* Note: Do not directly implement this interface, new methods are added to it regularly. Extend from * {@link com.amazonaws.services.config.AbstractAmazonConfig} instead. *
*
*
* Config provides a way to keep track of the configurations of all the Amazon Web Services resources associated with * your Amazon Web Services account. You can use Config to get the current and historical configurations of each Amazon * Web Services resource and also to get information about the relationship between the resources. An Amazon Web * Services resource can be an Amazon Compute Cloud (Amazon EC2) instance, an Elastic Block Store (EBS) volume, an * elastic network Interface (ENI), or a security group. For a complete list of resources currently supported by Config, * see Supported Amazon Web Services resources. *
** You can access and manage Config through the Amazon Web Services Management Console, the Amazon Web Services Command * Line Interface (Amazon Web Services CLI), the Config API, or the Amazon Web Services SDKs for Config. This reference * guide contains documentation for the Config API and the Amazon Web Services CLI commands that you can use to manage * Config. The Config API uses the Signature Version 4 protocol for signing requests. For more information about how to * sign a request with this protocol, see Signature Version 4 Signing * Process. For detailed information about Config features and their associated actions or commands, as well as how * to work with Amazon Web Services Management Console, see What Is Config in the Config * Developer Guide. *
*/ @Generated("com.amazonaws:aws-java-sdk-code-generator") public interface AmazonConfig { /** * The region metadata service name for computing region endpoints. You can use this value to retrieve metadata * (such as supported regions) of the service. * * @see RegionUtils#getRegionsForService(String) */ String ENDPOINT_PREFIX = "config"; /** * Overrides the default endpoint for this client ("config.us-east-1.amazonaws.com/"). Callers can use this method * to control which AWS region they want to work with. ** Callers can pass in just the endpoint (ex: "config.us-east-1.amazonaws.com/") or a full URL, including the * protocol (ex: "config.us-east-1.amazonaws.com/"). If the protocol is not specified here, the default protocol * from this client's {@link ClientConfiguration} will be used, which by default is HTTPS. *
* For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available * endpoints for all AWS services, see: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-region-selection.html#region-selection- * choose-endpoint *
* This method is not threadsafe. An endpoint should be configured when the client is created and before any * service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in * transit or retrying. * * @param endpoint * The endpoint (ex: "config.us-east-1.amazonaws.com/") or a full URL, including the protocol (ex: * "config.us-east-1.amazonaws.com/") of the region specific AWS endpoint this client will communicate with. * @deprecated use {@link AwsClientBuilder#setEndpointConfiguration(AwsClientBuilder.EndpointConfiguration)} for * example: * {@code builder.setEndpointConfiguration(new EndpointConfiguration(endpoint, signingRegion));} */ @Deprecated void setEndpoint(String endpoint); /** * An alternative to {@link AmazonConfig#setEndpoint(String)}, sets the regional endpoint for this client's service * calls. Callers can use this method to control which AWS region they want to work with. *
* By default, all service endpoints in all regions use the https protocol. To use http instead, specify it in the * {@link ClientConfiguration} supplied at construction. *
* This method is not threadsafe. A region should be configured when the client is created and before any service * requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit * or retrying. * * @param region * The region this client will communicate with. See {@link Region#getRegion(com.amazonaws.regions.Regions)} * for accessing a given region. Must not be null and must be a region where the service is available. * * @see Region#getRegion(com.amazonaws.regions.Regions) * @see Region#createClient(Class, com.amazonaws.auth.AWSCredentialsProvider, ClientConfiguration) * @see Region#isServiceSupported(String) * @deprecated use {@link AwsClientBuilder#setRegion(String)} */ @Deprecated void setRegion(Region region); /** *
* Returns the current configuration items for resources that are present in your Config aggregator. The operation
* also returns a list of resources that are not processed in the current request. If there are no unprocessed
* resources, the operation returns an empty unprocessedResourceIdentifiers list.
*
* The API does not return results for deleted resources. *
** The API does not return tags and relationships. *
** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
** For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are * missing required fields or if the input value fails the validation. * @throws NoSuchConfigurationAggregatorException * You have specified a configuration aggregator that does not exist. * @sample AmazonConfig.BatchGetAggregateResourceConfig * @see AWS API Documentation */ BatchGetAggregateResourceConfigResult batchGetAggregateResourceConfig(BatchGetAggregateResourceConfigRequest batchGetAggregateResourceConfigRequest); /** *
* Returns the BaseConfigurationItem for one or more requested resources. The operation also returns a
* list of resources that are not processed in the current request. If there are no unprocessed resources, the
* operation returns an empty unprocessedResourceKeys list.
*
* The API does not return results for deleted resources. *
** The API does not return any tags for the requested resources. This information is filtered out of the * supplementaryConfiguration section of the API response. *
** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
** For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are * missing required fields or if the input value fails the validation. * @throws NoAvailableConfigurationRecorderException * There are no configuration recorders available to provide the role needed to describe your resources. * Create a configuration recorder. * @sample AmazonConfig.BatchGetResourceConfig * @see AWS * API Documentation */ BatchGetResourceConfigResult batchGetResourceConfig(BatchGetResourceConfigRequest batchGetResourceConfigRequest); /** *
* Deletes the authorization granted to the specified configuration aggregator account in a specified region. *
* * @param deleteAggregationAuthorizationRequest * @return Result of the DeleteAggregationAuthorization operation returned by the service. * @throws InvalidParameterValueException * One or more of the specified parameters are not valid. Verify that your parameters are valid and try * again. * @sample AmazonConfig.DeleteAggregationAuthorization * @see AWS API Documentation */ DeleteAggregationAuthorizationResult deleteAggregationAuthorization(DeleteAggregationAuthorizationRequest deleteAggregationAuthorizationRequest); /** ** Deletes the specified Config rule and all of its evaluation results. *
*
* Config sets the state of a rule to DELETING until the deletion is complete. You cannot update a rule
* while it is in this state. If you make a PutConfigRule or DeleteConfigRule request for
* the rule, you will receive a ResourceInUseException.
*
* You can check the state of a rule by using the DescribeConfigRules request.
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later. *
** For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later. *
** For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this * rule. Delete the remediation action associated with the rule before deleting the rule and try your * request again later. *
** For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again * later. *
** For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request * again later. *
** For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and * deletion is in progress. Try your request again later. *
** For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your * request again later. *
** Deletes the specified configuration aggregator and the aggregated data associated with the aggregator. *
* * @param deleteConfigurationAggregatorRequest * @return Result of the DeleteConfigurationAggregator operation returned by the service. * @throws NoSuchConfigurationAggregatorException * You have specified a configuration aggregator that does not exist. * @sample AmazonConfig.DeleteConfigurationAggregator * @see AWS API Documentation */ DeleteConfigurationAggregatorResult deleteConfigurationAggregator(DeleteConfigurationAggregatorRequest deleteConfigurationAggregatorRequest); /** ** Deletes the configuration recorder. *
** After the configuration recorder is deleted, Config will not record resource configuration changes until you * create a new configuration recorder. *
*
* This action does not delete the configuration information that was previously recorded. You will be able to
* access the previously recorded information by using the GetResourceConfigHistory action, but you
* will not be able to access this information in the Config console until you create a new configuration recorder.
*
DeleteConfigurationRecorder action.
* @return Result of the DeleteConfigurationRecorder operation returned by the service.
* @throws NoSuchConfigurationRecorderException
* You have specified a configuration recorder that does not exist.
* @sample AmazonConfig.DeleteConfigurationRecorder
* @see AWS API Documentation
*/
DeleteConfigurationRecorderResult deleteConfigurationRecorder(DeleteConfigurationRecorderRequest deleteConfigurationRecorderRequest);
/**
* * Deletes the specified conformance pack and all the Config rules, remediation actions, and all evaluation results * within that conformance pack. *
*
* Config sets the conformance pack to DELETE_IN_PROGRESS until the deletion is complete. You cannot
* update a conformance pack while it is in this state.
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later. *
** For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later. *
** For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this * rule. Delete the remediation action associated with the rule before deleting the rule and try your * request again later. *
** For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again * later. *
** For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request * again later. *
** For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and * deletion is in progress. Try your request again later. *
** For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your * request again later. *
** Deletes the delivery channel. *
** Before you can delete the delivery channel, you must stop the configuration recorder by using the * StopConfigurationRecorder action. *
* * @param deleteDeliveryChannelRequest * The input for the DeleteDeliveryChannel action. The action accepts the following data, in JSON * format. * @return Result of the DeleteDeliveryChannel operation returned by the service. * @throws NoSuchDeliveryChannelException * You have specified a delivery channel that does not exist. * @throws LastDeliveryChannelDeleteFailedException * You cannot delete the delivery channel you specified because the configuration recorder is running. * @sample AmazonConfig.DeleteDeliveryChannel * @see AWS * API Documentation */ DeleteDeliveryChannelResult deleteDeliveryChannel(DeleteDeliveryChannelRequest deleteDeliveryChannelRequest); /** ** Deletes the evaluation results for the specified Config rule. You can specify one Config rule per request. After * you delete the evaluation results, you can call the StartConfigRulesEvaluation API to start evaluating * your Amazon Web Services resources against the rule. *
* * @param deleteEvaluationResultsRequest * @return Result of the DeleteEvaluationResults operation returned by the service. * @throws NoSuchConfigRuleException * The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that * the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again. * @throws ResourceInUseException * You see this exception in the following cases: ** For DeleteConfigRule, Config is deleting this rule. Try your request again later. *
** For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later. *
** For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this * rule. Delete the remediation action associated with the rule before deleting the rule and try your * request again later. *
** For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again * later. *
** For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request * again later. *
** For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and * deletion is in progress. Try your request again later. *
** For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your * request again later. *
** Deletes the specified organization Config rule and all of its evaluation results from all member accounts in that * organization. *
*
* Only a management account and a delegated administrator account can delete an organization Config rule. When
* calling this API with a delegated administrator, you must ensure Organizations
* ListDelegatedAdministrator permissions are added.
