator, Config calls ListDelegatedAdministrators API to
* verify whether the caller is a valid delegated administrator.
*
*
* To register a delegated administrator, see Register a Delegated Administrator in the Config developer guide.
*
*
*
* PutConfigurationAggregator is an idempotent API. Subsequent requests won’t create a duplicate
* resource if one was already created. If a following request has different tags values, Config will
* ignore these differences and treat it as an idempotent request of the previous. In this case, tags
* will not be updated, even if they are different.
*
*
*
* @param putConfigurationAggregatorRequest
* @return Result of the PutConfigurationAggregator operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws LimitExceededException
* For StartConfigRulesEvaluation API, this exception is thrown if an evaluation is in progress
* or if you call the StartConfigRulesEvaluation API more than once per minute.
*
* For PutConfigurationAggregator API, this exception is thrown if the number of accounts and
* aggregators exceeds the limit.
* @throws InvalidRoleException
* You have provided a null or empty Amazon Resource Name (ARN) for the IAM role assumed by Config and used
* by the configuration recorder.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following reasons:
*
*
* -
*
* No permission to call EnableAWSServiceAccess API
*
*
* -
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management
* account or the delegated administrator role changed. Delete this aggregator and create a new one with the
* current Amazon Web Services Organization.
*
*
* -
*
* The configuration aggregator is associated with a previous Amazon Web Services Organization and Config
* cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a
* new one with the current Amazon Web Services Organization.
*
*
* -
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
*
*
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @throws NoAvailableOrganizationException
* Organization is no longer available.
* @throws OrganizationAllFeaturesNotEnabledException
* Config resource cannot be created because your organization does not have all features enabled.
* @sample AmazonConfig.PutConfigurationAggregator
* @see AWS API Documentation
*/
PutConfigurationAggregatorResult putConfigurationAggregator(PutConfigurationAggregatorRequest putConfigurationAggregatorRequest);
/**
*
* Creates a new configuration recorder to record configuration changes for specified resource types.
*
*
* You can also use this action to change the roleARN or the recordingGroup of an existing
* recorder. For more information, see Managing the
* Configuration Recorder in the Config Developer Guide.
*
*
*
* You can specify only one configuration recorder for each Amazon Web Services Region for each account.
*
*
* If the configuration recorder does not have the recordingGroup field specified, the default is to
* record all supported resource types.
*
*
*
* @param putConfigurationRecorderRequest
* The input for the PutConfigurationRecorder action.
* @return Result of the PutConfigurationRecorder operation returned by the service.
* @throws MaxNumberOfConfigurationRecordersExceededException
* You have reached the limit of the number of configuration recorders you can create.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidConfigurationRecorderNameException
* You have provided a name for the configuration recorder that is not valid.
* @throws InvalidRoleException
* You have provided a null or empty Amazon Resource Name (ARN) for the IAM role assumed by Config and used
* by the configuration recorder.
* @throws InvalidRecordingGroupException
* Indicates one of the following errors:
*
*
* -
*
* You have provided a combination of parameter values that is not valid. For example:
*
*
* -
*
* Setting the allSupported field of RecordingGroup
* to true, but providing a non-empty list for the resourceTypesfield of RecordingGroup.
*
*
* -
*
* Setting the allSupported field of RecordingGroup
* to true, but also setting the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES.
*
*
*
*
* -
*
* Every parameter is either null, false, or empty.
*
*
* -
*
* You have reached the limit of the number of resource types you can provide for the recording group.
*
*
* -
*
* You have provided resource types or a recording strategy that are not valid.
*
*
* @sample AmazonConfig.PutConfigurationRecorder
* @see AWS API Documentation
*/
PutConfigurationRecorderResult putConfigurationRecorder(PutConfigurationRecorderRequest putConfigurationRecorderRequest);
/**
*
* Creates or updates a conformance pack. A conformance pack is a collection of Config rules that can be easily
* deployed in an account and a region and across an organization. For information on how many conformance packs you
* can have per account, see
* Service Limits in the Config Developer Guide.
*
*
* This API creates a service-linked role AWSServiceRoleForConfigConforms in your account. The
* service-linked role is created only when the role does not exist in your account.
