You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::ConfigService::Client

Inherits:
Seahorse::Client::Base show all
Defined in:
(unknown)

Overview

An API client for AWS Config. To construct a client, you need to configure a :region and :credentials.

configservice = Aws::ConfigService::Client.new(
  region: region_name,
  credentials: credentials,
  # ...
)

See #initialize for a full list of supported configuration options.

Region

You can configure a default region in the following locations:

  • ENV['AWS_REGION']
  • Aws.config[:region]

Go here for a list of supported regions.

Credentials

Default credentials are loaded automatically from the following locations:

  • ENV['AWS_ACCESS_KEY_ID'] and ENV['AWS_SECRET_ACCESS_KEY']
  • Aws.config[:credentials]
  • The shared credentials ini file at ~/.aws/credentials (more information)
  • From an instance profile when running on EC2

You can also construct a credentials object from one of the following classes:

Alternatively, you configure credentials with :access_key_id and :secret_access_key:

# load credentials from disk
creds = YAML.load(File.read('/path/to/secrets'))

Aws::ConfigService::Client.new(
  access_key_id: creds['access_key_id'],
  secret_access_key: creds['secret_access_key']
)

Always load your credentials from outside your application. Avoid configuring credentials statically and never commit them to source control.

Instance Attribute Summary

Attributes inherited from Seahorse::Client::Base

#config, #handlers

Constructor collapse

API Operations collapse

Instance Method Summary collapse

Methods inherited from Seahorse::Client::Base

add_plugin, api, #build_request, clear_plugins, define, new, #operation, #operation_names, plugins, remove_plugin, set_api, set_plugins

Methods included from Seahorse::Client::HandlerBuilder

#handle, #handle_request, #handle_response

Constructor Details

#initialize(options = {}) ⇒ Aws::ConfigService::Client

Constructs an API client.

Options Hash (options):

  • :access_key_id (String)

    Used to set credentials statically. See Plugins::RequestSigner for more details.

  • :convert_params (Boolean) — default: true

    When true, an attempt is made to coerce request parameters into the required types. See Plugins::ParamConverter for more details.

  • :credentials (required, Credentials)

    Your AWS credentials. The following locations will be searched in order for credentials:

    • :access_key_id, :secret_access_key, and :session_token options
    • ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
    • HOME/.aws/credentials shared credentials file
    • EC2 instance profile credentials See Plugins::RequestSigner for more details.
  • :endpoint (String)

    A default endpoint is constructed from the :region. See Plugins::RegionalEndpoint for more details.

  • :http_continue_timeout (Float) — default: 1

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :http_idle_timeout (Integer) — default: 5

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :http_open_timeout (Integer) — default: 15

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :http_proxy (String)

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :http_read_timeout (Integer) — default: 60

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :http_wire_trace (Boolean) — default: false

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :log_level (Symbol) — default: :info

    The log level to send messages to the logger at. See Plugins::Logging for more details.

  • :log_formatter (Logging::LogFormatter)

    The log formatter. Defaults to Seahorse::Client::Logging::Formatter.default. See Plugins::Logging for more details.

  • :logger (Logger) — default: nil

    The Logger instance to send log messages to. If this option is not set, logging will be disabled. See Plugins::Logging for more details.

  • :profile (String)

    Used when loading credentials from the shared credentials file at HOME/.aws/credentials. When not specified, 'default' is used. See Plugins::RequestSigner for more details.

  • :raise_response_errors (Boolean) — default: true

    When true, response errors are raised. See Seahorse::Client::Plugins::RaiseResponseErrors for more details.

  • :region (required, String)

    The AWS region to connect to. The region is used to construct the client endpoint. Defaults to ENV['AWS_REGION']. Also checks AMAZON_REGION and AWS_DEFAULT_REGION. See Plugins::RegionalEndpoint for more details.

  • :retry_limit (Integer) — default: 3

    The maximum number of times to retry failed requests. Only ~ 500 level server errors and certain ~ 400 level client errors are retried. Generally, these are throttling errors, data checksum errors, networking errors, timeout errors and auth errors from expired credentials. See Plugins::RetryErrors for more details.

  • :secret_access_key (String)

    Used to set credentials statically. See Plugins::RequestSigner for more details.

  • :session_token (String)

    Used to set credentials statically. See Plugins::RequestSigner for more details.

  • :simple_json (Boolean) — default: false

    Disables request parameter conversion, validation, and formatting. Also disable response data type conversions. This option is useful when you want to ensure the highest level of performance by avoiding overhead of walking request parameters and response data structures.

    When :simple_json is enabled, the request parameters hash must be formatted exactly as the DynamoDB API expects. See Plugins::Protocols::JsonRpc for more details.

  • :ssl_ca_bundle (String)

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :ssl_ca_directory (String)

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :ssl_ca_store (String)

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :ssl_verify_peer (Boolean) — default: true

    See Seahorse::Client::Plugins::NetHttp for more details.

  • :stub_responses (Boolean) — default: false

    Causes the client to return stubbed responses. By default fake responses are generated and returned. You can specify the response data to return or errors to raise by calling Aws::ClientStubs#stub_responses. See Aws::ClientStubs for more information.

    Please note When response stubbing is enabled, no HTTP requests are made, and retries are disabled. See Plugins::StubResponses for more details.

  • :validate_params (Boolean) — default: true

    When true, request parameters are validated before sending the request. See Plugins::ParamValidator for more details.

Instance Method Details

#delete_config_rule(options = {}) ⇒ Struct

Deletes the specified AWS Config rule and all of its evaluation results.

AWS Config sets the state of a rule to DELETING until the deletion is complete. You cannot update a rule while it is in this state. If you make a PutConfigRule or DeleteConfigRule request for the rule, you will receive a ResourceInUseException.

You can check the state of a rule by using the DescribeConfigRules request.

Examples:

Request syntax with placeholder values


resp = client.delete_config_rule({
  config_rule_name: "StringWithCharLimit64", # required
})

Options Hash (options):

  • :config_rule_name (required, String)

    The name of the AWS Config rule that you want to delete.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#delete_configuration_recorder(options = {}) ⇒ Struct

Deletes the configuration recorder.

After the configuration recorder is deleted, AWS Config will not record resource configuration changes until you create a new configuration recorder.

This action does not delete the configuration information that was previously recorded. You will be able to access the previously recorded information by using the GetResourceConfigHistory action, but you will not be able to access this information in the AWS Config console until you create a new configuration recorder.