*
* Config sets the state of a rule to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a rule * while it is in this state. *
* * @param deleteOrganizationConfigRuleRequest * @return Result of the DeleteOrganizationConfigRule operation returned by the service. * @throws NoSuchOrganizationConfigRuleException * The Config rule in the request is not valid. Verify that the rule is an organization Config Process Check * rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying * again. * @throws ResourceInUseException * You see this exception in the following cases: ** For DeleteConfigRule, Config is deleting this rule. Try your request again later. *
** For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later. *
** For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this * rule. Delete the remediation action associated with the rule before deleting the rule and try your * request again later. *
** For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again * later. *
** For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request * again later. *
** For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and * deletion is in progress. Try your request again later. *
** For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your * request again later. *
*PutConfigurationAggregator API, you can see this exception for the following
* reasons:
*
* No permission to call EnableAWSServiceAccess API
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management * account or the delegated administrator role changed. Delete this aggregator and create a new one with the * current Amazon Web Services Organization. *
** The configuration aggregator is associated with a previous Amazon Web Services Organization and Config * cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a * new one with the current Amazon Web Services Organization. *
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.DeleteOrganizationConfigRule
* @see AWS API Documentation
*/
DeleteOrganizationConfigRuleResult deleteOrganizationConfigRule(DeleteOrganizationConfigRuleRequest deleteOrganizationConfigRuleRequest);
/**
*
* Deletes the specified organization conformance pack and all of the Config rules and remediation actions from all * member accounts in that organization. *
*
* Only a management account or a delegated administrator account can delete an organization conformance pack. When
* calling this API with a delegated administrator, you must ensure Organizations
* ListDelegatedAdministrator permissions are added.
*
* Config sets the state of a conformance pack to DELETE_IN_PROGRESS until the deletion is complete. You cannot * update a conformance pack while it is in this state. *
* * @param deleteOrganizationConformancePackRequest * @return Result of the DeleteOrganizationConformancePack operation returned by the service. * @throws NoSuchOrganizationConformancePackException * Config organization conformance pack that you passed in the filter does not exist. ** For DeleteOrganizationConformancePack, you tried to delete an organization conformance pack that does not * exist. * @throws ResourceInUseException * You see this exception in the following cases: *
** For DeleteConfigRule, Config is deleting this rule. Try your request again later. *
** For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later. *
** For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this * rule. Delete the remediation action associated with the rule before deleting the rule and try your * request again later. *
** For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again * later. *
** For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request * again later. *
** For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and * deletion is in progress. Try your request again later. *
** For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your * request again later. *
*PutConfigurationAggregator API, you can see this exception for the following
* reasons:
*
* No permission to call EnableAWSServiceAccess API
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management * account or the delegated administrator role changed. Delete this aggregator and create a new one with the * current Amazon Web Services Organization. *
** The configuration aggregator is associated with a previous Amazon Web Services Organization and Config * cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a * new one with the current Amazon Web Services Organization. *
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.DeleteOrganizationConformancePack
* @see AWS API Documentation
*/
DeleteOrganizationConformancePackResult deleteOrganizationConformancePack(DeleteOrganizationConformancePackRequest deleteOrganizationConformancePackRequest);
/**
*
* Deletes pending authorization requests for a specified aggregator account in a specified region. *
* * @param deletePendingAggregationRequestRequest * @return Result of the DeletePendingAggregationRequest operation returned by the service. * @throws InvalidParameterValueException * One or more of the specified parameters are not valid. Verify that your parameters are valid and try * again. * @sample AmazonConfig.DeletePendingAggregationRequest * @see AWS API Documentation */ DeletePendingAggregationRequestResult deletePendingAggregationRequest(DeletePendingAggregationRequestRequest deletePendingAggregationRequestRequest); /** ** Deletes the remediation configuration. *
* * @param deleteRemediationConfigurationRequest * @return Result of the DeleteRemediationConfiguration operation returned by the service. * @throws NoSuchRemediationConfigurationException * You specified an Config rule without a remediation configuration. * @throws RemediationInProgressException * Remediation action is in progress. You can either cancel execution in Amazon Web Services Systems Manager * or wait and try again later. * @throws InsufficientPermissionsException * Indicates one of the following errors: ** For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions * to perform the config:Put* action. *
** For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the * function's permissions. *
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because * you do not have the following permissions: *
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument. *
** Deletes one or more remediation exceptions mentioned in the resource keys. *
** Config generates a remediation exception when a problem occurs executing a remediation action to a specific * resource. Remediation exceptions blocks auto-remediation until the exception is cleared. *
** Records the configuration state for a custom resource that has been deleted. This API records a new * ConfigurationItem with a ResourceDeleted status. You can retrieve the ConfigurationItems recorded for this * resource in your Config History. *
* * @param deleteResourceConfigRequest * @return Result of the DeleteResourceConfig operation returned by the service. * @throws ValidationException * The requested action is not valid. ** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
** For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are * missing required fields or if the input value fails the validation. * @throws NoRunningConfigurationRecorderException * There is no configuration recorder running. * @sample AmazonConfig.DeleteResourceConfig * @see AWS * API Documentation */ DeleteResourceConfigResult deleteResourceConfig(DeleteResourceConfigRequest deleteResourceConfigRequest); /** *
* Deletes the retention configuration. *
* * @param deleteRetentionConfigurationRequest * @return Result of the DeleteRetentionConfiguration operation returned by the service. * @throws InvalidParameterValueException * One or more of the specified parameters are not valid. Verify that your parameters are valid and try * again. * @throws NoSuchRetentionConfigurationException * You have specified a retention configuration that does not exist. * @sample AmazonConfig.DeleteRetentionConfiguration * @see AWS API Documentation */ DeleteRetentionConfigurationResult deleteRetentionConfiguration(DeleteRetentionConfigurationRequest deleteRetentionConfigurationRequest); /** ** Deletes the stored query for a single Amazon Web Services account and a single Amazon Web Services Region. *
* * @param deleteStoredQueryRequest * @return Result of the DeleteStoredQuery operation returned by the service. * @throws ValidationException * The requested action is not valid. ** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
** For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are * missing required fields or if the input value fails the validation. * @throws ResourceNotFoundException * You have specified a resource that does not exist. * @sample AmazonConfig.DeleteStoredQuery * @see AWS API * Documentation */ DeleteStoredQueryResult deleteStoredQuery(DeleteStoredQueryRequest deleteStoredQueryRequest); /** *
* Schedules delivery of a configuration snapshot to the Amazon S3 bucket in the specified delivery channel. After * the delivery has started, Config sends the following notifications using an Amazon SNS topic that you have * specified. *
** Notification of the start of the delivery. *
** Notification of the completion of the delivery, if the delivery was successfully completed. *
** Notification of delivery failure, if the delivery failed. *
** Returns a list of compliant and noncompliant rules with the number of resources for compliant and noncompliant * rules. Does not display rules that do not have compliance results. *
*
* The results can return an empty result page, but if you have a nextToken, the results are displayed
* on the next page.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.DescribeAggregateComplianceByConfigRules
* @see AWS API Documentation
*/
DescribeAggregateComplianceByConfigRulesResult describeAggregateComplianceByConfigRules(
DescribeAggregateComplianceByConfigRulesRequest describeAggregateComplianceByConfigRulesRequest);
/**
*
* Returns a list of the conformance packs and their associated compliance status with the count of compliant and * noncompliant Config rules within each conformance pack. Also returns the total rule count which includes * compliant rules, noncompliant rules, and rules that cannot be evaluated due to insufficient data. *
*
* The results can return an empty result page, but if you have a nextToken, the results are displayed
* on the next page.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.DescribeAggregateComplianceByConformancePacks
* @see AWS API Documentation
*/
DescribeAggregateComplianceByConformancePacksResult describeAggregateComplianceByConformancePacks(
DescribeAggregateComplianceByConformancePacksRequest describeAggregateComplianceByConformancePacksRequest);
/**
*
* Returns a list of authorizations granted to various aggregator accounts and regions. *
* * @param describeAggregationAuthorizationsRequest * @return Result of the DescribeAggregationAuthorizations operation returned by the service. * @throws InvalidParameterValueException * One or more of the specified parameters are not valid. Verify that your parameters are valid and try * again. * @throws InvalidNextTokenException * The specified next token is not valid. Specify thenextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @sample AmazonConfig.DescribeAggregationAuthorizations
* @see AWS API Documentation
*/
DescribeAggregationAuthorizationsResult describeAggregationAuthorizations(DescribeAggregationAuthorizationsRequest describeAggregationAuthorizationsRequest);
/**
* * Indicates whether the specified Config rules are compliant. If a rule is noncompliant, this action returns the * number of Amazon Web Services resources that do not comply with the rule. *
** A rule is compliant if all of the evaluated resources comply with it. It is noncompliant if any of these * resources do not comply. *
*
* If Config has no current evaluation results for the rule, it returns INSUFFICIENT_DATA. This result
* might indicate one of the following conditions:
*
* Config has never invoked an evaluation for the rule. To check whether it has, use the
* DescribeConfigRuleEvaluationStatus action to get the LastSuccessfulInvocationTime and
* LastFailedInvocationTime.
*
* The rule's Lambda function is failing to send evaluation results to Config. Verify that the role you assigned to
* your configuration recorder includes the config:PutEvaluations permission. If the rule is a custom
* rule, verify that the Lambda execution role includes the config:PutEvaluations permission.
*
* The rule's Lambda function has returned NOT_APPLICABLE for all evaluation results. This can occur if
* the resources were deleted or removed from the rule's scope.
*
nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.DescribeComplianceByConfigRule
* @see AWS API Documentation
*/
DescribeComplianceByConfigRuleResult describeComplianceByConfigRule(DescribeComplianceByConfigRuleRequest describeComplianceByConfigRuleRequest);
/**
* Simplified method form for invoking the DescribeComplianceByConfigRule operation.
*
* @see #describeComplianceByConfigRule(DescribeComplianceByConfigRuleRequest)
*/
DescribeComplianceByConfigRuleResult describeComplianceByConfigRule();
/**
* * Indicates whether the specified Amazon Web Services resources are compliant. If a resource is noncompliant, this * action returns the number of Config rules that the resource does not comply with. *
** A resource is compliant if it complies with all the Config rules that evaluate it. It is noncompliant if it does * not comply with one or more of these rules. *
*
* If Config has no current evaluation results for the resource, it returns INSUFFICIENT_DATA. This
* result might indicate one of the following conditions about the rules that evaluate the resource:
*
* Config has never invoked an evaluation for the rule. To check whether it has, use the
* DescribeConfigRuleEvaluationStatus action to get the LastSuccessfulInvocationTime and
* LastFailedInvocationTime.
