Interface AmazonConfig
- All Known Subinterfaces:
AmazonConfigAsync
- All Known Implementing Classes:
AbstractAmazonConfig
,AbstractAmazonConfigAsync
,AmazonConfigAsyncClient
,AmazonConfigClient
AWS Config provides a way to keep track of the configurations of all the AWS resources associated with your AWS account. You can use AWS Config to get the current and historical configurations of each AWS resource and also to get information about the relationship between the resources. An AWS resource can be an Amazon Compute Cloud (Amazon EC2) instance, an Elastic Block Store (EBS) volume, an Elastic network Interface (ENI), or a security group. For a complete list of resources currently supported by AWS Config, see Supported AWS Resources.
You can access and manage AWS Config through the AWS Management Console, the AWS Command Line Interface (AWS CLI), the AWS Config API, or the AWS SDKs for AWS Config
This reference guide contains documentation for the AWS Config API and the AWS CLI commands that you can use to manage AWS Config.
The AWS Config API uses the Signature Version 4 protocol for signing requests. For more information about how to sign a request with this protocol, see Signature Version 4 Signing Process.
For detailed information about AWS Config features and their associated actions or commands, as well as how to work with AWS Management Console, see What Is AWS Config? in the AWS Config Developer Guide.
-
Method Summary
Modifier and TypeMethodDescriptiondeleteConfigRule
(DeleteConfigRuleRequest deleteConfigRuleRequest) Deletes the specified AWS Config rule and all of its evaluation results.deleteDeliveryChannel
(DeleteDeliveryChannelRequest deleteDeliveryChannelRequest) Deletes the specified delivery channel.deliverConfigSnapshot
(DeliverConfigSnapshotRequest deliverConfigSnapshotRequest) Schedules delivery of a configuration snapshot to the Amazon S3 bucket in the specified delivery channel.Simplified method form for invoking the DescribeComplianceByConfigRule operation.describeComplianceByConfigRule
(DescribeComplianceByConfigRuleRequest describeComplianceByConfigRuleRequest) Indicates whether the specified AWS Config rules are compliant.Simplified method form for invoking the DescribeComplianceByResource operation.describeComplianceByResource
(DescribeComplianceByResourceRequest describeComplianceByResourceRequest) Indicates whether the specified AWS resources are compliant.Simplified method form for invoking the DescribeConfigRuleEvaluationStatus operation.describeConfigRuleEvaluationStatus
(DescribeConfigRuleEvaluationStatusRequest describeConfigRuleEvaluationStatusRequest) Returns status information for each of your AWS managed Config rules.Simplified method form for invoking the DescribeConfigRules operation.describeConfigRules
(DescribeConfigRulesRequest describeConfigRulesRequest) Returns details about your AWS Config rules.Simplified method form for invoking the DescribeConfigurationRecorders operation.describeConfigurationRecorders
(DescribeConfigurationRecordersRequest describeConfigurationRecordersRequest) Returns the name of one or more specified configuration recorders.Simplified method form for invoking the DescribeConfigurationRecorderStatus operation.describeConfigurationRecorderStatus
(DescribeConfigurationRecorderStatusRequest describeConfigurationRecorderStatusRequest) Returns the current status of the specified configuration recorder.Simplified method form for invoking the DescribeDeliveryChannels operation.describeDeliveryChannels
(DescribeDeliveryChannelsRequest describeDeliveryChannelsRequest) Returns details about the specified delivery channel.Simplified method form for invoking the DescribeDeliveryChannelStatus operation.describeDeliveryChannelStatus
(DescribeDeliveryChannelStatusRequest describeDeliveryChannelStatusRequest) Returns the current status of the specified delivery channel.Returns additional metadata for a previously executed successful request, typically used for debugging issues where a service isn't acting as expected.getComplianceDetailsByConfigRule
(GetComplianceDetailsByConfigRuleRequest getComplianceDetailsByConfigRuleRequest) Returns the evaluation results for the specified AWS Config rule.getComplianceDetailsByResource