*
*
*
* You must specify only one of the follow parameters: TemplateS3Uri, TemplateBody or
* TemplateSSMDocumentDetails.
*
*
*
* @param putConformancePackRequest
* @return Result of the PutConformancePack operation returned by the service.
* @throws InsufficientPermissionsException
* Indicates one of the following errors:
*
* -
*
* For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions
* to perform the config:Put* action.
*
*
* -
*
* For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the
* function's permissions.
*
*
* -
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because
* you do not have the following permissions:
*
*
* -
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.
*
*
*
*
* @throws ConformancePackTemplateValidationException
* You have specified a template that is not valid or supported.
* @throws ResourceInUseException
* You see this exception in the following cases:
*
* -
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this
* rule. Delete the remediation action associated with the rule before deleting the rule and try your
* request again later.
*
*
* -
*
* For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again
* later.
*
*
* -
*
* For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request
* again later.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and
* deletion is in progress. Try your request again later.
*
*
* -
*
* For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your
* request again later.
*
*
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws MaxNumberOfConformancePacksExceededException
* You have reached the limit of the number of conformance packs you can create in an account. For more
* information, see
* Service Limits in the Config Developer Guide.
* @sample AmazonConfig.PutConformancePack
* @see AWS API
* Documentation
*/
PutConformancePackResult putConformancePack(PutConformancePackRequest putConformancePackRequest);
/**
*
* Creates a delivery channel object to deliver configuration information and other compliance information to an
* Amazon S3 bucket and Amazon SNS topic. For more information, see Notifications
* that Config Sends to an Amazon SNS topic.
*
*
* Before you can create a delivery channel, you must create a configuration recorder.
*
*
* You can use this action to change the Amazon S3 bucket or an Amazon SNS topic of the existing delivery channel.
* To change the Amazon S3 bucket or an Amazon SNS topic, call this action and specify the changed values for the S3
* bucket and the SNS topic. If you specify a different value for either the S3 bucket or the SNS topic, this action
* will keep the existing value for the parameter that is not changed.
*
*
*
* You can have only one delivery channel per region in your account.
*
*
*
* @param putDeliveryChannelRequest
* The input for the PutDeliveryChannel action.
* @return Result of the PutDeliveryChannel operation returned by the service.
* @throws MaxNumberOfDeliveryChannelsExceededException
* You have reached the limit of the number of delivery channels you can create.
* @throws NoAvailableConfigurationRecorderException
* There are no configuration recorders available to provide the role needed to describe your resources.
* Create a configuration recorder.
* @throws InvalidDeliveryChannelNameException
* The specified delivery channel name is not valid.
* @throws NoSuchBucketException
* The specified Amazon S3 bucket does not exist.
* @throws InvalidS3KeyPrefixException
* The specified Amazon S3 key prefix is not valid.
* @throws InvalidS3KmsKeyArnException
* The specified Amazon KMS Key ARN is not valid.
* @throws InvalidSNSTopicARNException
* The specified Amazon SNS topic does not exist.
* @throws InsufficientDeliveryPolicyException
* Your Amazon S3 bucket policy does not permit Config to write to it.
* @sample AmazonConfig.PutDeliveryChannel
* @see AWS API
* Documentation
*/
PutDeliveryChannelResult putDeliveryChannel(PutDeliveryChannelRequest putDeliveryChannelRequest);
/**
*
* Used by an Lambda function to deliver evaluation results to Config. This action is required in every Lambda
* function that is invoked by an Config rule.
*
*
* @param putEvaluationsRequest
* @return Result of the PutEvaluations operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws InvalidResultTokenException
* The specified ResultToken is not valid.
* @throws NoSuchConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that
* the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
* @sample AmazonConfig.PutEvaluations
* @see AWS API
* Documentation
*/
PutEvaluationsResult putEvaluations(PutEvaluationsRequest putEvaluationsRequest);
/**
*
* Add or updates the evaluations for process checks. This API checks if the rule is a process check when the name
* of the Config rule is provided.
*
*
* @param putExternalEvaluationRequest
* @return Result of the PutExternalEvaluation operation returned by the service.