*
* The rule's Lambda function is failing to send evaluation results to Config. Verify that the role that you
* assigned to your configuration recorder includes the config:PutEvaluations permission. If the rule
* is a custom rule, verify that the Lambda execution role includes the config:PutEvaluations
* permission.
*
* The rule's Lambda function has returned NOT_APPLICABLE for all evaluation results. This can occur if
* the resources were deleted or removed from the rule's scope.
*
nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.DescribeComplianceByResource
* @see AWS API Documentation
*/
DescribeComplianceByResourceResult describeComplianceByResource(DescribeComplianceByResourceRequest describeComplianceByResourceRequest);
/**
* Simplified method form for invoking the DescribeComplianceByResource operation.
*
* @see #describeComplianceByResource(DescribeComplianceByResourceRequest)
*/
DescribeComplianceByResourceResult describeComplianceByResource();
/**
* * Returns status information for each of your Config managed rules. The status includes information such as the * last time Config invoked the rule, the last time Config failed to invoke the rule, and the related error for the * last failure. *
* * @param describeConfigRuleEvaluationStatusRequest * @return Result of the DescribeConfigRuleEvaluationStatus operation returned by the service. * @throws NoSuchConfigRuleException * The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that * the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again. * @throws InvalidParameterValueException * One or more of the specified parameters are not valid. Verify that your parameters are valid and try * again. * @throws InvalidNextTokenException * The specified next token is not valid. Specify thenextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.DescribeConfigRuleEvaluationStatus
* @see AWS API Documentation
*/
DescribeConfigRuleEvaluationStatusResult describeConfigRuleEvaluationStatus(
DescribeConfigRuleEvaluationStatusRequest describeConfigRuleEvaluationStatusRequest);
/**
* Simplified method form for invoking the DescribeConfigRuleEvaluationStatus operation.
*
* @see #describeConfigRuleEvaluationStatus(DescribeConfigRuleEvaluationStatusRequest)
*/
DescribeConfigRuleEvaluationStatusResult describeConfigRuleEvaluationStatus();
/**
* * Returns details about your Config rules. *
* * @param describeConfigRulesRequest * @return Result of the DescribeConfigRules operation returned by the service. * @throws NoSuchConfigRuleException * The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that * the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again. * @throws InvalidNextTokenException * The specified next token is not valid. Specify thenextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.DescribeConfigRules
* @see AWS API
* Documentation
*/
DescribeConfigRulesResult describeConfigRules(DescribeConfigRulesRequest describeConfigRulesRequest);
/**
* Simplified method form for invoking the DescribeConfigRules operation.
*
* @see #describeConfigRules(DescribeConfigRulesRequest)
*/
DescribeConfigRulesResult describeConfigRules();
/**
* * Returns status information for sources within an aggregator. The status includes information about the last time * Config verified authorization between the source account and an aggregator account. In case of a failure, the * status contains the related error code or message. *
* * @param describeConfigurationAggregatorSourcesStatusRequest * @return Result of the DescribeConfigurationAggregatorSourcesStatus operation returned by the service. * @throws InvalidParameterValueException * One or more of the specified parameters are not valid. Verify that your parameters are valid and try * again. * @throws NoSuchConfigurationAggregatorException * You have specified a configuration aggregator that does not exist. * @throws InvalidNextTokenException * The specified next token is not valid. Specify thenextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @sample AmazonConfig.DescribeConfigurationAggregatorSourcesStatus
* @see AWS API Documentation
*/
DescribeConfigurationAggregatorSourcesStatusResult describeConfigurationAggregatorSourcesStatus(
DescribeConfigurationAggregatorSourcesStatusRequest describeConfigurationAggregatorSourcesStatusRequest);
/**
* * Returns the details of one or more configuration aggregators. If the configuration aggregator is not specified, * this action returns the details for all the configuration aggregators associated with the account. *
* * @param describeConfigurationAggregatorsRequest * @return Result of the DescribeConfigurationAggregators operation returned by the service. * @throws InvalidParameterValueException * One or more of the specified parameters are not valid. Verify that your parameters are valid and try * again. * @throws NoSuchConfigurationAggregatorException * You have specified a configuration aggregator that does not exist. * @throws InvalidNextTokenException * The specified next token is not valid. Specify thenextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @sample AmazonConfig.DescribeConfigurationAggregators
* @see AWS API Documentation
*/
DescribeConfigurationAggregatorsResult describeConfigurationAggregators(DescribeConfigurationAggregatorsRequest describeConfigurationAggregatorsRequest);
/**
* * Returns the current status of the specified configuration recorder as well as the status of the last recording * event for the recorder. If a configuration recorder is not specified, this action returns the status of all * configuration recorders associated with the account. *
** >You can specify only one configuration recorder for each Amazon Web Services Region for each account. For a * detailed status of recording events over time, add your Config events to Amazon CloudWatch metrics and use * CloudWatch metrics. *
** Returns the details for the specified configuration recorders. If the configuration recorder is not specified, * this action returns the details for all configuration recorders associated with the account. *
** You can specify only one configuration recorder for each Amazon Web Services Region for each account. *
** Returns compliance details for each rule in that conformance pack. *
** You must provide exact rule names. *
*nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws NoSuchConfigRuleInConformancePackException
* Config rule that you passed in the filter does not exist.
* @throws NoSuchConformancePackException
* You specified one or more conformance packs that do not exist.
* @sample AmazonConfig.DescribeConformancePackCompliance
* @see AWS API Documentation
*/
DescribeConformancePackComplianceResult describeConformancePackCompliance(DescribeConformancePackComplianceRequest describeConformancePackComplianceRequest);
/**
* * Provides one or more conformance packs deployment status. *
** If there are no conformance packs then you will see an empty result. *
*nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.DescribeConformancePackStatus
* @see AWS API Documentation
*/
DescribeConformancePackStatusResult describeConformancePackStatus(DescribeConformancePackStatusRequest describeConformancePackStatusRequest);
/**
* * Returns a list of one or more conformance packs. *
* * @param describeConformancePacksRequest * @return Result of the DescribeConformancePacks operation returned by the service. * @throws NoSuchConformancePackException * You specified one or more conformance packs that do not exist. * @throws InvalidLimitException * The specified limit is outside the allowable range. * @throws InvalidNextTokenException * The specified next token is not valid. Specify thenextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.DescribeConformancePacks
* @see AWS API Documentation
*/
DescribeConformancePacksResult describeConformancePacks(DescribeConformancePacksRequest describeConformancePacksRequest);
/**
* * Returns the current status of the specified delivery channel. If a delivery channel is not specified, this action * returns the current status of all delivery channels associated with the account. *
** Currently, you can specify only one delivery channel per region in your account. *
** Returns details about the specified delivery channel. If a delivery channel is not specified, this action returns * the details of all delivery channels associated with the account. *
** Currently, you can specify only one delivery channel per region in your account. *
** Provides organization Config rule deployment status for an organization. *
** The status is not considered successful until organization Config rule is successfully deployed in all the member * accounts with an exception of excluded accounts. *
** When you specify the limit and the next token, you receive a paginated response. Limit and next token are not * applicable if you specify organization Config rule names. It is only applicable, when you request all the * organization Config rules. *
*nextToken string that was returned in the
* previous response to get the next page of results.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following
* reasons:
*
* No permission to call EnableAWSServiceAccess API
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management * account or the delegated administrator role changed. Delete this aggregator and create a new one with the * current Amazon Web Services Organization. *
** The configuration aggregator is associated with a previous Amazon Web Services Organization and Config * cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a * new one with the current Amazon Web Services Organization. *
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.DescribeOrganizationConfigRuleStatuses
* @see AWS API Documentation
*/
DescribeOrganizationConfigRuleStatusesResult describeOrganizationConfigRuleStatuses(
DescribeOrganizationConfigRuleStatusesRequest describeOrganizationConfigRuleStatusesRequest);
/**
*
* Returns a list of organization Config rules. *
** When you specify the limit and the next token, you receive a paginated response. *
** Limit and next token are not applicable if you specify organization Config rule names. It is only applicable, * when you request all the organization Config rules. *
** For accounts within an organzation *
*
* If you deploy an organizational rule or conformance pack in an organization administrator account, and then
* establish a delegated administrator and deploy an organizational rule or conformance pack in the delegated
* administrator account, you won't be able to see the organizational rule or conformance pack in the organization
* administrator account from the delegated administrator account or see the organizational rule or conformance pack
* in the delegated administrator account from organization administrator account. The
* DescribeOrganizationConfigRules and DescribeOrganizationConformancePacks APIs can only
* see and interact with the organization-related resource that were deployed from within the account calling those
* APIs.
*
nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following
* reasons:
*
* No permission to call EnableAWSServiceAccess API
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management * account or the delegated administrator role changed. Delete this aggregator and create a new one with the * current Amazon Web Services Organization. *
** The configuration aggregator is associated with a previous Amazon Web Services Organization and Config * cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a * new one with the current Amazon Web Services Organization. *
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.DescribeOrganizationConfigRules
* @see AWS API Documentation
*/
DescribeOrganizationConfigRulesResult describeOrganizationConfigRules(DescribeOrganizationConfigRulesRequest describeOrganizationConfigRulesRequest);
/**
*
* Provides organization conformance pack deployment status for an organization. *
** The status is not considered successful until organization conformance pack is successfully deployed in all the * member accounts with an exception of excluded accounts. *
** When you specify the limit and the next token, you receive a paginated response. Limit and next token are not * applicable if you specify organization conformance pack names. They are only applicable, when you request all the * organization conformance packs. *
*
* For DeleteOrganizationConformancePack, you tried to delete an organization conformance pack that does not
* exist.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following reasons:
*
* No permission to call EnableAWSServiceAccess API
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management * account or the delegated administrator role changed. Delete this aggregator and create a new one with the * current Amazon Web Services Organization. *
** The configuration aggregator is associated with a previous Amazon Web Services Organization and Config * cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a * new one with the current Amazon Web Services Organization. *
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.DescribeOrganizationConformancePackStatuses
* @see AWS API Documentation
*/
DescribeOrganizationConformancePackStatusesResult describeOrganizationConformancePackStatuses(
DescribeOrganizationConformancePackStatusesRequest describeOrganizationConformancePackStatusesRequest);
/**
*
* Returns a list of organization conformance packs. *
** When you specify the limit and the next token, you receive a paginated response. *
** Limit and next token are not applicable if you specify organization conformance packs names. They are only * applicable, when you request all the organization conformance packs. *
** For accounts within an organzation *
*
* If you deploy an organizational rule or conformance pack in an organization administrator account, and then
* establish a delegated administrator and deploy an organizational rule or conformance pack in the delegated
* administrator account, you won't be able to see the organizational rule or conformance pack in the organization
* administrator account from the delegated administrator account or see the organizational rule or conformance pack
* in the delegated administrator account from organization administrator account. The
* DescribeOrganizationConfigRules and DescribeOrganizationConformancePacks APIs can only
* see and interact with the organization-related resource that were deployed from within the account calling those
* APIs.