(GetComplianceDetailsByResourceRequest getComplianceDetailsByResourceRequest) Returns the evaluation results for the specified AWS resource.Simplified method form for invoking the GetComplianceSummaryByConfigRule operation.getComplianceSummaryByConfigRule
(GetComplianceSummaryByConfigRuleRequest getComplianceSummaryByConfigRuleRequest) Returns the number of AWS Config rules that are compliant and noncompliant, up to a maximum of 25 for each.Simplified method form for invoking the GetComplianceSummaryByResourceType operation.getComplianceSummaryByResourceType
(GetComplianceSummaryByResourceTypeRequest getComplianceSummaryByResourceTypeRequest) Returns the number of resources that are compliant and the number that are noncompliant.getResourceConfigHistory
(GetResourceConfigHistoryRequest getResourceConfigHistoryRequest) Returns a list of configuration items for the specified resource.listDiscoveredResources
(ListDiscoveredResourcesRequest listDiscoveredResourcesRequest) Accepts a resource type and returns a list of resource identifiers for the resources of that type.putConfigRule
(PutConfigRuleRequest putConfigRuleRequest) Adds or updates an AWS Config rule for evaluating whether your AWS resources comply with your desired configurations.putConfigurationRecorder
(PutConfigurationRecorderRequest putConfigurationRecorderRequest) Creates a new configuration recorder to record the selected resource configurations.putDeliveryChannel
(PutDeliveryChannelRequest putDeliveryChannelRequest) Creates a new delivery channel object to deliver the configuration information to an Amazon S3 bucket, and to an Amazon SNS topic.putEvaluations
(PutEvaluationsRequest putEvaluationsRequest) Used by an AWS Lambda function to deliver evaluation results to AWS Config.void
setEndpoint
(String endpoint) Overrides the default endpoint for this client ("config.us-east-1.amazonaws.com/").void
An alternative tosetEndpoint(String)
, sets the regional endpoint for this client's service calls.void
shutdown()
Shuts down this client object, releasing any resources that might be held open.startConfigurationRecorder
(StartConfigurationRecorderRequest startConfigurationRecorderRequest) Starts recording configurations of the AWS resources you have selected to record in your AWS account.stopConfigurationRecorder
(StopConfigurationRecorderRequest stopConfigurationRecorderRequest) Stops recording configurations of the AWS resources you have selected to record in your AWS account.
-
Method Details
-
setEndpoint
Overrides the default endpoint for this client ("config.us-east-1.amazonaws.com/"). Callers can use this method to control which AWS region they want to work with.Callers can pass in just the endpoint (ex: "config.us-east-1.amazonaws.com/") or a full URL, including the protocol (ex: "config.us-east-1.amazonaws.com/"). If the protocol is not specified here, the default protocol from this client's
ClientConfiguration
will be used, which by default is HTTPS.For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available endpoints for all AWS services, see: http://developer.amazonwebservices.com/connect/entry.jspa?externalID= 3912
This method is not threadsafe. An endpoint should be configured when the client is created and before any service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit or retrying.
- Parameters:
endpoint
- The endpoint (ex: "config.us-east-1.amazonaws.com/") or a full URL, including the protocol (ex: "config.us-east-1.amazonaws.com/") of the region specific AWS endpoint this client will communicate with.
-
setRegion
An alternative tosetEndpoint(String)
, sets the regional endpoint for this client's service calls. Callers can use this method to control which AWS region they want to work with.By default, all service endpoints in all regions use the https protocol. To use http instead, specify it in the
ClientConfiguration
supplied at construction.This method is not threadsafe. A region should be configured when the client is created and before any service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit or retrying.
- Parameters:
region
- The region this client will communicate with. SeeRegion.getRegion(com.amazonaws.regions.Regions)
for accessing a given region. Must not be null and must be a region where the service is available.- See Also:
-
deleteConfigRule
Deletes the specified AWS Config rule and all of its evaluation results.