Examples:

Request syntax with placeholder values


resp = client.delete_configuration_recorder({
  configuration_recorder_name: "RecorderName", # required
})

Options Hash (options):

  • :configuration_recorder_name (required, String)

    The name of the configuration recorder to be deleted. You can retrieve the name of your configuration recorder by using the DescribeConfigurationRecorders action.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#delete_delivery_channel(options = {}) ⇒ Struct

Deletes the delivery channel.

Before you can delete the delivery channel, you must stop the configuration recorder by using the StopConfigurationRecorder action.

Examples:

Request syntax with placeholder values


resp = client.delete_delivery_channel({
  delivery_channel_name: "ChannelName", # required
})

Options Hash (options):

  • :delivery_channel_name (required, String)

    The name of the delivery channel to delete.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#delete_evaluation_results(options = {}) ⇒ Struct

Deletes the evaluation results for the specified Config rule. You can specify one Config rule per request. After you delete the evaluation results, you can call the StartConfigRulesEvaluation API to start evaluating your AWS resources against the rule.

Examples:

Request syntax with placeholder values


resp = client.delete_evaluation_results({
  config_rule_name: "StringWithCharLimit64", # required
})

Options Hash (options):

  • :config_rule_name (required, String)

    The name of the Config rule for which you want to delete the evaluation results.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#deliver_config_snapshot(options = {}) ⇒ Types::DeliverConfigSnapshotResponse

Schedules delivery of a configuration snapshot to the Amazon S3 bucket in the specified delivery channel. After the delivery has started, AWS Config sends following notifications using an Amazon SNS topic that you have specified.

  • Notification of starting the delivery.

  • Notification of delivery completed, if the delivery was successfully completed.

  • Notification of delivery failure, if the delivery failed to complete.

Examples:

Request syntax with placeholder values


resp = client.deliver_config_snapshot({
  delivery_channel_name: "ChannelName", # required
})

Response structure


resp.config_snapshot_id #=> String

Options Hash (options):

  • :delivery_channel_name (required, String)

    The name of the delivery channel through which the snapshot is delivered.

Returns:

See Also:

#describe_compliance_by_config_rule(options = {}) ⇒ Types::DescribeComplianceByConfigRuleResponse

Indicates whether the specified AWS Config rules are compliant. If a rule is noncompliant, this action returns the number of AWS resources that do not comply with the rule.

A rule is compliant if all of the evaluated resources comply with it, and it is noncompliant if any of these resources do not comply.

If AWS Config has no current evaluation results for the rule, it returns INSUFFICIENT_DATA. This result might indicate one of the following conditions:

  • AWS Config has never invoked an evaluation for the rule. To check whether it has, use the DescribeConfigRuleEvaluationStatus action to get the LastSuccessfulInvocationTime and LastFailedInvocationTime.

  • The rule's AWS Lambda function is failing to send evaluation results to AWS Config. Verify that the role that you assigned to your configuration recorder includes the config:PutEvaluations permission. If the rule is a custom rule, verify that the AWS Lambda execution role includes the config:PutEvaluations permission.

  • The rule's AWS Lambda function has returned NOT_APPLICABLE for all evaluation results. This can occur if the resources were deleted or removed from the rule's scope.

Examples:

Request syntax with placeholder values


resp = client.describe_compliance_by_config_rule({
  config_rule_names: ["StringWithCharLimit64"],
  compliance_types: ["COMPLIANT"], # accepts COMPLIANT, NON_COMPLIANT, NOT_APPLICABLE, INSUFFICIENT_DATA
  next_token: "String",
})

Response structure


resp.compliance_by_config_rules #=> Array
resp.compliance_by_config_rules[0].config_rule_name #=> String
resp.compliance_by_config_rules[0].compliance.compliance_type #=> String, one of "COMPLIANT", "NON_COMPLIANT", "NOT_APPLICABLE", "INSUFFICIENT_DATA"
resp.compliance_by_config_rules[0].compliance.compliance_contributor_count.capped_count #=> Integer
resp.compliance_by_config_rules[0].compliance.compliance_contributor_count.cap_exceeded #=> true/false
resp.next_token #=> String

Options Hash (options):

  • :config_rule_names (Array<String>)

    Specify one or more AWS Config rule names to filter the results by rule.

  • :compliance_types (Array<String>)

    Filters the results by compliance.

    The allowed values are COMPLIANT, NON_COMPLIANT, and INSUFFICIENT_DATA.

  • :next_token (String)

    The NextToken string returned on a previous page that you use to get the next page of results in a paginated response.

Returns:

See Also:

#describe_compliance_by_resource(options = {}) ⇒ Types::DescribeComplianceByResourceResponse

Indicates whether the specified AWS resources are compliant. If a resource is noncompliant, this action returns the number of AWS Config rules that the resource does not comply with.

A resource is compliant if it complies with all the AWS Config rules that evaluate it. It is noncompliant if it does not comply with one or more of these rules.

If AWS Config has no current evaluation results for the resource, it returns INSUFFICIENT_DATA. This result might indicate one of the following conditions about the rules that evaluate the resource:

  • AWS Config has never invoked an evaluation for the rule. To check whether it has, use the DescribeConfigRuleEvaluationStatus action to get the LastSuccessfulInvocationTime and LastFailedInvocationTime.

  • The rule's AWS Lambda function is failing to send evaluation results to AWS Config. Verify that the role that you assigned to your configuration recorder includes the config:PutEvaluations permission. If the rule is a custom rule, verify that the AWS Lambda execution role includes the config:PutEvaluations permission.

  • The rule's AWS Lambda function has returned NOT_APPLICABLE for all evaluation results. This can occur if the resources were deleted or removed from the rule's scope.

Examples:

Request syntax with placeholder values


resp = client.describe_compliance_by_resource({
  resource_type: "StringWithCharLimit256",
  resource_id: "BaseResourceId",
  compliance_types: ["COMPLIANT"], # accepts COMPLIANT, NON_COMPLIANT, NOT_APPLICABLE, INSUFFICIENT_DATA
  limit: 1,
  next_token: "NextToken",
})

Response structure


resp.compliance_by_resources #=> Array
resp.compliance_by_resources[0].resource_type #=> String
resp.compliance_by_resources[0].resource_id #=> String
resp.compliance_by_resources[0].compliance.compliance_type #=> String, one of "COMPLIANT", "NON_COMPLIANT", "NOT_APPLICABLE", "INSUFFICIENT_DATA"
resp.compliance_by_resources[0].compliance.compliance_contributor_count.capped_count #=> Integer
resp.compliance_by_resources[0].compliance.compliance_contributor_count.cap_exceeded #=> true/false
resp.next_token #=> String

Options Hash (options):

  • :resource_type (String)

    The types of AWS resources for which you want compliance information; for example, AWS::EC2::Instance. For this action, you can specify that the resource type is an AWS account by specifying AWS::::Account.