* @throws NoSuchConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that
* the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.PutExternalEvaluation
* @see AWS
* API Documentation
*/
PutExternalEvaluationResult putExternalEvaluation(PutExternalEvaluationRequest putExternalEvaluationRequest);
/**
*
* Adds or updates an Config rule for your entire organization to evaluate if your Amazon Web Services resources
* comply with your desired configurations. For information on how many organization Config rules you can have per
* account, see Service
* Limits in the Config Developer Guide.
*
*
* Only a management account and a delegated administrator can create or update an organization Config rule. When
* calling this API with a delegated administrator, you must ensure Organizations
* ListDelegatedAdministrator permissions are added. An organization can have up to 3 delegated
* administrators.
*
*
* This API enables organization service access through the EnableAWSServiceAccess action and creates a
* service-linked role AWSServiceRoleForConfigMultiAccountSetup in the management or delegated
* administrator account of your organization. The service-linked role is created only when the role does not exist
* in the caller account. Config verifies the existence of role with GetRole action.
*
*
* To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services
* Organization register-delegated-administrator for
* config-multiaccountsetup.amazonaws.com.
*
*
* There are two types of rules: Config Managed Rules and Config Custom Rules. You can use
* PutOrganizationConfigRule to create both Config Managed Rules and Config Custom Rules.
*
*
* Config Managed Rules are predefined, customizable rules created by Config. For a list of managed rules, see List of Config
* Managed Rules. If you are adding an Config managed rule, you must specify the rule's identifier for the
* RuleIdentifier key.
*
*
* Config Custom Rules are rules that you create from scratch. There are two ways to create Config custom rules:
* with Lambda functions ( Lambda Developer Guide) and with Guard (Guard GitHub Repository), a policy-as-code
* language. Config custom rules created with Lambda are called Config Custom Lambda Rules and Config custom
* rules created with Guard are called Config Custom Policy Rules.
*
*
* If you are adding a new Config Custom Lambda rule, you first need to create an Lambda function in the management
* account or a delegated administrator that the rule invokes to evaluate your resources. You also need to create an
* IAM role in the managed account that can be assumed by the Lambda function. When you use
* PutOrganizationConfigRule to add a Custom Lambda rule to Config, you must specify the Amazon
* Resource Name (ARN) that Lambda assigns to the function.
*
*
*
* Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.
*
*
* Make sure to specify one of either OrganizationCustomPolicyRuleMetadata for Custom Policy rules,
* OrganizationCustomRuleMetadata for Custom Lambda rules, or
* OrganizationManagedRuleMetadata for managed rules.
*
*
*
* @param putOrganizationConfigRuleRequest
* @return Result of the PutOrganizationConfigRule operation returned by the service.
* @throws MaxNumberOfOrganizationConfigRulesExceededException
* You have reached the limit of the number of organization Config rules you can create. For more
* information, see see Service Limits
* in the Config Developer Guide.
* @throws ResourceInUseException
* You see this exception in the following cases:
*
* -
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this
* rule. Delete the remediation action associated with the rule before deleting the rule and try your
* request again later.
*
*
* -
*
* For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again
* later.
*
*
* -
*
* For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request
* again later.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and
* deletion is in progress. Try your request again later.
*
*
* -
*
* For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your
* request again later.
*
*
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following reasons:
*
*
* -
*
* No permission to call EnableAWSServiceAccess API
*
*
* -
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management
* account or the delegated administrator role changed. Delete this aggregator and create a new one with the
* current Amazon Web Services Organization.
*
*
* -
*
* The configuration aggregator is associated with a previous Amazon Web Services Organization and Config
* cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a
* new one with the current Amazon Web Services Organization.
*
*
* -
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
*
*
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @throws NoAvailableOrganizationException
* Organization is no longer available.
* @throws OrganizationAllFeaturesNotEnabledException
* Config resource cannot be created because your organization does not have all features enabled.
* @throws InsufficientPermissionsException
* Indicates one of the following errors:
*
*
* -
*
* For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions
* to perform the config:Put* action.
*
*
* -
*
* For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the
* function's permissions.
*
*
* -
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because
* you do not have the following permissions:
*
*
* -
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.