AWS Config sets the state of a rule to
DELETING
until the deletion is complete. You cannot update a rule while it is in this state. If you make aPutConfigRule
orDeleteConfigRule
request for the rule, you will receive aResourceInUseException
.You can check the state of a rule by using the
DescribeConfigRules
request.- Parameters:
deleteConfigRuleRequest
-- Returns:
- Result of the DeleteConfigRule operation returned by the service.
- Throws:
NoSuchConfigRuleException
- One or more AWS Config rules in the request are invalid. Verify that the rule names are correct and try again.ResourceInUseException
- The rule is currently being deleted. Wait for a while and try again.
-
deleteDeliveryChannel
DeleteDeliveryChannelResult deleteDeliveryChannel(DeleteDeliveryChannelRequest deleteDeliveryChannelRequest) Deletes the specified delivery channel.
The delivery channel cannot be deleted if it is the only delivery channel and the configuration recorder is still running. To delete the delivery channel, stop the running configuration recorder using the StopConfigurationRecorder action.
- Parameters:
deleteDeliveryChannelRequest
- The input for the DeleteDeliveryChannel action. The action accepts the following data in JSON format.- Returns:
- Result of the DeleteDeliveryChannel operation returned by the service.
- Throws:
NoSuchDeliveryChannelException
- You have specified a delivery channel that does not exist.LastDeliveryChannelDeleteFailedException
- You cannot delete the delivery channel you specified because the configuration recorder is running.
-
deliverConfigSnapshot
DeliverConfigSnapshotResult deliverConfigSnapshot(DeliverConfigSnapshotRequest deliverConfigSnapshotRequest) Schedules delivery of a configuration snapshot to the Amazon S3 bucket in the specified delivery channel. After the delivery has started, AWS Config sends following notifications using an Amazon SNS topic that you have specified.
- Notification of starting the delivery.
- Notification of delivery completed, if the delivery was successfully completed.
- Notification of delivery failure, if the delivery failed to complete.
- Parameters:
deliverConfigSnapshotRequest
- The input for the DeliverConfigSnapshot action.- Returns:
- Result of the DeliverConfigSnapshot operation returned by the service.
- Throws:
NoSuchDeliveryChannelException
- You have specified a delivery channel that does not exist.NoAvailableConfigurationRecorderException
- There are no configuration recorders available to provide the role needed to describe your resources. Create a configuration recorder.NoRunningConfigurationRecorderException
- There is no configuration recorder running.
-
describeComplianceByConfigRule
DescribeComplianceByConfigRuleResult describeComplianceByConfigRule(DescribeComplianceByConfigRuleRequest describeComplianceByConfigRuleRequest) Indicates whether the specified AWS Config rules are compliant. If a rule is noncompliant, this action returns the number of AWS resources that do not comply with the rule.
A rule is compliant if all of the evaluated resources comply with it, and it is noncompliant if any of these resources do not comply.
If AWS Config has no current evaluation results for the rule, it returns
INSUFFICIENT_DATA
. This result might indicate one of the following conditions:- AWS Config has never invoked an evaluation for the rule. To check
whether it has, use the
DescribeConfigRuleEvaluationStatus
action to get theLastSuccessfulInvocationTime
andLastFailedInvocationTime
. - The rule's AWS Lambda function is failing to send evaluation results
to AWS Config. Verify that the role that you assigned to your
configuration recorder includes the
config:PutEvaluations
permission. If the rule is a customer managed rule, verify that the AWS Lambda execution role includes theconfig:PutEvaluations
permission. - The rule's AWS Lambda function has returned
NOT_APPLICABLE
for all evaluation results. This can occur if the resources were deleted or removed from the rule's scope.
- Parameters:
describeComplianceByConfigRuleRequest
-- Returns:
- Result of the DescribeComplianceByConfigRule operation returned by the service.