*
* For DeleteOrganizationConformancePack, you tried to delete an organization conformance pack that does not
* exist.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following reasons:
*
* No permission to call EnableAWSServiceAccess API
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management * account or the delegated administrator role changed. Delete this aggregator and create a new one with the * current Amazon Web Services Organization. *
** The configuration aggregator is associated with a previous Amazon Web Services Organization and Config * cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a * new one with the current Amazon Web Services Organization. *
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.DescribeOrganizationConformancePacks
* @see AWS API Documentation
*/
DescribeOrganizationConformancePacksResult describeOrganizationConformancePacks(
DescribeOrganizationConformancePacksRequest describeOrganizationConformancePacksRequest);
/**
*
* Returns a list of all pending aggregation requests. *
* * @param describePendingAggregationRequestsRequest * @return Result of the DescribePendingAggregationRequests operation returned by the service. * @throws InvalidParameterValueException * One or more of the specified parameters are not valid. Verify that your parameters are valid and try * again. * @throws InvalidNextTokenException * The specified next token is not valid. Specify thenextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @sample AmazonConfig.DescribePendingAggregationRequests
* @see AWS API Documentation
*/
DescribePendingAggregationRequestsResult describePendingAggregationRequests(
DescribePendingAggregationRequestsRequest describePendingAggregationRequestsRequest);
/**
* * Returns the details of one or more remediation configurations. *
* * @param describeRemediationConfigurationsRequest * @return Result of the DescribeRemediationConfigurations operation returned by the service. * @sample AmazonConfig.DescribeRemediationConfigurations * @see AWS API Documentation */ DescribeRemediationConfigurationsResult describeRemediationConfigurations(DescribeRemediationConfigurationsRequest describeRemediationConfigurationsRequest); /** ** Returns the details of one or more remediation exceptions. A detailed view of a remediation exception for a set * of resources that includes an explanation of an exception and the time when the exception will be deleted. When * you specify the limit and the next token, you receive a paginated response. *
** Config generates a remediation exception when a problem occurs executing a remediation action to a specific * resource. Remediation exceptions blocks auto-remediation until the exception is cleared. *
** When you specify the limit and the next token, you receive a paginated response. *
** Limit and next token are not applicable if you request resources in batch. It is only applicable, when you * request all resources. *
*nextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.DescribeRemediationExceptions
* @see AWS API Documentation
*/
DescribeRemediationExceptionsResult describeRemediationExceptions(DescribeRemediationExceptionsRequest describeRemediationExceptionsRequest);
/**
* * Provides a detailed view of a Remediation Execution for a set of resources including state, timestamps for when * steps for the remediation execution occur, and any error messages for steps that have failed. When you specify * the limit and the next token, you receive a paginated response. *
* * @param describeRemediationExecutionStatusRequest * @return Result of the DescribeRemediationExecutionStatus operation returned by the service. * @throws NoSuchRemediationConfigurationException * You specified an Config rule without a remediation configuration. * @throws InvalidNextTokenException * The specified next token is not valid. Specify thenextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.DescribeRemediationExecutionStatus
* @see AWS API Documentation
*/
DescribeRemediationExecutionStatusResult describeRemediationExecutionStatus(
DescribeRemediationExecutionStatusRequest describeRemediationExecutionStatusRequest);
/**
* * Returns the details of one or more retention configurations. If the retention configuration name is not * specified, this action returns the details for all the retention configurations for that account. *
** Currently, Config supports only one retention configuration per region in your account. *
*nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.DescribeRetentionConfigurations
* @see AWS API Documentation
*/
DescribeRetentionConfigurationsResult describeRetentionConfigurations(DescribeRetentionConfigurationsRequest describeRetentionConfigurationsRequest);
/**
* * Returns the evaluation results for the specified Config rule for a specific resource in a rule. The results * indicate which Amazon Web Services resources were evaluated by the rule, when each resource was last evaluated, * and whether each resource complies with the rule. *
*
* The results can return an empty result page. But if you have a nextToken, the results are displayed
* on the next page.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.GetAggregateComplianceDetailsByConfigRule
* @see AWS API Documentation
*/
GetAggregateComplianceDetailsByConfigRuleResult getAggregateComplianceDetailsByConfigRule(
GetAggregateComplianceDetailsByConfigRuleRequest getAggregateComplianceDetailsByConfigRuleRequest);
/**
*
* Returns the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator. *
** The results can return an empty result page, but if you have a nextToken, the results are displayed on the next * page. *
** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.GetAggregateConfigRuleComplianceSummary
* @see AWS API Documentation
*/
GetAggregateConfigRuleComplianceSummaryResult getAggregateConfigRuleComplianceSummary(
GetAggregateConfigRuleComplianceSummaryRequest getAggregateConfigRuleComplianceSummaryRequest);
/**
*
* Returns the count of compliant and noncompliant conformance packs across all Amazon Web Services accounts and * Amazon Web Services Regions in an aggregator. You can filter based on Amazon Web Services account ID or Amazon * Web Services Region. *
** The results can return an empty result page, but if you have a nextToken, the results are displayed on the next * page. *
** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.GetAggregateConformancePackComplianceSummary
* @see AWS API Documentation
*/
GetAggregateConformancePackComplianceSummaryResult getAggregateConformancePackComplianceSummary(
GetAggregateConformancePackComplianceSummaryRequest getAggregateConformancePackComplianceSummaryRequest);
/**
*
* Returns the resource counts across accounts and regions that are present in your Config aggregator. You can * request the resource counts by providing filters and GroupByKey. *
** For example, if the input contains accountID 12345678910 and region us-east-1 in filters, the API returns the * count of resources in account ID 12345678910 and region us-east-1. If the input contains ACCOUNT_ID as a * GroupByKey, the API returns resource counts for all source accounts that are present in your aggregator. *
* * @param getAggregateDiscoveredResourceCountsRequest * @return Result of the GetAggregateDiscoveredResourceCounts operation returned by the service. * @throws ValidationException * The requested action is not valid. ** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.GetAggregateDiscoveredResourceCounts
* @see AWS API Documentation
*/
GetAggregateDiscoveredResourceCountsResult getAggregateDiscoveredResourceCounts(
GetAggregateDiscoveredResourceCountsRequest getAggregateDiscoveredResourceCountsRequest);
/**
*
* Returns configuration item that is aggregated for your specific resource in a specific source account and region. *
* * @param getAggregateResourceConfigRequest * @return Result of the GetAggregateResourceConfig operation returned by the service. * @throws ValidationException * The requested action is not valid. ** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
** For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are * missing required fields or if the input value fails the validation. * @throws NoSuchConfigurationAggregatorException * You have specified a configuration aggregator that does not exist. * @throws OversizedConfigurationItemException * The configuration item size is outside the allowable range. * @throws ResourceNotDiscoveredException * You have specified a resource that is either unknown or has not been discovered. * @sample AmazonConfig.GetAggregateResourceConfig * @see AWS API Documentation */ GetAggregateResourceConfigResult getAggregateResourceConfig(GetAggregateResourceConfigRequest getAggregateResourceConfigRequest); /** *
* Returns the evaluation results for the specified Config rule. The results indicate which Amazon Web Services * resources were evaluated by the rule, when each resource was last evaluated, and whether each resource complies * with the rule. *
* * @param getComplianceDetailsByConfigRuleRequest * @return Result of the GetComplianceDetailsByConfigRule operation returned by the service. * @throws InvalidParameterValueException * One or more of the specified parameters are not valid. Verify that your parameters are valid and try * again. * @throws InvalidNextTokenException * The specified next token is not valid. Specify thenextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that
* the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
* @sample AmazonConfig.GetComplianceDetailsByConfigRule
* @see AWS API Documentation
*/
GetComplianceDetailsByConfigRuleResult getComplianceDetailsByConfigRule(GetComplianceDetailsByConfigRuleRequest getComplianceDetailsByConfigRuleRequest);
/**
* * Returns the evaluation results for the specified Amazon Web Services resource. The results indicate which Config * rules were used to evaluate the resource, when each rule was last invoked, and whether the resource complies with * each rule. *
* * @param getComplianceDetailsByResourceRequest * @return Result of the GetComplianceDetailsByResource operation returned by the service. * @throws InvalidParameterValueException * One or more of the specified parameters are not valid. Verify that your parameters are valid and try * again. * @sample AmazonConfig.GetComplianceDetailsByResource * @see AWS API Documentation */ GetComplianceDetailsByResourceResult getComplianceDetailsByResource(GetComplianceDetailsByResourceRequest getComplianceDetailsByResourceRequest); /** ** Returns the number of Config rules that are compliant and noncompliant, up to a maximum of 25 for each. *
* * @param getComplianceSummaryByConfigRuleRequest * @return Result of the GetComplianceSummaryByConfigRule operation returned by the service. * @sample AmazonConfig.GetComplianceSummaryByConfigRule * @see AWS API Documentation */ GetComplianceSummaryByConfigRuleResult getComplianceSummaryByConfigRule(GetComplianceSummaryByConfigRuleRequest getComplianceSummaryByConfigRuleRequest); /** * Simplified method form for invoking the GetComplianceSummaryByConfigRule operation. * * @see #getComplianceSummaryByConfigRule(GetComplianceSummaryByConfigRuleRequest) */ GetComplianceSummaryByConfigRuleResult getComplianceSummaryByConfigRule(); /** ** Returns the number of resources that are compliant and the number that are noncompliant. You can specify one or * more resource types to get these numbers for each resource type. The maximum number returned is 100. *
* * @param getComplianceSummaryByResourceTypeRequest * @return Result of the GetComplianceSummaryByResourceType operation returned by the service. * @throws InvalidParameterValueException * One or more of the specified parameters are not valid. Verify that your parameters are valid and try * again. * @sample AmazonConfig.GetComplianceSummaryByResourceType * @see AWS API Documentation */ GetComplianceSummaryByResourceTypeResult getComplianceSummaryByResourceType( GetComplianceSummaryByResourceTypeRequest getComplianceSummaryByResourceTypeRequest); /** * Simplified method form for invoking the GetComplianceSummaryByResourceType operation. * * @see #getComplianceSummaryByResourceType(GetComplianceSummaryByResourceTypeRequest) */ GetComplianceSummaryByResourceTypeResult getComplianceSummaryByResourceType(); /** ** Returns compliance details of a conformance pack for all Amazon Web Services resources that are monitered by * conformance pack. *
* * @param getConformancePackComplianceDetailsRequest * @return Result of the GetConformancePackComplianceDetails operation returned by the service. * @throws InvalidLimitException * The specified limit is outside the allowable range. * @throws InvalidNextTokenException * The specified next token is not valid. Specify thenextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConformancePackException
* You specified one or more conformance packs that do not exist.