*
*
*
*
* @sample AmazonConfig.PutOrganizationConfigRule
* @see AWS API Documentation
*/
PutOrganizationConfigRuleResult putOrganizationConfigRule(PutOrganizationConfigRuleRequest putOrganizationConfigRuleRequest);
/**
*
* Deploys conformance packs across member accounts in an Amazon Web Services Organization. For information on how
* many organization conformance packs and how many Config rules you can have per account, see Service Limits in
* the Config Developer Guide.
*
*
* Only a management account and a delegated administrator can call this API. When calling this API with a delegated
* administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added. An
* organization can have up to 3 delegated administrators.
*
*
* This API enables organization service access for config-multiaccountsetup.amazonaws.com through the
* EnableAWSServiceAccess action and creates a service-linked role
* AWSServiceRoleForConfigMultiAccountSetup in the management or delegated administrator account of
* your organization. The service-linked role is created only when the role does not exist in the caller account. To
* use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services
* Organization register-delegate-admin for config-multiaccountsetup.amazonaws.com.
*
*
*
* Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.
*
*
* You must specify either the TemplateS3Uri or the TemplateBody parameter, but not both.
* If you provide both Config uses the TemplateS3Uri parameter and ignores the
* TemplateBody parameter.
*
*
* Config sets the state of a conformance pack to CREATE_IN_PROGRESS and UPDATE_IN_PROGRESS until the conformance
* pack is created or updated. You cannot update a conformance pack while it is in this state.
*
*
*
* @param putOrganizationConformancePackRequest
* @return Result of the PutOrganizationConformancePack operation returned by the service.
* @throws MaxNumberOfOrganizationConformancePacksExceededException
* You have reached the limit of the number of organization conformance packs you can create in an account.
* For more information, see Service Limits
* in the Config Developer Guide.
* @throws ResourceInUseException
* You see this exception in the following cases:
*
* -
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this
* rule. Delete the remediation action associated with the rule before deleting the rule and try your
* request again later.
*
*
* -
*
* For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again
* later.
*
*
* -
*
* For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request
* again later.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and
* deletion is in progress. Try your request again later.
*
*
* -
*
* For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your
* request again later.
*
*
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following reasons:
*
*
* -
*
* No permission to call EnableAWSServiceAccess API
*
*
* -
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management
* account or the delegated administrator role changed. Delete this aggregator and create a new one with the
* current Amazon Web Services Organization.
*
*
* -
*
* The configuration aggregator is associated with a previous Amazon Web Services Organization and Config
* cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a
* new one with the current Amazon Web Services Organization.
*
*
* -
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
*
*
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @throws InsufficientPermissionsException
* Indicates one of the following errors:
*
*
* -
*
* For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions
* to perform the config:Put* action.
*
*
* -
*
* For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the
* function's permissions.
*
*
* -
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because
* you do not have the following permissions:
*
*
* -
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.
*
*
*
*
* @throws OrganizationConformancePackTemplateValidationException
* You have specified a template that is not valid or supported.
* @throws OrganizationAllFeaturesNotEnabledException
* Config resource cannot be created because your organization does not have all features enabled.
* @throws NoAvailableOrganizationException
* Organization is no longer available.
* @sample AmazonConfig.PutOrganizationConformancePack
* @see AWS API Documentation
*/
PutOrganizationConformancePackResult putOrganizationConformancePack(PutOrganizationConformancePackRequest putOrganizationConformancePackRequest);
/**
*
* Adds or updates the remediation configuration with a specific Config rule with the selected target or action. The
* API creates the RemediationConfiguration object for the Config rule. The Config rule must already
* exist for you to add a remediation configuration. The target (SSM document) must exist and have permissions to
* use the target.
*
*
*
* Be aware of backward incompatible changes
*
*
* If you make backward incompatible changes to the SSM document, you must call this again to ensure the
* remediations can run.
*
*
* This API does not support adding remediation configurations for service-linked Config Rules such as Organization
* Config rules, the rules deployed by conformance packs, and rules deployed by Amazon Web Services Security Hub.
*
*
*
* Required fields
*
*
* For manual remediation configuration, you need to provide a value for automationAssumeRole or use a
* value in the assumeRolefield to remediate your resources. The SSM automation document can use either
* as long as it maps to a valid parameter.
*
*
* However, for automatic remediation configuration, the only valid assumeRole field value is
* AutomationAssumeRole and you need to provide a value for AutomationAssumeRole to
* remediate your resources.