  • :resource_id (String)

    The ID of the AWS resource for which you want compliance information. You can specify only one resource ID. If you specify a resource ID, you must also specify a type for ResourceType.

  • :compliance_types (Array<String>)

    Filters the results by compliance.

    The allowed values are COMPLIANT, NON_COMPLIANT, and INSUFFICIENT_DATA.

  • :limit (Integer)

    The maximum number of evaluation results returned on each page. The default is 10. You cannot specify a limit greater than 100. If you specify 0, AWS Config uses the default.

  • :next_token (String)

    The NextToken string returned on a previous page that you use to get the next page of results in a paginated response.

Returns:

See Also:

#describe_config_rule_evaluation_status(options = {}) ⇒ Types::DescribeConfigRuleEvaluationStatusResponse

Returns status information for each of your AWS managed Config rules. The status includes information such as the last time AWS Config invoked the rule, the last time AWS Config failed to invoke the rule, and the related error for the last failure.

Examples:

Request syntax with placeholder values


resp = client.describe_config_rule_evaluation_status({
  config_rule_names: ["StringWithCharLimit64"],
  next_token: "String",
  limit: 1,
})

Response structure


resp.config_rules_evaluation_status #=> Array
resp.config_rules_evaluation_status[0].config_rule_name #=> String
resp.config_rules_evaluation_status[0].config_rule_arn #=> String
resp.config_rules_evaluation_status[0].config_rule_id #=> String
resp.config_rules_evaluation_status[0].last_successful_invocation_time #=> Time
resp.config_rules_evaluation_status[0].last_failed_invocation_time #=> Time
resp.config_rules_evaluation_status[0].last_successful_evaluation_time #=> Time
resp.config_rules_evaluation_status[0].last_failed_evaluation_time #=> Time
resp.config_rules_evaluation_status[0].first_activated_time #=> Time
resp.config_rules_evaluation_status[0].last_error_code #=> String
resp.config_rules_evaluation_status[0].last_error_message #=> String
resp.config_rules_evaluation_status[0].first_evaluation_started #=> true/false
resp.next_token #=> String

Options Hash (options):

  • :config_rule_names (Array<String>)

    The name of the AWS managed Config rules for which you want status information. If you do not specify any names, AWS Config returns status information for all AWS managed Config rules that you use.

  • :next_token (String)

    The NextToken string returned on a previous page that you use to get the next page of results in a paginated response.

  • :limit (Integer)

    The number of rule evaluation results that you want returned.

    This parameter is required if the rule limit for your account is more than the default of 50 rules.

    For more information about requesting a rule limit increase, see AWS Config Limits in the AWS General Reference Guide.

Returns:

See Also:

#describe_config_rules(options = {}) ⇒ Types::DescribeConfigRulesResponse

Returns details about your AWS Config rules.

Examples:

Request syntax with placeholder values


resp = client.describe_config_rules({
  config_rule_names: ["StringWithCharLimit64"],
  next_token: "String",
})

Response structure


resp.config_rules #=> Array
resp.config_rules[0].config_rule_name #=> String
resp.config_rules[0].config_rule_arn #=> String
resp.config_rules[0].config_rule_id #=> String
resp.config_rules[0].description #=> String
resp.config_rules[0].scope.compliance_resource_types #=> Array
resp.config_rules[0].scope.compliance_resource_types[0] #=> String
resp.config_rules[0].scope.tag_key #=> String
resp.config_rules[0].scope.tag_value #=> String
resp.config_rules[0].scope.compliance_resource_id #=> String
resp.config_rules[0].source.owner #=> String, one of "CUSTOM_LAMBDA", "AWS"
resp.config_rules[0].source.source_identifier #=> String
resp.config_rules[0].source.source_details #=> Array
resp.config_rules[0].source.source_details[0].event_source #=> String, one of "aws.config"
resp.config_rules[0].source.source_details[0].message_type #=> String, one of "ConfigurationItemChangeNotification", "ConfigurationSnapshotDeliveryCompleted", "ScheduledNotification", "OversizedConfigurationItemChangeNotification"
resp.config_rules[0].source.source_details[0].maximum_execution_frequency #=> String, one of "One_Hour", "Three_Hours", "Six_Hours", "Twelve_Hours", "TwentyFour_Hours"
resp.config_rules[0].input_parameters #=> String
resp.config_rules[0].maximum_execution_frequency #=> String, one of "One_Hour", "Three_Hours", "Six_Hours", "Twelve_Hours", "TwentyFour_Hours"
resp.config_rules[0].config_rule_state #=> String, one of "ACTIVE", "DELETING", "DELETING_RESULTS", "EVALUATING"
resp.next_token #=> String

Options Hash (options):

  • :config_rule_names (Array<String>)

    The names of the AWS Config rules for which you want details. If you do not specify any names, AWS Config returns details for all your rules.

  • :next_token (String)

    The NextToken string returned on a previous page that you use to get the next page of results in a paginated response.

Returns:

See Also:

#describe_configuration_recorder_status(options = {}) ⇒ Types::DescribeConfigurationRecorderStatusResponse

Returns the current status of the specified configuration recorder. If a configuration recorder is not specified, this action returns the status of all configuration recorder associated with the account.

Currently, you can specify only one configuration recorder per region in your account.

Examples:

Request syntax with placeholder values


resp = client.describe_configuration_recorder_status({
  configuration_recorder_names: ["RecorderName"],
})

Response structure


resp.configuration_recorders_status #=> Array
resp.configuration_recorders_status[0].name #=> String
resp.configuration_recorders_status[0].last_start_time #=> Time
resp.configuration_recorders_status[0].last_stop_time #=> Time
resp.configuration_recorders_status[0].recording #=> true/false
resp.configuration_recorders_status[0].last_status #=> String, one of "Pending", "Success", "Failure"
resp.configuration_recorders_status[0].last_error_code #=> String
resp.configuration_recorders_status[0].last_error_message #=> String
resp.configuration_recorders_status[0].last_status_change_time #=> Time

Options Hash (options):

  • :configuration_recorder_names (Array<String>)

    The name(s) of the configuration recorder. If the name is not specified, the action returns the current status of all the configuration recorders associated with the account.