* @throws NoSuchConfigRuleInConformancePackException
* Config rule that you passed in the filter does not exist.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @sample AmazonConfig.GetConformancePackComplianceDetails
* @see AWS API Documentation
*/
GetConformancePackComplianceDetailsResult getConformancePackComplianceDetails(
GetConformancePackComplianceDetailsRequest getConformancePackComplianceDetailsRequest);
/**
* * Returns compliance details for the conformance pack based on the cumulative compliance results of all the rules * in that conformance pack. *
* * @param getConformancePackComplianceSummaryRequest * @return Result of the GetConformancePackComplianceSummary operation returned by the service. * @throws NoSuchConformancePackException * You specified one or more conformance packs that do not exist. * @throws InvalidLimitException * The specified limit is outside the allowable range. * @throws InvalidNextTokenException * The specified next token is not valid. Specify thenextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.GetConformancePackComplianceSummary
* @see AWS API Documentation
*/
GetConformancePackComplianceSummaryResult getConformancePackComplianceSummary(
GetConformancePackComplianceSummaryRequest getConformancePackComplianceSummaryRequest);
/**
* * Returns the policy definition containing the logic for your Config Custom Policy rule. *
* * @param getCustomRulePolicyRequest * @return Result of the GetCustomRulePolicy operation returned by the service. * @throws NoSuchConfigRuleException * The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that * the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again. * @sample AmazonConfig.GetCustomRulePolicy * @see AWS API * Documentation */ GetCustomRulePolicyResult getCustomRulePolicy(GetCustomRulePolicyRequest getCustomRulePolicyRequest); /** ** Returns the resource types, the number of each resource type, and the total number of resources that Config is * recording in this region for your Amazon Web Services account. *
** Example *
** Config is recording three resource types in the US East (Ohio) Region for your account: 25 EC2 instances, 20 IAM * users, and 15 S3 buckets. *
*
* You make a call to the GetDiscoveredResourceCounts action and specify that you want all resource
* types.
*
* Config returns the following: *
** The resource types (EC2 instances, IAM users, and S3 buckets). *
** The number of each resource type (25, 20, and 15). *
** The total number of all resources (60). *
*
* The response is paginated. By default, Config lists 100 ResourceCount objects on each page. You can
* customize this number with the limit parameter. The response includes a nextToken
* string. To get the next page of results, run the request again and specify the string for the
* nextToken parameter.
*
* If you make a call to the GetDiscoveredResourceCounts action, you might not immediately receive resource * counts in the following situations: *
** You are a new Config customer. *
** You just enabled resource recording. *
** It might take a few minutes for Config to record and count your resources. Wait a few minutes and then retry the * GetDiscoveredResourceCounts action. *
** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.GetDiscoveredResourceCounts
* @see AWS API Documentation
*/
GetDiscoveredResourceCountsResult getDiscoveredResourceCounts(GetDiscoveredResourceCountsRequest getDiscoveredResourceCountsRequest);
/**
*
* Returns detailed status for each member account within an organization for a given organization Config rule. *
* * @param getOrganizationConfigRuleDetailedStatusRequest * @return Result of the GetOrganizationConfigRuleDetailedStatus operation returned by the service. * @throws NoSuchOrganizationConfigRuleException * The Config rule in the request is not valid. Verify that the rule is an organization Config Process Check * rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying * again. * @throws InvalidLimitException * The specified limit is outside the allowable range. * @throws InvalidNextTokenException * The specified next token is not valid. Specify thenextToken string that was returned in the
* previous response to get the next page of results.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following
* reasons:
*
* No permission to call EnableAWSServiceAccess API
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management * account or the delegated administrator role changed. Delete this aggregator and create a new one with the * current Amazon Web Services Organization. *
** The configuration aggregator is associated with a previous Amazon Web Services Organization and Config * cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a * new one with the current Amazon Web Services Organization. *
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.GetOrganizationConfigRuleDetailedStatus
* @see AWS API Documentation
*/
GetOrganizationConfigRuleDetailedStatusResult getOrganizationConfigRuleDetailedStatus(
GetOrganizationConfigRuleDetailedStatusRequest getOrganizationConfigRuleDetailedStatusRequest);
/**
*
* Returns detailed status for each member account within an organization for a given organization conformance pack. *
* * @param getOrganizationConformancePackDetailedStatusRequest * @return Result of the GetOrganizationConformancePackDetailedStatus operation returned by the service. * @throws NoSuchOrganizationConformancePackException * Config organization conformance pack that you passed in the filter does not exist. *
* For DeleteOrganizationConformancePack, you tried to delete an organization conformance pack that does not
* exist.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following reasons:
*
* No permission to call EnableAWSServiceAccess API
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management * account or the delegated administrator role changed. Delete this aggregator and create a new one with the * current Amazon Web Services Organization. *
** The configuration aggregator is associated with a previous Amazon Web Services Organization and Config * cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a * new one with the current Amazon Web Services Organization. *
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.GetOrganizationConformancePackDetailedStatus
* @see AWS API Documentation
*/
GetOrganizationConformancePackDetailedStatusResult getOrganizationConformancePackDetailedStatus(
GetOrganizationConformancePackDetailedStatusRequest getOrganizationConformancePackDetailedStatusRequest);
/**
*
* Returns the policy definition containing the logic for your organization Config Custom Policy rule. *
* * @param getOrganizationCustomRulePolicyRequest * @return Result of the GetOrganizationCustomRulePolicy operation returned by the service. * @throws NoSuchOrganizationConfigRuleException * The Config rule in the request is not valid. Verify that the rule is an organization Config Process Check * rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying * again. * @throws OrganizationAccessDeniedException * ForPutConfigurationAggregator API, you can see this exception for the following
* reasons:
*
* No permission to call EnableAWSServiceAccess API
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management * account or the delegated administrator role changed. Delete this aggregator and create a new one with the * current Amazon Web Services Organization. *
** The configuration aggregator is associated with a previous Amazon Web Services Organization and Config * cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a * new one with the current Amazon Web Services Organization. *
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @sample AmazonConfig.GetOrganizationCustomRulePolicy
* @see AWS API Documentation
*/
GetOrganizationCustomRulePolicyResult getOrganizationCustomRulePolicy(GetOrganizationCustomRulePolicyRequest getOrganizationCustomRulePolicyRequest);
/**
*
* Returns a list of ConfigurationItems for the specified resource. The list contains details about
* each state of the resource during the specified time interval. If you specified a retention period to retain your
* ConfigurationItems between a minimum of 30 days and a maximum of 7 years (2557 days), Config returns
* the ConfigurationItems for the specified retention period.
*
* The response is paginated. By default, Config returns a limit of 10 configuration items per page. You can
* customize this number with the limit parameter. The response includes a nextToken
* string. To get the next page of results, run the request again and specify the string for the
* nextToken parameter.
*
* Each call to the API is limited to span a duration of seven days. It is likely that the number of records
* returned is smaller than the specified limit. In such cases, you can make another call, using the
* nextToken.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidTimeRangeException
* The specified time range is not valid. The earlier time is not chronologically before the later time.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoAvailableConfigurationRecorderException
* There are no configuration recorders available to provide the role needed to describe your resources.
* Create a configuration recorder.
* @throws ResourceNotDiscoveredException
* You have specified a resource that is either unknown or has not been discovered.
* @sample AmazonConfig.GetResourceConfigHistory
* @see AWS API Documentation
*/
GetResourceConfigHistoryResult getResourceConfigHistory(GetResourceConfigHistoryRequest getResourceConfigHistoryRequest);
/**
*
* Returns a summary of resource evaluation for the specified resource evaluation ID from the proactive rules that * were run. The results indicate which evaluation context was used to evaluate the rules, which resource details * were evaluated, the evaluation mode that was run, and whether the resource details comply with the configuration * of the proactive rules. *
** To see additional information about the evaluation result, such as which rule flagged a resource as * NON_COMPLIANT, use the GetComplianceDetailsByResource API. For more information, see the Examples section. *
** Returns the details of a specific stored query. *
* * @param getStoredQueryRequest * @return Result of the GetStoredQuery operation returned by the service. * @throws ValidationException * The requested action is not valid. ** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
** For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are * missing required fields or if the input value fails the validation. * @throws ResourceNotFoundException * You have specified a resource that does not exist. * @sample AmazonConfig.GetStoredQuery * @see AWS API * Documentation */ GetStoredQueryResult getStoredQuery(GetStoredQueryRequest getStoredQueryRequest); /** *
* Accepts a resource type and returns a list of resource identifiers that are aggregated for a specific resource * type across accounts and regions. A resource identifier includes the resource type, ID, (if available) the custom * resource name, source account, and source region. You can narrow the results to include only resources that have * specific resource IDs, or a resource name, or source account ID, or source region. *
*
* For example, if the input consists of accountID 12345678910 and the region is us-east-1 for resource type
* AWS::EC2::Instance then the API returns all the EC2 instance identifiers of accountID 12345678910
* and region us-east-1.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoSuchConfigurationAggregatorException
* You have specified a configuration aggregator that does not exist.