*
*
*
* Auto remediation can be initiated even for compliant resources
*
*
* If you enable auto remediation for a specific Config rule using the PutRemediationConfigurations API or the Config console, it initiates the remediation process for all
* non-compliant resources for that specific rule. The auto remediation process relies on the compliance data
* snapshot which is captured on a periodic basis. Any non-compliant resource that is updated between the snapshot
* schedule will continue to be remediated based on the last known compliance data snapshot.
*
*
* This means that in some cases auto remediation can be initiated even for compliant resources, since the bootstrap
* processor uses a database that can have stale evaluation results based on the last known compliance data
* snapshot.
*
*
*
* @param putRemediationConfigurationsRequest
* @return Result of the PutRemediationConfigurations operation returned by the service.
* @throws InsufficientPermissionsException
* Indicates one of the following errors:
*
* -
*
* For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions
* to perform the config:Put* action.
*
*
* -
*
* For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the
* function's permissions.
*
*
* -
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because
* you do not have the following permissions:
*
*
* -
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.
*
*
*
*
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.PutRemediationConfigurations
* @see AWS API Documentation
*/
PutRemediationConfigurationsResult putRemediationConfigurations(PutRemediationConfigurationsRequest putRemediationConfigurationsRequest);
/**
*
* A remediation exception is when a specified resource is no longer considered for auto-remediation. This API adds
* a new exception or updates an existing exception for a specified resource with a specified Config rule.
*
*
*
* Exceptions block auto remediation
*
*
* Config generates a remediation exception when a problem occurs running a remediation action for a specified
* resource. Remediation exceptions blocks auto-remediation until the exception is cleared.
*
*
*
* Manual remediation is recommended when placing an exception
*
*
* When placing an exception on an Amazon Web Services resource, it is recommended that remediation is set as manual
* remediation until the given Config rule for the specified resource evaluates the resource as
* NON_COMPLIANT. Once the resource has been evaluated as NON_COMPLIANT, you can add
* remediation exceptions and change the remediation type back from Manual to Auto if you want to use
* auto-remediation. Otherwise, using auto-remediation before a NON_COMPLIANT evaluation result can
* delete resources before the exception is applied.
*
*
*
* Exceptions can only be performed on non-compliant resources
*
*
* Placing an exception can only be performed on resources that are NON_COMPLIANT. If you use this API
* for COMPLIANT resources or resources that are NOT_APPLICABLE, a remediation exception
* will not be generated. For more information on the conditions that initiate the possible Config evaluation
* results, see Concepts |
* Config Rules in the Config Developer Guide.
*
*
*
* Auto remediation can be initiated even for compliant resources
*
*
* If you enable auto remediation for a specific Config rule using the PutRemediationConfigurations API or the Config console, it initiates the remediation process for all
* non-compliant resources for that specific rule. The auto remediation process relies on the compliance data
* snapshot which is captured on a periodic basis. Any non-compliant resource that is updated between the snapshot
* schedule will continue to be remediated based on the last known compliance data snapshot.
*
*
* This means that in some cases auto remediation can be initiated even for compliant resources, since the bootstrap
* processor uses a database that can have stale evaluation results based on the last known compliance data
* snapshot.
*
*
*
* @param putRemediationExceptionsRequest
* @return Result of the PutRemediationExceptions operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws InsufficientPermissionsException
* Indicates one of the following errors:
*
* -
*
* For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions
* to perform the config:Put* action.
*
*
* -
*
* For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the
* function's permissions.
*
*
* -
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because
* you do not have the following permissions:
*
*
* -
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.
*
*
*
*
* @sample AmazonConfig.PutRemediationExceptions
* @see AWS API Documentation
*/
PutRemediationExceptionsResult putRemediationExceptions(PutRemediationExceptionsRequest putRemediationExceptionsRequest);
/**
*
* Records the configuration state for the resource provided in the request. The configuration state of a resource
* is represented in Config as Configuration Items. Once this API records the configuration item, you can retrieve
* the list of configuration items for the custom resource type using existing Config APIs.
*
*
*
* The custom resource type must be registered with CloudFormation. This API accepts the configuration item
* registered with CloudFormation.