Returns:

See Also:

#describe_configuration_recorders(options = {}) ⇒ Types::DescribeConfigurationRecordersResponse

Returns the details for the specified configuration recorders. If the configuration recorder is not specified, this action returns the details for all configuration recorders associated with the account.

Currently, you can specify only one configuration recorder per region in your account.

Examples:

Request syntax with placeholder values


resp = client.describe_configuration_recorders({
  configuration_recorder_names: ["RecorderName"],
})

Response structure


resp.configuration_recorders #=> Array
resp.configuration_recorders[0].name #=> String
resp.configuration_recorders[0].role_arn #=> String
resp.configuration_recorders[0].recording_group.all_supported #=> true/false
resp.configuration_recorders[0].recording_group.include_global_resource_types #=> true/false
resp.configuration_recorders[0].recording_group.resource_types #=> Array
resp.configuration_recorders[0].recording_group.resource_types[0] #=> String, one of "AWS::EC2::CustomerGateway", "AWS::EC2::EIP", "AWS::EC2::Host", "AWS::EC2::Instance", "AWS::EC2::InternetGateway", "AWS::EC2::NetworkAcl", "AWS::EC2::NetworkInterface", "AWS::EC2::RouteTable", "AWS::EC2::SecurityGroup", "AWS::EC2::Subnet", "AWS::CloudTrail::Trail", "AWS::EC2::Volume", "AWS::EC2::VPC", "AWS::EC2::VPNConnection", "AWS::EC2::VPNGateway", "AWS::IAM::Group", "AWS::IAM::Policy", "AWS::IAM::Role", "AWS::IAM::User", "AWS::ACM::Certificate", "AWS::RDS::DBInstance", "AWS::RDS::DBSubnetGroup", "AWS::RDS::DBSecurityGroup", "AWS::RDS::DBSnapshot", "AWS::RDS::EventSubscription", "AWS::ElasticLoadBalancingV2::LoadBalancer", "AWS::S3::Bucket", "AWS::SSM::ManagedInstanceInventory", "AWS::Redshift::Cluster", "AWS::Redshift::ClusterSnapshot", "AWS::Redshift::ClusterParameterGroup", "AWS::Redshift::ClusterSecurityGroup", "AWS::Redshift::ClusterSubnetGroup", "AWS::Redshift::EventSubscription", "AWS::CloudWatch::Alarm", "AWS::CloudFormation::Stack", "AWS::DynamoDB::Table", "AWS::AutoScaling::AutoScalingGroup", "AWS::AutoScaling::LaunchConfiguration", "AWS::AutoScaling::ScalingPolicy", "AWS::AutoScaling::ScheduledAction"

Options Hash (options):

  • :configuration_recorder_names (Array<String>)

    A list of configuration recorder names.

Returns:

See Also:

#describe_delivery_channel_status(options = {}) ⇒ Types::DescribeDeliveryChannelStatusResponse

Returns the current status of the specified delivery channel. If a delivery channel is not specified, this action returns the current status of all delivery channels associated with the account.

Currently, you can specify only one delivery channel per region in your account.

Examples:

Request syntax with placeholder values


resp = client.describe_delivery_channel_status({
  delivery_channel_names: ["ChannelName"],
})

Response structure


resp.delivery_channels_status #=> Array
resp.delivery_channels_status[0].name #=> String
resp.delivery_channels_status[0].config_snapshot_delivery_info.last_status #=> String, one of "Success", "Failure", "Not_Applicable"
resp.delivery_channels_status[0].config_snapshot_delivery_info.last_error_code #=> String
resp.delivery_channels_status[0].config_snapshot_delivery_info.last_error_message #=> String
resp.delivery_channels_status[0].config_snapshot_delivery_info.last_attempt_time #=> Time
resp.delivery_channels_status[0].config_snapshot_delivery_info.last_successful_time #=> Time
resp.delivery_channels_status[0].config_snapshot_delivery_info.next_delivery_time #=> Time
resp.delivery_channels_status[0].config_history_delivery_info.last_status #=> String, one of "Success", "Failure", "Not_Applicable"
resp.delivery_channels_status[0].config_history_delivery_info.last_error_code #=> String
resp.delivery_channels_status[0].config_history_delivery_info.last_error_message #=> String
resp.delivery_channels_status[0].config_history_delivery_info.last_attempt_time #=> Time
resp.delivery_channels_status[0].config_history_delivery_info.last_successful_time #=> Time
resp.delivery_channels_status[0].config_history_delivery_info.next_delivery_time #=> Time
resp.delivery_channels_status[0].config_stream_delivery_info.last_status #=> String, one of "Success", "Failure", "Not_Applicable"
resp.delivery_channels_status[0].config_stream_delivery_info.last_error_code #=> String
resp.delivery_channels_status[0].config_stream_delivery_info.last_error_message #=> String
resp.delivery_channels_status[0].config_stream_delivery_info.last_status_change_time #=> Time

Options Hash (options):

  • :delivery_channel_names (Array<String>)

    A list of delivery channel names.

Returns:

See Also:

#describe_delivery_channels(options = {}) ⇒ Types::DescribeDeliveryChannelsResponse

Returns details about the specified delivery channel. If a delivery channel is not specified, this action returns the details of all delivery channels associated with the account.

Currently, you can specify only one delivery channel per region in your account.

Examples:

Request syntax with placeholder values


resp = client.describe_delivery_channels({
  delivery_channel_names: ["ChannelName"],
})

Response structure


resp.delivery_channels #=> Array
resp.delivery_channels[0].name #=> String
resp.delivery_channels[0].s3_bucket_name #=> String
resp.delivery_channels[0].s3_key_prefix #=> String
resp.delivery_channels[0].sns_topic_arn #=> String
resp.delivery_channels[0].config_snapshot_delivery_properties.delivery_frequency #=> String, one of "One_Hour", "Three_Hours", "Six_Hours", "Twelve_Hours", "TwentyFour_Hours"

Options Hash (options):

  • :delivery_channel_names (Array<String>)

    A list of delivery channel names.

Returns:

See Also:

#get_compliance_details_by_config_rule(options = {}) ⇒ Types::GetComplianceDetailsByConfigRuleResponse

Returns the evaluation results for the specified AWS Config rule. The results indicate which AWS resources were evaluated by the rule, when each resource was last evaluated, and whether each resource complies with the rule.