* @sample AmazonConfig.ListAggregateDiscoveredResources
* @see AWS API Documentation
*/
ListAggregateDiscoveredResourcesResult listAggregateDiscoveredResources(ListAggregateDiscoveredResourcesRequest listAggregateDiscoveredResourcesRequest);
/**
*
* Returns a list of conformance pack compliance scores. A compliance score is the percentage of the number of * compliant rule-resource combinations in a conformance pack compared to the number of total possible rule-resource * combinations in the conformance pack. This metric provides you with a high-level view of the compliance state of * your conformance packs. You can use it to identify, investigate, and understand the level of compliance in your * conformance packs. *
*
* Conformance packs with no evaluation results will have a compliance score of INSUFFICIENT_DATA.
*
nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.ListConformancePackComplianceScores
* @see AWS API Documentation
*/
ListConformancePackComplianceScoresResult listConformancePackComplianceScores(
ListConformancePackComplianceScoresRequest listConformancePackComplianceScoresRequest);
/**
* * Accepts a resource type and returns a list of resource identifiers for the resources of that type. A resource * identifier includes the resource type, ID, and (if available) the custom resource name. The results consist of * resources that Config has discovered, including those that Config is not currently recording. You can narrow the * results to include only resources that have specific resource IDs or a resource name. *
** You can specify either resource IDs or a resource name, but not both, in the same request. *
*
* The response is paginated. By default, Config lists 100 resource identifiers on each page. You can customize this
* number with the limit parameter. The response includes a nextToken string. To get the
* next page of results, run the request again and specify the string for the nextToken parameter.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @throws NoAvailableConfigurationRecorderException
* There are no configuration recorders available to provide the role needed to describe your resources.
* Create a configuration recorder.
* @sample AmazonConfig.ListDiscoveredResources
* @see AWS
* API Documentation
*/
ListDiscoveredResourcesResult listDiscoveredResources(ListDiscoveredResourcesRequest listDiscoveredResourcesRequest);
/**
*
* Returns a list of proactive resource evaluations. *
* * @param listResourceEvaluationsRequest * @return Result of the ListResourceEvaluations operation returned by the service. * @throws InvalidNextTokenException * The specified next token is not valid. Specify thenextToken string that was returned in the
* previous response to get the next page of results.
* @throws InvalidParameterValueException
* One or more of the specified parameters are not valid. Verify that your parameters are valid and try
* again.
* @throws InvalidTimeRangeException
* The specified time range is not valid. The earlier time is not chronologically before the later time.
* @sample AmazonConfig.ListResourceEvaluations
* @see AWS
* API Documentation
*/
ListResourceEvaluationsResult listResourceEvaluations(ListResourceEvaluationsRequest listResourceEvaluationsRequest);
/**
* * Lists the stored queries for a single Amazon Web Services account and a single Amazon Web Services Region. The * default is 100. *
* * @param listStoredQueriesRequest * @return Result of the ListStoredQueries operation returned by the service. * @throws ValidationException * The requested action is not valid. ** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.ListStoredQueries
* @see AWS API
* Documentation
*/
ListStoredQueriesResult listStoredQueries(ListStoredQueriesRequest listStoredQueriesRequest);
/**
*
* List the tags for Config resource. *
* * @param listTagsForResourceRequest * @return Result of the ListTagsForResource operation returned by the service. * @throws ResourceNotFoundException * You have specified a resource that does not exist. * @throws ValidationException * The requested action is not valid. ** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws InvalidLimitException
* The specified limit is outside the allowable range.
* @throws InvalidNextTokenException
* The specified next token is not valid. Specify the nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.ListTagsForResource
* @see AWS API
* Documentation
*/
ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest);
/**
*
* Authorizes the aggregator account and region to collect data from the source account and region. *
*
* PutAggregationAuthorization is an idempotent API. Subsequent requests won’t create a duplicate
* resource if one was already created. If a following request has different tags values, Config will
* ignore these differences and treat it as an idempotent request of the previous. In this case, tags
* will not be updated, even if they are different.
*
* Adds or updates an Config rule to evaluate if your Amazon Web Services resources comply with your desired * configurations. For information on how many Config rules you can have per account, see Service Limits in * the Config Developer Guide. *
*
* There are two types of rules: Config Managed Rules and Config Custom Rules. You can use
* PutConfigRule to create both Config Managed Rules and Config Custom Rules.
*
* Config Managed Rules are predefined, customizable rules created by Config. For a list of managed rules, see List of Config
* Managed Rules. If you are adding an Config managed rule, you must specify the rule's identifier for the
* SourceIdentifier key.
*
* Config Custom Rules are rules that you create from scratch. There are two ways to create Config custom rules: * with Lambda functions ( Lambda Developer Guide) and with Guard (Guard GitHub Repository), a policy-as-code * language. Config custom rules created with Lambda are called Config Custom Lambda Rules and Config custom * rules created with Guard are called Config Custom Policy Rules. *
*
* If you are adding a new Config Custom Lambda rule, you first need to create an Lambda function that the rule
* invokes to evaluate your resources. When you use PutConfigRule to add a Custom Lambda rule to
* Config, you must specify the Amazon Resource Name (ARN) that Lambda assigns to the function. You specify the ARN
* in the SourceIdentifier key. This key is part of the Source object, which is part of
* the ConfigRule object.
*
* For any new Config rule that you add, specify the ConfigRuleName in the ConfigRule
* object. Do not specify the ConfigRuleArn or the ConfigRuleId. These values are
* generated by Config for new rules.
*
* If you are updating a rule that you added previously, you can specify the rule by ConfigRuleName,
* ConfigRuleId, or ConfigRuleArn in the ConfigRule data type that you use in
* this request.
*
* For more information about developing and using Config rules, see Evaluating Resources with * Config Rules in the Config Developer Guide. *
*
* PutConfigRule is an idempotent API. Subsequent requests won’t create a duplicate resource if one was
* already created. If a following request has different tags values, Config will ignore these
* differences and treat it as an idempotent request of the previous. In this case, tags will not be
* updated, even if they are different.
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later. *
** For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later. *
** For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this * rule. Delete the remediation action associated with the rule before deleting the rule and try your * request again later. *
** For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again * later. *
** For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request * again later. *
** For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and * deletion is in progress. Try your request again later. *
** For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your * request again later. *
** For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions * to perform the config:Put* action. *
** For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the * function's permissions. *
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because * you do not have the following permissions: *
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument. *
** Creates and updates the configuration aggregator with the selected source accounts and regions. The source * account can be individual account(s) or an organization. *
*
* accountIds that are passed will be replaced with existing accounts. If you want to add additional
* accounts into the aggregator, call DescribeConfigurationAggregators to get the previous accounts and
* then append new ones.
*
* Config should be enabled in source accounts and regions you want to aggregate. *
*
* If your source type is an organization, you must be signed in to the management account or a registered delegated
* administrator and all the features must be enabled in your organization. If the caller is a management account,
* Config calls EnableAwsServiceAccess API to enable integration between Config and Organizations. If
* the caller is a registered delegated administrator, Config calls ListDelegatedAdministrators API to
* verify whether the caller is a valid delegated administrator.
*
* To register a delegated administrator, see Register a Delegated Administrator in the Config developer guide. *
*
* PutConfigurationAggregator is an idempotent API. Subsequent requests won’t create a duplicate
* resource if one was already created. If a following request has different tags values, Config will
* ignore these differences and treat it as an idempotent request of the previous. In this case, tags
* will not be updated, even if they are different.
*
StartConfigRulesEvaluation API, this exception is thrown if an evaluation is in progress
* or if you call the StartConfigRulesEvaluation API more than once per minute.
*
* For PutConfigurationAggregator API, this exception is thrown if the number of accounts and
* aggregators exceeds the limit.
* @throws InvalidRoleException
* You have provided a null or empty Amazon Resource Name (ARN) for the IAM role assumed by Config and used
* by the configuration recorder.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following reasons:
*
* No permission to call EnableAWSServiceAccess API
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management * account or the delegated administrator role changed. Delete this aggregator and create a new one with the * current Amazon Web Services Organization. *
** The configuration aggregator is associated with a previous Amazon Web Services Organization and Config * cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a * new one with the current Amazon Web Services Organization. *
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @throws NoAvailableOrganizationException
* Organization is no longer available.
* @throws OrganizationAllFeaturesNotEnabledException
* Config resource cannot be created because your organization does not have all features enabled.
* @sample AmazonConfig.PutConfigurationAggregator
* @see AWS API Documentation
*/
PutConfigurationAggregatorResult putConfigurationAggregator(PutConfigurationAggregatorRequest putConfigurationAggregatorRequest);
/**
*
* Creates a new configuration recorder to record configuration changes for specified resource types. *
*
* You can also use this action to change the roleARN or the recordingGroup of an existing
* recorder. For more information, see Managing the
* Configuration Recorder in the Config Developer Guide.
*
* You can specify only one configuration recorder for each Amazon Web Services Region for each account. *
*
* If the configuration recorder does not have the recordingGroup field specified, the default is to
* record all supported resource types.
*
* You have provided a combination of parameter values that is not valid. For example: *
*
* Setting the allSupported field of RecordingGroup
* to true, but providing a non-empty list for the resourceTypesfield of RecordingGroup.
*
* Setting the allSupported field of RecordingGroup
* to true, but also setting the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES.
*
* Every parameter is either null, false, or empty. *
** You have reached the limit of the number of resource types you can provide for the recording group. *
** You have provided resource types or a recording strategy that are not valid. *
** Creates or updates a conformance pack. A conformance pack is a collection of Config rules that can be easily * deployed in an account and a region and across an organization. For information on how many conformance packs you * can have per account, see * Service Limits in the Config Developer Guide. *
*
* This API creates a service-linked role AWSServiceRoleForConfigConforms in your account. The
* service-linked role is created only when the role does not exist in your account.
*
* You must specify only one of the follow parameters: TemplateS3Uri, TemplateBody or
* TemplateSSMDocumentDetails.