- Throws:
InvalidParameterValueException
- One or more of the specified parameters are invalid. Verify that your parameters are valid and try again.NoSuchConfigRuleException
- One or more AWS Config rules in the request are invalid. Verify that the rule names are correct and try again.
- AWS Config has never invoked an evaluation for the rule. To check
whether it has, use the
-
describeComplianceByConfigRule
DescribeComplianceByConfigRuleResult describeComplianceByConfigRule()Simplified method form for invoking the DescribeComplianceByConfigRule operation. -
describeComplianceByResource
DescribeComplianceByResourceResult describeComplianceByResource(DescribeComplianceByResourceRequest describeComplianceByResourceRequest) Indicates whether the specified AWS resources are compliant. If a resource is noncompliant, this action returns the number of AWS Config rules that the resource does not comply with.
A resource is compliant if it complies with all the AWS Config rules that evaluate it. It is noncompliant if it does not comply with one or more of these rules.
If AWS Config has no current evaluation results for the resource, it returns
INSUFFICIENT_DATA
. This result might indicate one of the following conditions about the rules that evaluate the resource:- AWS Config has never invoked an evaluation for the rule. To check
whether it has, use the
DescribeConfigRuleEvaluationStatus
action to get theLastSuccessfulInvocationTime
andLastFailedInvocationTime
. - The rule's AWS Lambda function is failing to send evaluation results
to AWS Config. Verify that the role that you assigned to your
configuration recorder includes the
config:PutEvaluations
permission. If the rule is a customer managed rule, verify that the AWS Lambda execution role includes theconfig:PutEvaluations
permission. - The rule's AWS Lambda function has returned
NOT_APPLICABLE
for all evaluation results. This can occur if the resources were deleted or removed from the rule's scope.
- Parameters:
describeComplianceByResourceRequest
-- Returns:
- Result of the DescribeComplianceByResource operation returned by the service.
- Throws:
InvalidParameterValueException
- One or more of the specified parameters are invalid. Verify that your parameters are valid and try again.InvalidNextTokenException
- The specified next token is invalid. Specify thenextToken
string that was returned in the previous response to get the next page of results.
- AWS Config has never invoked an evaluation for the rule. To check
whether it has, use the
-
describeComplianceByResource
DescribeComplianceByResourceResult describeComplianceByResource()Simplified method form for invoking the DescribeComplianceByResource operation. -
describeConfigRuleEvaluationStatus
DescribeConfigRuleEvaluationStatusResult describeConfigRuleEvaluationStatus(DescribeConfigRuleEvaluationStatusRequest describeConfigRuleEvaluationStatusRequest) Returns status information for each of your AWS managed Config rules. The status includes information such as the last time AWS Config invoked the rule, the last time AWS Config failed to invoke the rule, and the related error for the last failure.
- Parameters:
describeConfigRuleEvaluationStatusRequest
-- Returns:
- Result of the DescribeConfigRuleEvaluationStatus operation returned by the service.
- Throws:
NoSuchConfigRuleException
- One or more AWS Config rules in the request are invalid. Verify that the rule names are correct and try again.
-
describeConfigRuleEvaluationStatus
DescribeConfigRuleEvaluationStatusResult describeConfigRuleEvaluationStatus()Simplified method form for invoking the DescribeConfigRuleEvaluationStatus operation. -
describeConfigRules
DescribeConfigRulesResult describeConfigRules(DescribeConfigRulesRequest describeConfigRulesRequest) Returns details about your AWS Config rules.
- Parameters:
describeConfigRulesRequest
-- Returns:
- Result of the DescribeConfigRules operation returned by the service.
- Throws:
NoSuchConfigRuleException
- One or more AWS Config rules in the request are invalid. Verify that the rule names are correct and try again.
-
describeConfigRules
DescribeConfigRulesResult describeConfigRules()Simplified method form for invoking the DescribeConfigRules operation. -
describeConfigurationRecorderStatus
DescribeConfigurationRecorderStatusResult describeConfigurationRecorderStatus(DescribeConfigurationRecorderStatusRequest describeConfigurationRecorderStatusRequest) Returns the current status of the specified configuration recorder. If a configuration recorder is not specified, this action returns the status of all configuration recorder associated with the account.