*
*
* When you call this API, Config only stores configuration state of the resource provided in the request. This API
* does not change or remediate the configuration of the resource.
*
*
* Write-only schema properites are not recorded as part of the published configuration item.
*
*
*
* @param putResourceConfigRequest
* @return Result of the PutResourceConfig operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InsufficientPermissionsException
* Indicates one of the following errors:
*
*
* -
*
* For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions
* to perform the config:Put* action.
*
*
* -
*
* For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the
* function's permissions.
*
*
* -
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because
* you do not have the following permissions:
*
*
* -
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.
*
*
*
*
* @throws NoRunningConfigurationRecorderException
* There is no configuration recorder running.
* @throws MaxActiveResourcesExceededException
* You have reached the limit of active custom resource types in your account. There is a limit of 100,000.
* Delete unused resources using DeleteResourceConfig
* Creates and updates the retention configuration with details about retention period (number of days) that Config
* stores your historical information. The API creates the RetentionConfiguration object and names the
* object as default. When you have a RetentionConfiguration object named default,
* calling the API modifies the default object.
*
*
*
* Currently, Config supports only one retention configuration per region in your account.
*
*
*
* @param putRetentionConfigurationRequest
* @return Result of the PutRetentionConfiguration operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws MaxNumberOfRetentionConfigurationsExceededException
* Failed to add the retention configuration because a retention configuration with that name already
* exists.
* @sample AmazonConfig.PutRetentionConfiguration
* @see AWS API Documentation
*/
PutRetentionConfigurationResult putRetentionConfiguration(PutRetentionConfigurationRequest putRetentionConfigurationRequest);
/**
*
* Saves a new query or updates an existing saved query. The QueryName must be unique for a single
* Amazon Web Services account and a single Amazon Web Services Region. You can create upto 300 queries in a single
* Amazon Web Services account and a single Amazon Web Services Region.
*
*
*
* PutStoredQuery is an idempotent API. Subsequent requests won’t create a duplicate resource if one
* was already created. If a following request has different tags values, Config will ignore these
* differences and treat it as an idempotent request of the previous. In this case, tags will not be
* updated, even if they are different.
*
*
*
* @param putStoredQueryRequest
* @return Result of the PutStoredQuery operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws TooManyTagsException
* You have reached the limit of the number of tags you can use. For more information, see Service Limits
* in the Config Developer Guide.
* @throws ResourceConcurrentModificationException
* Two users are trying to modify the same query at the same time. Wait for a moment and try again.
* @sample AmazonConfig.PutStoredQuery
* @see AWS API
* Documentation
*/
PutStoredQueryResult putStoredQuery(PutStoredQueryRequest putStoredQueryRequest);
/**
*
* Accepts a structured query language (SQL) SELECT command and an aggregator to query configuration state of Amazon
* Web Services resources across multiple accounts and regions, performs the corresponding search, and returns
* resource configurations matching the properties.
*
*
* For more information about query components, see the Query Components
* section in the Config Developer Guide.
*
*
*
* If you run an aggregation query (i.e., using GROUP BY or using aggregate functions such as
* COUNT; e.g.,
* SELECT resourceId, COUNT(*) WHERE resourceType = 'AWS::IAM::Role' GROUP BY resourceId) and do not
* specify the MaxResults or the Limit query parameters, the default page size is set to
* 500.
*
*
* If you run a non-aggregation query (i.e., not using GROUP BY or aggregate function; e.g.,
* SELECT * WHERE resourceType = 'AWS::IAM::Role') and do not specify the MaxResults or
* the Limit query parameters, the default page size is set to 25.
*
*
*
* @param selectAggregateResourceConfigRequest
* @return Result of the SelectAggregateResourceConfig operation returned by the service.
* @throws InvalidExpressionException
* The syntax of the query is incorrect.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.SelectAggregateResourceConfig
* @see AWS API Documentation
*/
SelectAggregateResourceConfigResult selectAggregateResourceConfig(SelectAggregateResourceConfigRequest selectAggregateResourceConfigRequest);
/**
*
* Accepts a structured query language (SQL) SELECT command, performs the corresponding search, and
* returns resource configurations matching the properties.
*
*
* For more information about query components, see the Query Components
* section in the Config Developer Guide.