*
* For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions * to perform the config:Put* action. *
** For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the * function's permissions. *
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because * you do not have the following permissions: *
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument. *
** For DeleteConfigRule, Config is deleting this rule. Try your request again later. *
** For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later. *
** For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this * rule. Delete the remediation action associated with the rule before deleting the rule and try your * request again later. *
** For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again * later. *
** For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request * again later. *
** For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and * deletion is in progress. Try your request again later. *
** For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your * request again later. *
** Creates a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS * topic. *
** Before you can create a delivery channel, you must create a configuration recorder. *
** You can use this action to change the Amazon S3 bucket or an Amazon SNS topic of the existing delivery channel. * To change the Amazon S3 bucket or an Amazon SNS topic, call this action and specify the changed values for the S3 * bucket and the SNS topic. If you specify a different value for either the S3 bucket or the SNS topic, this action * will keep the existing value for the parameter that is not changed. *
** You can have only one delivery channel per region in your account. *
** Used by an Lambda function to deliver evaluation results to Config. This action is required in every Lambda * function that is invoked by an Config rule. *
* * @param putEvaluationsRequest * @return Result of the PutEvaluations operation returned by the service. * @throws InvalidParameterValueException * One or more of the specified parameters are not valid. Verify that your parameters are valid and try * again. * @throws InvalidResultTokenException * The specifiedResultToken is not valid.
* @throws NoSuchConfigRuleException
* The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that
* the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
* @sample AmazonConfig.PutEvaluations
* @see AWS API
* Documentation
*/
PutEvaluationsResult putEvaluations(PutEvaluationsRequest putEvaluationsRequest);
/**
* * Add or updates the evaluations for process checks. This API checks if the rule is a process check when the name * of the Config rule is provided. *
* * @param putExternalEvaluationRequest * @return Result of the PutExternalEvaluation operation returned by the service. * @throws NoSuchConfigRuleException * The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that * the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again. * @throws InvalidParameterValueException * One or more of the specified parameters are not valid. Verify that your parameters are valid and try * again. * @sample AmazonConfig.PutExternalEvaluation * @see AWS * API Documentation */ PutExternalEvaluationResult putExternalEvaluation(PutExternalEvaluationRequest putExternalEvaluationRequest); /** ** Adds or updates an Config rule for your entire organization to evaluate if your Amazon Web Services resources * comply with your desired configurations. For information on how many organization Config rules you can have per * account, see Service * Limits in the Config Developer Guide. *
*
* Only a management account and a delegated administrator can create or update an organization Config rule. When
* calling this API with a delegated administrator, you must ensure Organizations
* ListDelegatedAdministrator permissions are added. An organization can have up to 3 delegated
* administrators.
*
* This API enables organization service access through the EnableAWSServiceAccess action and creates a
* service-linked role AWSServiceRoleForConfigMultiAccountSetup in the management or delegated
* administrator account of your organization. The service-linked role is created only when the role does not exist
* in the caller account. Config verifies the existence of role with GetRole action.
*
* To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services
* Organization register-delegated-administrator for
* config-multiaccountsetup.amazonaws.com.
*
* There are two types of rules: Config Managed Rules and Config Custom Rules. You can use
* PutOrganizationConfigRule to create both Config Managed Rules and Config Custom Rules.
*
* Config Managed Rules are predefined, customizable rules created by Config. For a list of managed rules, see List of Config
* Managed Rules. If you are adding an Config managed rule, you must specify the rule's identifier for the
* RuleIdentifier key.
*
* Config Custom Rules are rules that you create from scratch. There are two ways to create Config custom rules: * with Lambda functions ( Lambda Developer Guide) and with Guard (Guard GitHub Repository), a policy-as-code * language. Config custom rules created with Lambda are called Config Custom Lambda Rules and Config custom * rules created with Guard are called Config Custom Policy Rules. *
*
* If you are adding a new Config Custom Lambda rule, you first need to create an Lambda function in the management
* account or a delegated administrator that the rule invokes to evaluate your resources. You also need to create an
* IAM role in the managed account that can be assumed by the Lambda function. When you use
* PutOrganizationConfigRule to add a Custom Lambda rule to Config, you must specify the Amazon
* Resource Name (ARN) that Lambda assigns to the function.
*
* Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.
*
* Make sure to specify one of either OrganizationCustomPolicyRuleMetadata for Custom Policy rules,
* OrganizationCustomRuleMetadata for Custom Lambda rules, or
* OrganizationManagedRuleMetadata for managed rules.
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later. *
** For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later. *
** For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this * rule. Delete the remediation action associated with the rule before deleting the rule and try your * request again later. *
** For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again * later. *
** For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request * again later. *
** For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and * deletion is in progress. Try your request again later. *
** For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your * request again later. *
** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following reasons:
*
* No permission to call EnableAWSServiceAccess API
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management * account or the delegated administrator role changed. Delete this aggregator and create a new one with the * current Amazon Web Services Organization. *
** The configuration aggregator is associated with a previous Amazon Web Services Organization and Config * cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a * new one with the current Amazon Web Services Organization. *
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @throws NoAvailableOrganizationException
* Organization is no longer available.
* @throws OrganizationAllFeaturesNotEnabledException
* Config resource cannot be created because your organization does not have all features enabled.
* @throws InsufficientPermissionsException
* Indicates one of the following errors:
*
* For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions * to perform the config:Put* action. *
** For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the * function's permissions. *
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because * you do not have the following permissions: *
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument. *
** Deploys conformance packs across member accounts in an Amazon Web Services Organization. For information on how * many organization conformance packs and how many Config rules you can have per account, see Service Limits in * the Config Developer Guide. *
*
* Only a management account and a delegated administrator can call this API. When calling this API with a delegated
* administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added. An
* organization can have up to 3 delegated administrators.
*
* This API enables organization service access for config-multiaccountsetup.amazonaws.com through the
* EnableAWSServiceAccess action and creates a service-linked role
* AWSServiceRoleForConfigMultiAccountSetup in the management or delegated administrator account of
* your organization. The service-linked role is created only when the role does not exist in the caller account. To
* use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services
* Organization register-delegate-admin for config-multiaccountsetup.amazonaws.com.
*
* Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.
*
* You must specify either the TemplateS3Uri or the TemplateBody parameter, but not both.
* If you provide both Config uses the TemplateS3Uri parameter and ignores the
* TemplateBody parameter.
*
* Config sets the state of a conformance pack to CREATE_IN_PROGRESS and UPDATE_IN_PROGRESS until the conformance * pack is created or updated. You cannot update a conformance pack while it is in this state. *
** For DeleteConfigRule, Config is deleting this rule. Try your request again later. *
** For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later. *
** For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this * rule. Delete the remediation action associated with the rule before deleting the rule and try your * request again later. *
** For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again * later. *
** For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request * again later. *
** For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and * deletion is in progress. Try your request again later. *
** For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your * request again later. *
** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
*
* For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are
* missing required fields or if the input value fails the validation.
* @throws OrganizationAccessDeniedException
* For PutConfigurationAggregator API, you can see this exception for the following reasons:
*
* No permission to call EnableAWSServiceAccess API
*
* The configuration aggregator cannot be updated because your Amazon Web Services Organization management * account or the delegated administrator role changed. Delete this aggregator and create a new one with the * current Amazon Web Services Organization. *
** The configuration aggregator is associated with a previous Amazon Web Services Organization and Config * cannot aggregate data with current Amazon Web Services Organization. Delete this aggregator and create a * new one with the current Amazon Web Services Organization. *
*
* You are not a registered delegated administrator for Config with permissions to call
* ListDelegatedAdministrators API. Ensure that the management account registers delagated
* administrator for Config service principle name before the delegated administrator creates an aggregator.
*
* For all OrganizationConfigRule and OrganizationConformancePack APIs, Config
* throws an exception if APIs are called from member accounts. All APIs must be called from organization
* management account.
* @throws InsufficientPermissionsException
* Indicates one of the following errors:
*
* For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions * to perform the config:Put* action. *
** For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the * function's permissions. *
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because * you do not have the following permissions: *
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument. *
*
* Adds or updates the remediation configuration with a specific Config rule with the selected target or action. The
* API creates the RemediationConfiguration object for the Config rule. The Config rule must already
* exist for you to add a remediation configuration. The target (SSM document) must exist and have permissions to
* use the target.
*
* If you make backward incompatible changes to the SSM document, you must call this again to ensure the * remediations can run. *
** This API does not support adding remediation configurations for service-linked Config Rules such as Organization * Config rules, the rules deployed by conformance packs, and rules deployed by Amazon Web Services Security Hub. *
*
* For manual remediation configuration, you need to provide a value for automationAssumeRole or use a
* value in the assumeRolefield to remediate your resources. The SSM automation document can use either
* as long as it maps to a valid parameter.
*
* However, for automatic remediation configuration, the only valid assumeRole field value is
* AutomationAssumeRole and you need to provide a value for AutomationAssumeRole to
* remediate your resources.
*
* For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions * to perform the config:Put* action. *
** For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the * function's permissions. *
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because * you do not have the following permissions: *
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument. *
** A remediation exception is when a specified resource is no longer considered for auto-remediation. This API adds * a new exception or updates an existing exception for a specified resource with a specified Config rule. *
** Config generates a remediation exception when a problem occurs running a remediation action for a specified * resource. Remediation exceptions blocks auto-remediation until the exception is cleared. *
*
* When placing an exception on an Amazon Web Services resource, it is recommended that remediation is set as manual
* remediation until the given Config rule for the specified resource evaluates the resource as
* NON_COMPLIANT. Once the resource has been evaluated as NON_COMPLIANT, you can add
* remediation exceptions and change the remediation type back from Manual to Auto if you want to use
* auto-remediation. Otherwise, using auto-remediation before a NON_COMPLIANT evaluation result can
* delete resources before the exception is applied.
*
* Placing an exception can only be performed on resources that are NON_COMPLIANT. If you use this API
* for COMPLIANT resources or resources that are NOT_APPLICABLE, a remediation exception
* will not be generated. For more information on the conditions that initiate the possible Config evaluation
* results, see Concepts |
* Config Rules in the Config Developer Guide.