Currently, you can specify only one configuration recorder per account. - Parameters:
describeConfigurationRecorderStatusRequest
- The input for the DescribeConfigurationRecorderStatus action.- Returns:
- Result of the DescribeConfigurationRecorderStatus operation returned by the service.
- Throws:
NoSuchConfigurationRecorderException
- You have specified a configuration recorder that does not exist.
-
describeConfigurationRecorderStatus
DescribeConfigurationRecorderStatusResult describeConfigurationRecorderStatus()Simplified method form for invoking the DescribeConfigurationRecorderStatus operation. -
describeConfigurationRecorders
DescribeConfigurationRecordersResult describeConfigurationRecorders(DescribeConfigurationRecordersRequest describeConfigurationRecordersRequest) Returns the name of one or more specified configuration recorders. If the recorder name is not specified, this action returns the names of all the configuration recorders associated with the account.
Currently, you can specify only one configuration recorder per account.
- Parameters:
describeConfigurationRecordersRequest
- The input for the DescribeConfigurationRecorders action.- Returns:
- Result of the DescribeConfigurationRecorders operation returned by the service.
- Throws:
NoSuchConfigurationRecorderException
- You have specified a configuration recorder that does not exist.
-
describeConfigurationRecorders
DescribeConfigurationRecordersResult describeConfigurationRecorders()Simplified method form for invoking the DescribeConfigurationRecorders operation. -
describeDeliveryChannelStatus
DescribeDeliveryChannelStatusResult describeDeliveryChannelStatus(DescribeDeliveryChannelStatusRequest describeDeliveryChannelStatusRequest) Returns the current status of the specified delivery channel. If a delivery channel is not specified, this action returns the current status of all delivery channels associated with the account.
Currently, you can specify only one delivery channel per account. - Parameters:
describeDeliveryChannelStatusRequest
- The input for the DeliveryChannelStatus action.- Returns:
- Result of the DescribeDeliveryChannelStatus operation returned by the service.
- Throws:
NoSuchDeliveryChannelException
- You have specified a delivery channel that does not exist.
-
describeDeliveryChannelStatus
DescribeDeliveryChannelStatusResult describeDeliveryChannelStatus()Simplified method form for invoking the DescribeDeliveryChannelStatus operation. -
describeDeliveryChannels
DescribeDeliveryChannelsResult describeDeliveryChannels(DescribeDeliveryChannelsRequest describeDeliveryChannelsRequest) Returns details about the specified delivery channel. If a delivery channel is not specified, this action returns the details of all delivery channels associated with the account.
Currently, you can specify only one delivery channel per account.
- Parameters:
describeDeliveryChannelsRequest
- The input for the DescribeDeliveryChannels action.- Returns:
- Result of the DescribeDeliveryChannels operation returned by the service.
- Throws:
NoSuchDeliveryChannelException
- You have specified a delivery channel that does not exist.
-
describeDeliveryChannels
DescribeDeliveryChannelsResult describeDeliveryChannels()Simplified method form for invoking the DescribeDeliveryChannels operation. -
getComplianceDetailsByConfigRule
GetComplianceDetailsByConfigRuleResult getComplianceDetailsByConfigRule(GetComplianceDetailsByConfigRuleRequest getComplianceDetailsByConfigRuleRequest) Returns the evaluation results for the specified AWS Config rule. The results indicate which AWS resources were evaluated by the rule, when each resource was last evaluated, and whether each resource complies with the rule.
- Parameters:
getComplianceDetailsByConfigRuleRequest
-- Returns:
- Result of the GetComplianceDetailsByConfigRule operation returned by the service.