*
*
* @param selectResourceConfigRequest
* @return Result of the SelectResourceConfig operation returned by the service.
* @throws InvalidExpressionException
* The syntax of the query is incorrect.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.SelectResourceConfig
* @see AWS
* API Documentation
*/
SelectResourceConfigResult selectResourceConfig(SelectResourceConfigRequest selectResourceConfigRequest);
/**
*
* Runs an on-demand evaluation for the specified Config rules against the last known configuration state of the
* resources. Use StartConfigRulesEvaluation when you want to test that a rule you updated is working
* as expected. StartConfigRulesEvaluation does not re-record the latest configuration state for your
* resources. It re-runs an evaluation against the last known state of your resources.
*
*
* You can specify up to 25 Config rules per request.
*
*
* An existing StartConfigRulesEvaluation call for the specified rules must complete before you can
* call the API again. If you chose to have Config stream to an Amazon SNS topic, you will receive a
* ConfigRuleEvaluationStarted notification when the evaluation starts.
*
*
*
* You don't need to call the StartConfigRulesEvaluation API to run an evaluation for a new rule. When
* you create a rule, Config evaluates your resources against the rule automatically.
*
*
*
* The StartConfigRulesEvaluation API is useful if you want to run on-demand evaluations, such as the
* following example:
*
*
* -
*
* You have a custom rule that evaluates your IAM resources every 24 hours.
*
*
* -
*
* You update your Lambda function to add additional conditions to your rule.
*
*
* -
*
* Instead of waiting for the next periodic evaluation, you call the StartConfigRulesEvaluation API.
*
*
* -
*
* Config invokes your Lambda function and evaluates your IAM resources.
*
*
* -
*
* Your custom rule will still run periodic evaluations every 24 hours.
*
*
*
*
* @param startConfigRulesEvaluationRequest
* @return Result of the StartConfigRulesEvaluation operation returned by the service.
* @throws NoSuchConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that
* the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
* @throws LimitExceededException
* For StartConfigRulesEvaluation API, this exception is thrown if an evaluation is in progress
* or if you call the StartConfigRulesEvaluation API more than once per minute.
*
* For PutConfigurationAggregator API, this exception is thrown if the number of accounts and
* aggregators exceeds the limit.
* @throws ResourceInUseException
* You see this exception in the following cases:
*
*
* -
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.
*
*
* -
*
* For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this
* rule. Delete the remediation action associated with the rule before deleting the rule and try your
* request again later.
*
*
* -
*
* For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again
* later.
*
*
* -
*
* For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request
* again later.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and
* deletion is in progress. Try your request again later.
*
*
* -
*
* For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your
* request again later.
*
*
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.StartConfigRulesEvaluation
* @see AWS API Documentation
*/
StartConfigRulesEvaluationResult startConfigRulesEvaluation(StartConfigRulesEvaluationRequest startConfigRulesEvaluationRequest);
/**
*
* Starts recording configurations of the Amazon Web Services resources you have selected to record in your Amazon
* Web Services account.
*
*
* You must have created at least one delivery channel to successfully start the configuration recorder.
*
*
* @param startConfigurationRecorderRequest
* The input for the StartConfigurationRecorder action.
* @return Result of the StartConfigurationRecorder operation returned by the service.
* @throws NoSuchConfigurationRecorderException
* You have specified a configuration recorder that does not exist.
* @throws NoAvailableDeliveryChannelException
* There is no delivery channel available to record configurations.
* @sample AmazonConfig.StartConfigurationRecorder
* @see AWS API Documentation
*/
StartConfigurationRecorderResult startConfigurationRecorder(StartConfigurationRecorderRequest startConfigurationRecorderRequest);
/**
*
* Runs an on-demand remediation for the specified Config rules against the last known remediation configuration. It
* runs an execution against the current state of your resources. Remediation execution is asynchronous.
*
*
* You can specify up to 100 resource keys per request. An existing StartRemediationExecution call for the specified
* resource keys must complete before you can call the API again.
*
*
* @param startRemediationExecutionRequest
* @return Result of the StartRemediationExecution operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws InsufficientPermissionsException
* Indicates one of the following errors:
*
* -
*
* For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions
* to perform the config:Put* action.