*
* For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions * to perform the config:Put* action. *
** For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the * function's permissions. *
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because * you do not have the following permissions: *
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument. *
** Records the configuration state for the resource provided in the request. The configuration state of a resource * is represented in Config as Configuration Items. Once this API records the configuration item, you can retrieve * the list of configuration items for the custom resource type using existing Config APIs. *
** The custom resource type must be registered with CloudFormation. This API accepts the configuration item * registered with CloudFormation. *
** When you call this API, Config only stores configuration state of the resource provided in the request. This API * does not change or remediate the configuration of the resource. *
** Write-only schema properites are not recorded as part of the published configuration item. *
** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
** For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are * missing required fields or if the input value fails the validation. * @throws InsufficientPermissionsException * Indicates one of the following errors: *
** For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions * to perform the config:Put* action. *
** For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the * function's permissions. *
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because * you do not have the following permissions: *
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument. *
*
* Creates and updates the retention configuration with details about retention period (number of days) that Config
* stores your historical information. The API creates the RetentionConfiguration object and names the
* object as default. When you have a RetentionConfiguration object named default,
* calling the API modifies the default object.
*
* Currently, Config supports only one retention configuration per region in your account. *
*
* Saves a new query or updates an existing saved query. The QueryName must be unique for a single
* Amazon Web Services account and a single Amazon Web Services Region. You can create upto 300 queries in a single
* Amazon Web Services account and a single Amazon Web Services Region.
*
* PutStoredQuery is an idempotent API. Subsequent requests won’t create a duplicate resource if one
* was already created. If a following request has different tags values, Config will ignore these
* differences and treat it as an idempotent request of the previous. In this case, tags will not be
* updated, even if they are different.
*
* For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
** For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are * missing required fields or if the input value fails the validation. * @throws TooManyTagsException * You have reached the limit of the number of tags you can use. For more information, see Service Limits * in the Config Developer Guide. * @throws ResourceConcurrentModificationException * Two users are trying to modify the same query at the same time. Wait for a moment and try again. * @sample AmazonConfig.PutStoredQuery * @see AWS API * Documentation */ PutStoredQueryResult putStoredQuery(PutStoredQueryRequest putStoredQueryRequest); /** *
* Accepts a structured query language (SQL) SELECT command and an aggregator to query configuration state of Amazon * Web Services resources across multiple accounts and regions, performs the corresponding search, and returns * resource configurations matching the properties. *
** For more information about query components, see the Query Components * section in the Config Developer Guide. *
*
* If you run an aggregation query (i.e., using GROUP BY or using aggregate functions such as
* COUNT; e.g.,
* SELECT resourceId, COUNT(*) WHERE resourceType = 'AWS::IAM::Role' GROUP BY resourceId) and do not
* specify the MaxResults or the Limit query parameters, the default page size is set to
* 500.
*
* If you run a non-aggregation query (i.e., not using GROUP BY or aggregate function; e.g.,
* SELECT * WHERE resourceType = 'AWS::IAM::Role') and do not specify the MaxResults or
* the Limit query parameters, the default page size is set to 25.
*
nextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.SelectAggregateResourceConfig
* @see AWS API Documentation
*/
SelectAggregateResourceConfigResult selectAggregateResourceConfig(SelectAggregateResourceConfigRequest selectAggregateResourceConfigRequest);
/**
*
* Accepts a structured query language (SQL) SELECT command, performs the corresponding search, and
* returns resource configurations matching the properties.
*
* For more information about query components, see the Query Components * section in the Config Developer Guide. *
* * @param selectResourceConfigRequest * @return Result of the SelectResourceConfig operation returned by the service. * @throws InvalidExpressionException * The syntax of the query is incorrect. * @throws InvalidLimitException * The specified limit is outside the allowable range. * @throws InvalidNextTokenException * The specified next token is not valid. Specify thenextToken string that was returned in the
* previous response to get the next page of results.
* @sample AmazonConfig.SelectResourceConfig
* @see AWS
* API Documentation
*/
SelectResourceConfigResult selectResourceConfig(SelectResourceConfigRequest selectResourceConfigRequest);
/**
*
* Runs an on-demand evaluation for the specified Config rules against the last known configuration state of the
* resources. Use StartConfigRulesEvaluation when you want to test that a rule you updated is working
* as expected. StartConfigRulesEvaluation does not re-record the latest configuration state for your
* resources. It re-runs an evaluation against the last known state of your resources.
*
* You can specify up to 25 Config rules per request. *
*
* An existing StartConfigRulesEvaluation call for the specified rules must complete before you can
* call the API again. If you chose to have Config stream to an Amazon SNS topic, you will receive a
* ConfigRuleEvaluationStarted notification when the evaluation starts.
*
* You don't need to call the StartConfigRulesEvaluation API to run an evaluation for a new rule. When
* you create a rule, Config evaluates your resources against the rule automatically.
*
* The StartConfigRulesEvaluation API is useful if you want to run on-demand evaluations, such as the
* following example:
*
* You have a custom rule that evaluates your IAM resources every 24 hours. *
** You update your Lambda function to add additional conditions to your rule. *
*
* Instead of waiting for the next periodic evaluation, you call the StartConfigRulesEvaluation API.
*
* Config invokes your Lambda function and evaluates your IAM resources. *
** Your custom rule will still run periodic evaluations every 24 hours. *
*StartConfigRulesEvaluation API, this exception is thrown if an evaluation is in progress
* or if you call the StartConfigRulesEvaluation API more than once per minute.
*
* For PutConfigurationAggregator API, this exception is thrown if the number of accounts and
* aggregators exceeds the limit.
* @throws ResourceInUseException
* You see this exception in the following cases:
*
* For DeleteConfigRule, Config is deleting this rule. Try your request again later. *
** For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later. *
** For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this * rule. Delete the remediation action associated with the rule before deleting the rule and try your * request again later. *
** For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again * later. *
** For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request * again later. *
** For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and * deletion is in progress. Try your request again later. *
** For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your * request again later. *
** Starts recording configurations of the Amazon Web Services resources you have selected to record in your Amazon * Web Services account. *
** You must have created at least one delivery channel to successfully start the configuration recorder. *
* * @param startConfigurationRecorderRequest * The input for the StartConfigurationRecorder action. * @return Result of the StartConfigurationRecorder operation returned by the service. * @throws NoSuchConfigurationRecorderException * You have specified a configuration recorder that does not exist. * @throws NoAvailableDeliveryChannelException * There is no delivery channel available to record configurations. * @sample AmazonConfig.StartConfigurationRecorder * @see AWS API Documentation */ StartConfigurationRecorderResult startConfigurationRecorder(StartConfigurationRecorderRequest startConfigurationRecorderRequest); /** ** Runs an on-demand remediation for the specified Config rules against the last known remediation configuration. It * runs an execution against the current state of your resources. Remediation execution is asynchronous. *
** You can specify up to 100 resource keys per request. An existing StartRemediationExecution call for the specified * resource keys must complete before you can call the API again. *
* * @param startRemediationExecutionRequest * @return Result of the StartRemediationExecution operation returned by the service. * @throws InvalidParameterValueException * One or more of the specified parameters are not valid. Verify that your parameters are valid and try * again. * @throws InsufficientPermissionsException * Indicates one of the following errors: ** For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions * to perform the config:Put* action. *
** For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the * function's permissions. *
*
* For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have
* permissions to call IAM GetRole action or create a service-linked role.
*
* For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because * you do not have the following permissions: *
*
* You do not have permission to call IAM GetRole action or create a service-linked role.
*
* You do not have permission to read Amazon S3 bucket or call SSM:GetDocument. *
** Runs an on-demand evaluation for the specified resource to determine whether the resource details will comply * with configured Config rules. You can also use it for evaluation purposes. Config recommends using an evaluation * context. It runs an execution against the resource details with all of the Config rules in your account that * match with the specified proactive mode and resource type. *
*
* Ensure you have the cloudformation:DescribeType role setup to validate the resource type schema.
*
* You can find the Resource type
* schema in "Amazon Web Services public extensions" within the CloudFormation registry or with the
* following CLI commmand:
* aws cloudformation describe-type --type-name "AWS::S3::Bucket" --type RESOURCE.
*
* For more information, see Managing * extensions through the CloudFormation registry and Amazon * Web Services resource and property types reference in the CloudFormation User Guide. *
** Stops recording configurations of the Amazon Web Services resources you have selected to record in your Amazon * Web Services account. *
* * @param stopConfigurationRecorderRequest * The input for the StopConfigurationRecorder action. * @return Result of the StopConfigurationRecorder operation returned by the service. * @throws NoSuchConfigurationRecorderException * You have specified a configuration recorder that does not exist. * @sample AmazonConfig.StopConfigurationRecorder * @see AWS API Documentation */ StopConfigurationRecorderResult stopConfigurationRecorder(StopConfigurationRecorderRequest stopConfigurationRecorderRequest); /** ** Associates the specified tags to a resource with the specified resourceArn. If existing tags on a resource are * not specified in the request parameters, they are not changed. If existing tags are specified, however, then * their values will be updated. When a resource is deleted, the tags associated with that resource are deleted as * well. *
* * @param tagResourceRequest * @return Result of the TagResource operation returned by the service. * @throws ValidationException * The requested action is not valid. ** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
** For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are * missing required fields or if the input value fails the validation. * @throws ResourceNotFoundException * You have specified a resource that does not exist. * @throws TooManyTagsException * You have reached the limit of the number of tags you can use. For more information, see Service Limits * in the Config Developer Guide. * @sample AmazonConfig.TagResource * @see AWS API * Documentation */ TagResourceResult tagResource(TagResourceRequest tagResourceRequest); /** *
* Deletes specified tags from a resource. *
* * @param untagResourceRequest * @return Result of the UntagResource operation returned by the service. * @throws ValidationException * The requested action is not valid. ** For PutStoredQuery, you will see this exception if there are missing required fields or if the input * value fails the validation, or if you are trying to create more than 300 queries. *
** For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are * missing required fields or if the input value fails the validation. * @throws ResourceNotFoundException * You have specified a resource that does not exist. * @sample AmazonConfig.UntagResource * @see AWS API * Documentation */ UntagResourceResult untagResource(UntagResourceRequest untagResourceRequest); /** * Shuts down this client object, releasing any resources that might be held open. This is an optional method, and * callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client * has been shutdown, it should not be used to make any more requests. */ void shutdown(); /** * Returns additional metadata for a previously executed successful request, typically used for debugging issues * where a service isn't acting as expected. This data isn't considered part of the result data returned by an * operation, so it's available through this separate, diagnostic interface. *
* Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic * information for an executed request, you should use this method to retrieve it as soon as possible after * executing a request. * * @param request * The originally executed request. * * @return The response metadata for the specified request, or null if none is available. */ ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request); }