- Throws:
InvalidParameterValueException
- One or more of the specified parameters are invalid. Verify that your parameters are valid and try again.InvalidNextTokenException
- The specified next token is invalid. Specify thenextToken
string that was returned in the previous response to get the next page of results.NoSuchConfigRuleException
- One or more AWS Config rules in the request are invalid. Verify that the rule names are correct and try again.
-
getComplianceDetailsByResource
GetComplianceDetailsByResourceResult getComplianceDetailsByResource(GetComplianceDetailsByResourceRequest getComplianceDetailsByResourceRequest) Returns the evaluation results for the specified AWS resource. The results indicate which AWS Config rules were used to evaluate the resource, when each rule was last used, and whether the resource complies with each rule.
- Parameters:
getComplianceDetailsByResourceRequest
-- Returns:
- Result of the GetComplianceDetailsByResource operation returned by the service.
- Throws:
InvalidParameterValueException
- One or more of the specified parameters are invalid. Verify that your parameters are valid and try again.
-
getComplianceSummaryByConfigRule
GetComplianceSummaryByConfigRuleResult getComplianceSummaryByConfigRule(GetComplianceSummaryByConfigRuleRequest getComplianceSummaryByConfigRuleRequest) Returns the number of AWS Config rules that are compliant and noncompliant, up to a maximum of 25 for each.
- Parameters:
getComplianceSummaryByConfigRuleRequest
-- Returns:
- Result of the GetComplianceSummaryByConfigRule operation returned by the service.
-
getComplianceSummaryByConfigRule
GetComplianceSummaryByConfigRuleResult getComplianceSummaryByConfigRule()Simplified method form for invoking the GetComplianceSummaryByConfigRule operation. -
getComplianceSummaryByResourceType
GetComplianceSummaryByResourceTypeResult getComplianceSummaryByResourceType(GetComplianceSummaryByResourceTypeRequest getComplianceSummaryByResourceTypeRequest) Returns the number of resources that are compliant and the number that are noncompliant. You can specify one or more resource types to get these numbers for each resource type. The maximum number returned is 100.
- Parameters:
getComplianceSummaryByResourceTypeRequest
-- Returns:
- Result of the GetComplianceSummaryByResourceType operation returned by the service.
- Throws:
InvalidParameterValueException
- One or more of the specified parameters are invalid. Verify that your parameters are valid and try again.
-
getComplianceSummaryByResourceType
GetComplianceSummaryByResourceTypeResult getComplianceSummaryByResourceType()Simplified method form for invoking the GetComplianceSummaryByResourceType operation. -
getResourceConfigHistory
GetResourceConfigHistoryResult getResourceConfigHistory(GetResourceConfigHistoryRequest getResourceConfigHistoryRequest) Returns a list of configuration items for the specified resource. The list contains details about each state of the resource during the specified time interval.
The response is paginated, and by default, AWS Config returns a limit of 10 configuration items per page. You can customize this number with the
limit
parameter. The response includes anextToken
string, and to get the next page of results, run the request again and enter this string for thenextToken
parameter.Each call to the API is limited to span a duration of seven days. It is likely that the number of records returned is smaller than the specified
limit
. In such cases, you can make another call, using thenextToken
.- Parameters:
getResourceConfigHistoryRequest
- The input for the GetResourceConfigHistory action.- Returns:
- Result of the GetResourceConfigHistory operation returned by the service.
- Throws:
ValidationException
- The requested action is not valid.InvalidTimeRangeException
- The specified time range is not valid. The earlier time is not chronologically before the later time.InvalidLimitException
- The specified limit is outside the allowable range.InvalidNextTokenException
- The specified next token is invalid. Specify thenextToken
string that was returned in the previous response to get the next page of results.NoAvailableConfigurationRecorderException
- There are no configuration recorders available to provide the role needed to describe your resources. Create a configuration recorder.ResourceNotDiscoveredException
- You have specified a resource that is either unknown or has not been discovered.