*
*
* -
*
* For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the
* function's permissions.
*
*
* -
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because
* you do not have the following permissions:
*
*
* -
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
*
* -
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.
*
*
*
*
* @throws NoSuchRemediationConfigurationException
* You specified an Config rule without a remediation configuration.
* @sample AmazonConfig.StartRemediationExecution
* @see AWS API Documentation
*/
StartRemediationExecutionResult startRemediationExecution(StartRemediationExecutionRequest startRemediationExecutionRequest);
/**
*
* Runs an on-demand evaluation for the specified resource to determine whether the resource details will comply
* with configured Config rules. You can also use it for evaluation purposes. Config recommends using an evaluation
* context. It runs an execution against the resource details with all of the Config rules in your account that
* match with the specified proactive mode and resource type.
*
*
*
* Ensure you have the cloudformation:DescribeType role setup to validate the resource type schema.
*
*
* You can find the Resource type
* schema in "Amazon Web Services public extensions" within the CloudFormation registry or with the
* following CLI commmand:
* aws cloudformation describe-type --type-name "AWS::S3::Bucket" --type RESOURCE.
*
*
* For more information, see Managing
* extensions through the CloudFormation registry and Amazon
* Web Services resource and property types reference in the CloudFormation User Guide.
*
*
*
* @param startResourceEvaluationRequest
* @return Result of the StartResourceEvaluation operation returned by the service.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws IdempotentParameterMismatchException
* Using the same client token with one or more different parameters. Specify a new client token with the
* parameter changes and try again.
* @sample AmazonConfig.StartResourceEvaluation
* @see AWS
* API Documentation
*/
StartResourceEvaluationResult startResourceEvaluation(StartResourceEvaluationRequest startResourceEvaluationRequest);
/**
*
* Stops recording configurations of the Amazon Web Services resources you have selected to record in your Amazon
* Web Services account.
*
*
* @param stopConfigurationRecorderRequest
* The input for the StopConfigurationRecorder action.
* @return Result of the StopConfigurationRecorder operation returned by the service.
* @throws NoSuchConfigurationRecorderException
* You have specified a configuration recorder that does not exist.
* @sample AmazonConfig.StopConfigurationRecorder
* @see AWS API Documentation
*/
StopConfigurationRecorderResult stopConfigurationRecorder(StopConfigurationRecorderRequest stopConfigurationRecorderRequest);
/**
*
* Associates the specified tags to a resource with the specified resourceArn. If existing tags on a resource are
* not specified in the request parameters, they are not changed. If existing tags are specified, however, then
* their values will be updated. When a resource is deleted, the tags associated with that resource are deleted as
* well.
*
*
* @param tagResourceRequest
* @return Result of the TagResource operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws ResourceNotFoundException
* You have specified a resource that does not exist.
* @throws TooManyTagsException
* You have reached the limit of the number of tags you can use. For more information, see Service Limits
* in the Config Developer Guide.
* @sample AmazonConfig.TagResource
* @see AWS API
* Documentation
*/
TagResourceResult tagResource(TagResourceRequest tagResourceRequest);
/**
*
* Deletes specified tags from a resource.
*
*
* @param untagResourceRequest
* @return Result of the UntagResource operation returned by the service.
* @throws ValidationException
* The requested action is not valid.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input
* value fails the validation, or if you are trying to create more than 300 queries.
*
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws ResourceNotFoundException
* You have specified a resource that does not exist.
* @sample AmazonConfig.UntagResource
* @see AWS API
* Documentation
*/
UntagResourceResult untagResource(UntagResourceRequest untagResourceRequest);
/**
* Shuts down this client object, releasing any resources that might be held open. This is an optional method, and
* callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client
* has been shutdown, it should not be used to make any more requests.
*/
void shutdown();
/**
* Returns additional metadata for a previously executed successful request, typically used for debugging issues
* where a service isn't acting as expected. This data isn't considered part of the result data returned by an
* operation, so it's available through this separate, diagnostic interface.
*
* Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic
* information for an executed request, you should use this method to retrieve it as soon as possible after
* executing a request.
*
* @param request
* The originally executed request.
*
* @return The response metadata for the specified request, or null if none is available.
*/
ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request);
}