Examples:

Request syntax with placeholder values


resp = client.get_compliance_details_by_config_rule({
  config_rule_name: "StringWithCharLimit64", # required
  compliance_types: ["COMPLIANT"], # accepts COMPLIANT, NON_COMPLIANT, NOT_APPLICABLE, INSUFFICIENT_DATA
  limit: 1,
  next_token: "NextToken",
})

Response structure


resp.evaluation_results #=> Array
resp.evaluation_results[0].evaluation_result_identifier.evaluation_result_qualifier.config_rule_name #=> String
resp.evaluation_results[0].evaluation_result_identifier.evaluation_result_qualifier.resource_type #=> String
resp.evaluation_results[0].evaluation_result_identifier.evaluation_result_qualifier.resource_id #=> String
resp.evaluation_results[0].evaluation_result_identifier.ordering_timestamp #=> Time
resp.evaluation_results[0].compliance_type #=> String, one of "COMPLIANT", "NON_COMPLIANT", "NOT_APPLICABLE", "INSUFFICIENT_DATA"
resp.evaluation_results[0].result_recorded_time #=> Time
resp.evaluation_results[0].config_rule_invoked_time #=> Time
resp.evaluation_results[0].annotation #=> String
resp.evaluation_results[0].result_token #=> String
resp.next_token #=> String

Options Hash (options):

  • :config_rule_name (required, String)

    The name of the AWS Config rule for which you want compliance information.

  • :compliance_types (Array<String>)

    Filters the results by compliance.

    The allowed values are COMPLIANT, NON_COMPLIANT, and NOT_APPLICABLE.

  • :limit (Integer)

    The maximum number of evaluation results returned on each page. The default is 10. You cannot specify a limit greater than 100. If you specify 0, AWS Config uses the default.

  • :next_token (String)

    The NextToken string returned on a previous page that you use to get the next page of results in a paginated response.

Returns:

See Also:

#get_compliance_details_by_resource(options = {}) ⇒ Types::GetComplianceDetailsByResourceResponse

Returns the evaluation results for the specified AWS resource. The results indicate which AWS Config rules were used to evaluate the resource, when each rule was last used, and whether the resource complies with each rule.

Examples:

Request syntax with placeholder values


resp = client.get_compliance_details_by_resource({
  resource_type: "StringWithCharLimit256", # required
  resource_id: "BaseResourceId", # required
  compliance_types: ["COMPLIANT"], # accepts COMPLIANT, NON_COMPLIANT, NOT_APPLICABLE, INSUFFICIENT_DATA
  next_token: "String",
})

Response structure


resp.evaluation_results #=> Array
resp.evaluation_results[0].evaluation_result_identifier.evaluation_result_qualifier.config_rule_name #=> String
resp.evaluation_results[0].evaluation_result_identifier.evaluation_result_qualifier.resource_type #=> String
resp.evaluation_results[0].evaluation_result_identifier.evaluation_result_qualifier.resource_id #=> String
resp.evaluation_results[0].evaluation_result_identifier.ordering_timestamp #=> Time
resp.evaluation_results[0].compliance_type #=> String, one of "COMPLIANT", "NON_COMPLIANT", "NOT_APPLICABLE", "INSUFFICIENT_DATA"
resp.evaluation_results[0].result_recorded_time #=> Time
resp.evaluation_results[0].config_rule_invoked_time #=> Time
resp.evaluation_results[0].annotation #=> String
resp.evaluation_results[0].result_token #=> String
resp.next_token #=> String

Options Hash (options):

  • :resource_type (required, String)

    The type of the AWS resource for which you want compliance information.

  • :resource_id (required, String)

    The ID of the AWS resource for which you want compliance information.

  • :compliance_types (Array<String>)

    Filters the results by compliance.

    The allowed values are COMPLIANT, NON_COMPLIANT, and NOT_APPLICABLE.

  • :next_token (String)

    The NextToken string returned on a previous page that you use to get the next page of results in a paginated response.

Returns:

See Also:

#get_compliance_summary_by_config_rule(options = {}) ⇒ Types::GetComplianceSummaryByConfigRuleResponse

Returns the number of AWS Config rules that are compliant and noncompliant, up to a maximum of 25 for each.

Examples:

Request syntax with placeholder values


resp = client.get_compliance_summary_by_config_rule()

Response structure


resp.compliance_summary.compliant_resource_count.capped_count #=> Integer
resp.compliance_summary.compliant_resource_count.cap_exceeded #=> true/false
resp.compliance_summary.non_compliant_resource_count.capped_count #=> Integer
resp.compliance_summary.non_compliant_resource_count.cap_exceeded #=> true/false
resp.compliance_summary.compliance_summary_timestamp #=> Time

Returns:

See Also:

#get_compliance_summary_by_resource_type(options = {}) ⇒ Types::GetComplianceSummaryByResourceTypeResponse

Returns the number of resources that are compliant and the number that are noncompliant. You can specify one or more resource types to get these numbers for each resource type. The maximum number returned is 100.

Examples:

Request syntax with placeholder values


resp = client.get_compliance_summary_by_resource_type({
  resource_types: ["StringWithCharLimit256"],
})

Response structure


resp.compliance_summaries_by_resource_type #=> Array
resp.compliance_summaries_by_resource_type[0].resource_type #=> String
resp.compliance_summaries_by_resource_type[0].compliance_summary.compliant_resource_count.capped_count #=> Integer
resp.compliance_summaries_by_resource_type[0].compliance_summary.compliant_resource_count.cap_exceeded #=> true/false
resp.compliance_summaries_by_resource_type[0].compliance_summary.non_compliant_resource_count.capped_count #=> Integer
resp.compliance_summaries_by_resource_type[0].compliance_summary.non_compliant_resource_count.cap_exceeded #=> true/false
resp.compliance_summaries_by_resource_type[0].compliance_summary.compliance_summary_timestamp #=> Time

Options Hash (options):

  • :resource_types (Array<String>)

    Specify one or more resource types to get the number of resources that are compliant and the number that are noncompliant for each resource type.

    For this request, you can specify an AWS resource type such as AWS::EC2::Instance, and you can specify that the resource type is an AWS account by specifying AWS::::Account.

Returns:

See Also:

#get_discovered_resource_counts(options = {}) ⇒ Types::GetDiscoveredResourceCountsResponse

Returns the resource types, the number of each resource type, and the total number of resources that AWS Config is recording in this region for your AWS account.