-
listDiscoveredResources
ListDiscoveredResourcesResult listDiscoveredResources(ListDiscoveredResourcesRequest listDiscoveredResourcesRequest) Accepts a resource type and returns a list of resource identifiers for the resources of that type. A resource identifier includes the resource type, ID, and (if available) the custom resource name. The results consist of resources that AWS Config has discovered, including those that AWS Config is not currently recording. You can narrow the results to include only resources that have specific resource IDs or a resource name.
You can specify either resource IDs or a resource name but not both in the same request. The response is paginated, and by default AWS Config lists 100 resource identifiers on each page. You can customize this number with the
limit
parameter. The response includes anextToken
string, and to get the next page of results, run the request again and enter this string for thenextToken
parameter.- Parameters:
listDiscoveredResourcesRequest
-- Returns:
- Result of the ListDiscoveredResources operation returned by the service.
- Throws:
ValidationException
- The requested action is not valid.InvalidLimitException
- The specified limit is outside the allowable range.InvalidNextTokenException
- The specified next token is invalid. Specify thenextToken
string that was returned in the previous response to get the next page of results.NoAvailableConfigurationRecorderException
- There are no configuration recorders available to provide the role needed to describe your resources. Create a configuration recorder.
-
putConfigRule
Adds or updates an AWS Config rule for evaluating whether your AWS resources comply with your desired configurations.
You can use this action for customer managed Config rules and AWS managed Config rules. A customer managed Config rule is a custom rule that you develop and maintain. An AWS managed Config rule is a customizable, predefined rule that is provided by AWS Config.
If you are adding a new customer managed Config rule, you must first create the AWS Lambda function that the rule invokes to evaluate your resources. When you use the
PutConfigRule
action to add the rule to AWS Config, you must specify the Amazon Resource Name (ARN) that AWS Lambda assigns to the function. Specify the ARN for theSourceIdentifier
key. This key is part of theSource
object, which is part of theConfigRule
object.If you are adding a new AWS managed Config rule, specify the rule's identifier for the
SourceIdentifier
key. To reference AWS managed Config rule identifiers, see Using AWS Managed Config Rules.For any new rule that you add, specify the
ConfigRuleName
in theConfigRule
object. Do not specify theConfigRuleArn
or theConfigRuleId
. These values are generated by AWS Config for new rules.If you are updating a rule that you have added previously, specify the rule's
ConfigRuleName
,ConfigRuleId
, orConfigRuleArn
in theConfigRule
data type that you use in this request.The maximum number of rules that AWS Config supports is 25.
For more information about developing and using AWS Config rules, see Evaluating AWS Resource Configurations with AWS Config in the AWS Config Developer Guide.
- Parameters:
putConfigRuleRequest
-- Returns:
- Result of the PutConfigRule operation returned by the service.
- Throws:
InvalidParameterValueException
- One or more of the specified parameters are invalid. Verify that your parameters are valid and try again.MaxNumberOfConfigRulesExceededException
- Failed to add the AWS Config rule because the account already contains the maximum number of 25 rules. Consider deleting any deactivated rules before adding new rules.ResourceInUseException
- The rule is currently being deleted. Wait for a while and try again.InsufficientPermissionsException
- Indicates one of the following errors:- The rule cannot be created because the IAM role assigned to AWS Config lacks permissions to perform the config:Put* action.
- The AWS Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.
-
putConfigurationRecorder
PutConfigurationRecorderResult putConfigurationRecorder(PutConfigurationRecorderRequest putConfigurationRecorderRequest) Creates a new configuration recorder to record the selected resource configurations.
You can use this action to change the role
roleARN
and/or therecordingGroup
of an existing recorder. To change the role, call the action on the existing configuration recorder and specify a role.Currently, you can specify only one configuration recorder per account.
If
ConfigurationRecorder
does not have the recordingGroup parameter specified, the default is to record all supported resource types.- Parameters:
putConfigurationRecorderRequest
- The input for the PutConfigurationRecorder action.- Returns:
- Result of the PutConfigurationRecorder operation returned by the service.