Example

  1. AWS Config is recording three resource types in the US East (Ohio) Region for your account: 25 EC2 instances, 20 IAM users, and 15 S3 buckets.

  2. You make a call to the GetDiscoveredResourceCounts action and specify that you want all resource types.

  3. AWS Config returns the following:

    • The resource types (EC2 instances, IAM users, and S3 buckets)

    • The number of each resource type (25, 20, and 15)

    • The total number of all resources (60)

The response is paginated. By default, AWS Config lists 100 ResourceCount objects on each page. You can customize this number with the limit parameter. The response includes a nextToken string. To get the next page of results, run the request again and specify the string for the nextToken parameter.

If you make a call to the GetDiscoveredResourceCounts action, you may not immediately receive resource counts in the following situations:

  • You are a new AWS Config customer

  • You just enabled resource recording

It may take a few minutes for AWS Config to record and count your resources. Wait a few minutes and then retry the GetDiscoveredResourceCounts action.

Examples:

Request syntax with placeholder values


resp = client.get_discovered_resource_counts({
  resource_types: ["StringWithCharLimit256"],
  limit: 1,
  next_token: "NextToken",
})

Response structure


resp.total_discovered_resources #=> Integer
resp.resource_counts #=> Array
resp.resource_counts[0].resource_type #=> String, one of "AWS::EC2::CustomerGateway", "AWS::EC2::EIP", "AWS::EC2::Host", "AWS::EC2::Instance", "AWS::EC2::InternetGateway", "AWS::EC2::NetworkAcl", "AWS::EC2::NetworkInterface", "AWS::EC2::RouteTable", "AWS::EC2::SecurityGroup", "AWS::EC2::Subnet", "AWS::CloudTrail::Trail", "AWS::EC2::Volume", "AWS::EC2::VPC", "AWS::EC2::VPNConnection", "AWS::EC2::VPNGateway", "AWS::IAM::Group", "AWS::IAM::Policy", "AWS::IAM::Role", "AWS::IAM::User", "AWS::ACM::Certificate", "AWS::RDS::DBInstance", "AWS::RDS::DBSubnetGroup", "AWS::RDS::DBSecurityGroup", "AWS::RDS::DBSnapshot", "AWS::RDS::EventSubscription", "AWS::ElasticLoadBalancingV2::LoadBalancer", "AWS::S3::Bucket", "AWS::SSM::ManagedInstanceInventory", "AWS::Redshift::Cluster", "AWS::Redshift::ClusterSnapshot", "AWS::Redshift::ClusterParameterGroup", "AWS::Redshift::ClusterSecurityGroup", "AWS::Redshift::ClusterSubnetGroup", "AWS::Redshift::EventSubscription", "AWS::CloudWatch::Alarm", "AWS::CloudFormation::Stack", "AWS::DynamoDB::Table", "AWS::AutoScaling::AutoScalingGroup", "AWS::AutoScaling::LaunchConfiguration", "AWS::AutoScaling::ScalingPolicy", "AWS::AutoScaling::ScheduledAction"
resp.resource_counts[0].count #=> Integer
resp.next_token #=> String

Options Hash (options):

  • :resource_types (Array<String>)

    The comma-separated list that specifies the resource types that you want the AWS Config to return. For example, ("AWS::EC2::Instance", "AWS::IAM::User").

    If a value for resourceTypes is not specified, AWS Config returns all resource types that AWS Config is recording in the region for your account.

    If the configuration recorder is turned off, AWS Config returns an empty list of ResourceCount objects. If the configuration recorder is not recording a specific resource type (for example, S3 buckets), that resource type is not returned in the list of ResourceCount objects.

  • :limit (Integer)

    The maximum number of ResourceCount objects returned on each page. The default is 100. You cannot specify a limit greater than 100. If you specify 0, AWS Config uses the default.

  • :next_token (String)

    The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.

Returns:

See Also:

#get_resource_config_history(options = {}) ⇒ Types::GetResourceConfigHistoryResponse

Returns a list of configuration items for the specified resource. The list contains details about each state of the resource during the specified time interval.

The response is paginated. By default, AWS Config returns a limit of 10 configuration items per page. You can customize this number with the limit parameter. The response includes a nextToken string. To get the next page of results, run the request again and specify the string for the nextToken parameter.

Each call to the API is limited to span a duration of seven days. It is likely that the number of records returned is smaller than the specified limit. In such cases, you can make another call, using the nextToken.

Examples:

Request syntax with placeholder values


resp = client.get_resource_config_history({
  resource_type: "AWS::EC2::CustomerGateway", # required, accepts AWS::EC2::CustomerGateway, AWS::EC2::EIP, AWS::EC2::Host, AWS::EC2::Instance, AWS::EC2::InternetGateway, AWS::EC2::NetworkAcl, AWS::EC2::NetworkInterface, AWS::EC2::RouteTable, AWS::EC2::SecurityGroup, AWS::EC2::Subnet, AWS::CloudTrail::Trail, AWS::EC2::Volume, AWS::EC2::VPC, AWS::EC2::VPNConnection, AWS::EC2::VPNGateway, AWS::IAM::Group, AWS::IAM::Policy, AWS::IAM::Role, AWS::IAM::User, AWS::ACM::Certificate, AWS::RDS::DBInstance, AWS::RDS::DBSubnetGroup, AWS::RDS::DBSecurityGroup, AWS::RDS::DBSnapshot, AWS::RDS::EventSubscription, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::S3::Bucket, AWS::SSM::ManagedInstanceInventory, AWS::Redshift::Cluster, AWS::Redshift::ClusterSnapshot, AWS::Redshift::ClusterParameterGroup, AWS::Redshift::ClusterSecurityGroup, AWS::Redshift::ClusterSubnetGroup, AWS::Redshift::EventSubscription, AWS::CloudWatch::Alarm, AWS::CloudFormation::Stack, AWS::DynamoDB::Table, AWS::AutoScaling::AutoScalingGroup, AWS::AutoScaling::LaunchConfiguration, AWS::AutoScaling::ScalingPolicy, AWS::AutoScaling::ScheduledAction
  resource_id: "ResourceId", # required
  later_time: Time.now,
  earlier_time: Time.now,
  chronological_order: "Reverse", # accepts Reverse, Forward
  limit: 1,
  next_token: "NextToken",
})

Response structure


resp.configuration_items #=> Array
resp.configuration_items[0].version #=> String
resp.configuration_items[0]. #=> String
resp.configuration_items[0].configuration_item_capture_time #=> Time
resp.configuration_items[0].configuration_item_status #=> String, one of "Ok", "Failed", "Discovered", "Deleted"
resp.configuration_items[0].configuration_state_id #=> String
resp.configuration_items[0].configuration_item_md5_hash #=> String
resp.configuration_items[0].arn #=> String
resp.configuration_items[0].resource_type #=> String, one of "AWS::EC2::CustomerGateway", "AWS::EC2::EIP", "AWS::EC2::Host", "AWS::EC2::Instance", "AWS::EC2::InternetGateway", "AWS::EC2::NetworkAcl", "AWS::EC2::NetworkInterface", "AWS::EC2::RouteTable", "AWS::EC2::SecurityGroup", "AWS::EC2::Subnet", "AWS::CloudTrail::Trail", "AWS::EC2::Volume", "AWS::EC2::VPC", "AWS::EC2::VPNConnection", "AWS::EC2::VPNGateway", "AWS::IAM::Group", "AWS::IAM::Policy", "AWS::IAM::Role", "AWS::IAM::User", "AWS::ACM::Certificate", "AWS::RDS::DBInstance", "AWS::RDS::DBSubnetGroup", "AWS::RDS::DBSecurityGroup", "AWS::RDS::DBSnapshot", "AWS::RDS::EventSubscription", "AWS::ElasticLoadBalancingV2::LoadBalancer", "AWS::S3::Bucket", "AWS::SSM::ManagedInstanceInventory", "AWS::Redshift::Cluster", "AWS::Redshift::ClusterSnapshot", "AWS::Redshift::ClusterParameterGroup", "AWS::Redshift::ClusterSecurityGroup", "AWS::Redshift::ClusterSubnetGroup", "AWS::Redshift::EventSubscription", "AWS::CloudWatch::Alarm", "AWS::CloudFormation::Stack", "AWS::DynamoDB::Table", "AWS::AutoScaling::AutoScalingGroup", "AWS::AutoScaling::LaunchConfiguration", "AWS::AutoScaling::ScalingPolicy", "AWS::AutoScaling::ScheduledAction"
resp.configuration_items[0].resource_id #=> String
resp.configuration_items[0].resource_name #=> String
resp.configuration_items[0].aws_region #=> String
resp.configuration_items[0].availability_zone #=> String
resp.configuration_items[0].resource_creation_time #=> Time
resp.configuration_items[0].tags #=> Hash
resp.configuration_items[0].tags["Name"] #=> String
resp.configuration_items[0].related_events #=> Array
resp.configuration_items[0].related_events[0] #=> String
resp.configuration_items[0].relationships #=> Array
resp.configuration_items[0].relationships[0].resource_type #=> String, one of "AWS::EC2::CustomerGateway", "AWS::EC2::EIP", "AWS::EC2::Host", "AWS::EC2::Instance", "AWS::EC2::InternetGateway", "AWS::EC2::NetworkAcl", "AWS::EC2::NetworkInterface", "AWS::EC2::RouteTable", "AWS::EC2::SecurityGroup", "AWS::EC2::Subnet", "AWS::CloudTrail::Trail", "AWS::EC2::Volume", "AWS::EC2::VPC", "AWS::EC2::VPNConnection", "AWS::EC2::VPNGateway", "AWS::IAM::Group", "AWS::IAM::Policy", "AWS::IAM::Role", "AWS::IAM::User", "AWS::ACM::Certificate", "AWS::RDS::DBInstance", "AWS::RDS::DBSubnetGroup", "AWS::RDS::DBSecurityGroup", "AWS::RDS::DBSnapshot", "AWS::RDS::EventSubscription", "AWS::ElasticLoadBalancingV2::LoadBalancer", "AWS::S3::Bucket", "AWS::SSM::ManagedInstanceInventory", "AWS::Redshift::Cluster", "AWS::Redshift::ClusterSnapshot", "AWS::Redshift::ClusterParameterGroup", "AWS::Redshift::ClusterSecurityGroup", "AWS::Redshift::ClusterSubnetGroup", "AWS::Redshift::EventSubscription", "AWS::CloudWatch::Alarm", "AWS::CloudFormation::Stack", "AWS::DynamoDB::Table", "AWS::AutoScaling::AutoScalingGroup", "AWS::AutoScaling::LaunchConfiguration", "AWS::AutoScaling::ScalingPolicy", "AWS::AutoScaling::ScheduledAction"
resp.configuration_items[0].relationships[0].resource_id #=> String
resp.configuration_items[0].relationships[0].resource_name #=> String
resp.configuration_items[0].relationships[0].relationship_name #=> String
resp.configuration_items[0].configuration #=> String
resp.configuration_items[0].supplementary_configuration #=> Hash
resp.configuration_items[0].supplementary_configuration["SupplementaryConfigurationName"] #=> String
resp.next_token #=> String

Options Hash (options):

  • :resource_type (required, String)

    The resource type.

  • :resource_id (required, String)

    The ID of the resource (for example., sg-xxxxxx).

  • :later_time (Time)

    The time stamp that indicates a later time. If not specified, current time is taken.

  • :earlier_time (Time)

    The time stamp that indicates an earlier time. If not specified, the action returns paginated results that contain configuration items that start from when the first configuration item was recorded.

  • :chronological_order (String)

    The chronological order for configuration items listed. By default the results are listed in reverse chronological order.

  • :limit (Integer)

    The maximum number of configuration items returned on each page. The default is 10. You cannot specify a limit greater than 100. If you specify 0, AWS Config uses the default.

  • :next_token (String)

    The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.

Returns:

See Also:

#list_discovered_resources(options = {}) ⇒ Types::ListDiscoveredResourcesResponse

Accepts a resource type and returns a list of resource identifiers for the resources of that type. A resource identifier includes the resource type, ID, and (if available) the custom resource name. The results consist of resources that AWS Config has discovered, including those that AWS Config is not currently recording. You can narrow the results to include only resources that have specific resource IDs or a resource name.

You can specify either resource IDs or a resource name but not both in the same request.

The response is paginated. By default, AWS Config lists 100 resource identifiers on each page. You can customize this number with the limit parameter. The response includes a nextToken string. To get the next page of results, run the request again and specify the string for the nextToken parameter.