- Throws:
MaxNumberOfConfigurationRecordersExceededException
- You have reached the limit on the number of recorders you can create.InvalidConfigurationRecorderNameException
- You have provided a configuration recorder name that is not valid.InvalidRoleException
- You have provided a null or empty role ARN.InvalidRecordingGroupException
- AWS Config throws an exception if the recording group does not contain a valid list of resource types. Invalid values could also be incorrectly formatted.
-
putDeliveryChannel
Creates a new delivery channel object to deliver the configuration information to an Amazon S3 bucket, and to an Amazon SNS topic.
You can use this action to change the Amazon S3 bucket or an Amazon SNS topic of the existing delivery channel. To change the Amazon S3 bucket or an Amazon SNS topic, call this action and specify the changed values for the S3 bucket and the SNS topic. If you specify a different value for either the S3 bucket or the SNS topic, this action will keep the existing value for the parameter that is not changed.
Currently, you can specify only one delivery channel per account.
- Parameters:
putDeliveryChannelRequest
- The input for the PutDeliveryChannel action.- Returns:
- Result of the PutDeliveryChannel operation returned by the service.
- Throws:
MaxNumberOfDeliveryChannelsExceededException
- You have reached the limit on the number of delivery channels you can create.NoAvailableConfigurationRecorderException
- There are no configuration recorders available to provide the role needed to describe your resources. Create a configuration recorder.InvalidDeliveryChannelNameException
- The specified delivery channel name is not valid.NoSuchBucketException
- The specified Amazon S3 bucket does not exist.InvalidS3KeyPrefixException
- The specified Amazon S3 key prefix is not valid.InvalidSNSTopicARNException
- The specified Amazon SNS topic does not exist.InsufficientDeliveryPolicyException
- Your Amazon S3 bucket policy does not permit AWS Config to write to it.
-
putEvaluations
Used by an AWS Lambda function to deliver evaluation results to AWS Config. This action is required in every AWS Lambda function that is invoked by an AWS Config rule.
- Parameters:
putEvaluationsRequest
-- Returns:
- Result of the PutEvaluations operation returned by the service.
- Throws:
InvalidParameterValueException
- One or more of the specified parameters are invalid. Verify that your parameters are valid and try again.InvalidResultTokenException
- The result token is invalid.NoSuchConfigRuleException
- One or more AWS Config rules in the request are invalid. Verify that the rule names are correct and try again.
-
startConfigurationRecorder
StartConfigurationRecorderResult startConfigurationRecorder(StartConfigurationRecorderRequest startConfigurationRecorderRequest) Starts recording configurations of the AWS resources you have selected to record in your AWS account.
You must have created at least one delivery channel to successfully start the configuration recorder.
- Parameters:
startConfigurationRecorderRequest
- The input for the StartConfigurationRecorder action.- Returns:
- Result of the StartConfigurationRecorder operation returned by the service.
- Throws:
NoSuchConfigurationRecorderException
- You have specified a configuration recorder that does not exist.NoAvailableDeliveryChannelException
- There is no delivery channel available to record configurations.
-
stopConfigurationRecorder
StopConfigurationRecorderResult stopConfigurationRecorder(StopConfigurationRecorderRequest stopConfigurationRecorderRequest) Stops recording configurations of the AWS resources you have selected to record in your AWS account.
- Parameters:
stopConfigurationRecorderRequest
-The input for the StopConfigurationRecorder action.
- Returns:
- Result of the StopConfigurationRecorder operation returned by the service.
- Throws:
NoSuchConfigurationRecorderException
- You have specified a configuration recorder that does not exist.
-
shutdown
void shutdown()Shuts down this client object, releasing any resources that might be held open. This is an optional method, and callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client has been shutdown, it should not be used to make any more requests. -
getCachedResponseMetadata
Returns additional metadata for a previously executed successful request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing a request.
- Parameters:
request
- The originally executed request.- Returns:
- The response metadata for the specified request, or null if none is available.
-