Examples:

Request syntax with placeholder values


resp = client.list_discovered_resources({
  resource_type: "AWS::EC2::CustomerGateway", # required, accepts AWS::EC2::CustomerGateway, AWS::EC2::EIP, AWS::EC2::Host, AWS::EC2::Instance, AWS::EC2::InternetGateway, AWS::EC2::NetworkAcl, AWS::EC2::NetworkInterface, AWS::EC2::RouteTable, AWS::EC2::SecurityGroup, AWS::EC2::Subnet, AWS::CloudTrail::Trail, AWS::EC2::Volume, AWS::EC2::VPC, AWS::EC2::VPNConnection, AWS::EC2::VPNGateway, AWS::IAM::Group, AWS::IAM::Policy, AWS::IAM::Role, AWS::IAM::User, AWS::ACM::Certificate, AWS::RDS::DBInstance, AWS::RDS::DBSubnetGroup, AWS::RDS::DBSecurityGroup, AWS::RDS::DBSnapshot, AWS::RDS::EventSubscription, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::S3::Bucket, AWS::SSM::ManagedInstanceInventory, AWS::Redshift::Cluster, AWS::Redshift::ClusterSnapshot, AWS::Redshift::ClusterParameterGroup, AWS::Redshift::ClusterSecurityGroup, AWS::Redshift::ClusterSubnetGroup, AWS::Redshift::EventSubscription, AWS::CloudWatch::Alarm, AWS::CloudFormation::Stack, AWS::DynamoDB::Table, AWS::AutoScaling::AutoScalingGroup, AWS::AutoScaling::LaunchConfiguration, AWS::AutoScaling::ScalingPolicy, AWS::AutoScaling::ScheduledAction
  resource_ids: ["ResourceId"],
  resource_name: "ResourceName",
  limit: 1,
  include_deleted_resources: false,
  next_token: "NextToken",
})

Response structure


resp.resource_identifiers #=> Array
resp.resource_identifiers[0].resource_type #=> String, one of "AWS::EC2::CustomerGateway", "AWS::EC2::EIP", "AWS::EC2::Host", "AWS::EC2::Instance", "AWS::EC2::InternetGateway", "AWS::EC2::NetworkAcl", "AWS::EC2::NetworkInterface", "AWS::EC2::RouteTable", "AWS::EC2::SecurityGroup", "AWS::EC2::Subnet", "AWS::CloudTrail::Trail", "AWS::EC2::Volume", "AWS::EC2::VPC", "AWS::EC2::VPNConnection", "AWS::EC2::VPNGateway", "AWS::IAM::Group", "AWS::IAM::Policy", "AWS::IAM::Role", "AWS::IAM::User", "AWS::ACM::Certificate", "AWS::RDS::DBInstance", "AWS::RDS::DBSubnetGroup", "AWS::RDS::DBSecurityGroup", "AWS::RDS::DBSnapshot", "AWS::RDS::EventSubscription", "AWS::ElasticLoadBalancingV2::LoadBalancer", "AWS::S3::Bucket", "AWS::SSM::ManagedInstanceInventory", "AWS::Redshift::Cluster", "AWS::Redshift::ClusterSnapshot", "AWS::Redshift::ClusterParameterGroup", "AWS::Redshift::ClusterSecurityGroup", "AWS::Redshift::ClusterSubnetGroup", "AWS::Redshift::EventSubscription", "AWS::CloudWatch::Alarm", "AWS::CloudFormation::Stack", "AWS::DynamoDB::Table", "AWS::AutoScaling::AutoScalingGroup", "AWS::AutoScaling::LaunchConfiguration", "AWS::AutoScaling::ScalingPolicy", "AWS::AutoScaling::ScheduledAction"
resp.resource_identifiers[0].resource_id #=> String
resp.resource_identifiers[0].resource_name #=> String
resp.resource_identifiers[0].resource_deletion_time #=> Time
resp.next_token #=> String

Options Hash (options):

  • :resource_type (required, String)

    The type of resources that you want AWS Config to list in the response.

  • :resource_ids (Array<String>)

    The IDs of only those resources that you want AWS Config to list in the response. If you do not specify this parameter, AWS Config lists all resources of the specified type that it has discovered.

  • :resource_name (String)

    The custom name of only those resources that you want AWS Config to list in the response. If you do not specify this parameter, AWS Config lists all resources of the specified type that it has discovered.

  • :limit (Integer)

    The maximum number of resource identifiers returned on each page. The default is 100. You cannot specify a limit greater than 100. If you specify 0, AWS Config uses the default.

  • :include_deleted_resources (Boolean)

    Specifies whether AWS Config includes deleted resources in the results. By default, deleted resources are not included.

  • :next_token (String)

    The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.

Returns:

See Also:

#put_config_rule(options = {}) ⇒ Struct

Adds or updates an AWS Config rule for evaluating whether your AWS resources comply with your desired configurations.

You can use this action for custom Config rules and AWS managed Config rules. A custom Config rule is a rule that you develop and maintain. An AWS managed Config rule is a customizable, predefined rule that AWS Config provides.

If you are adding a new custom Config rule, you must first create the AWS Lambda function that the rule invokes to evaluate your resources. When you use the PutConfigRule action to add the rule to AWS Config, you must specify the Amazon Resource Name (ARN) that AWS Lambda assigns to the function. Specify the ARN for the SourceIdentifier key. This key is part of the Source object, which is part of the ConfigRule object.

If you are adding an AWS managed Config rule, specify the rule's identifier for the SourceIdentifier key. To reference AWS managed Config rule identifiers, see About AWS Managed Config Rules.

For any new rule that you add, specify the ConfigRuleName in the ConfigRule object. Do not specify the ConfigRuleArn or the ConfigRuleId. These values are generated by AWS Config for new rules.

If you are updating a rule that you added previously, you can specify the rule by ConfigRuleName, ConfigRuleId, or ConfigRuleArn in the ConfigRule data type that you use in this request.

The maximum number of rules that AWS Config supports is 50.

For more information about requesting a rule limit increase, see AWS Config Limits in the AWS General Reference Guide.

For more information about developing and using AWS Config rules, see Evaluating AWS Resource Configurations with AWS Config in the AWS Config Developer Guide.

Examples:

Request syntax with placeholder values


resp = client.put_config_rule({
  config_rule: { # required
    config_rule_name: "StringWithCharLimit64",
    config_rule_arn: "String",
    config_rule_id: "String",
    description: "EmptiableStringWithCharLimit256",
    scope: {
      compliance_resource_types: ["StringWithCharLimit256"],
      tag_key: "StringWithCharLimit128",
      tag_value: "StringWithCharLimit256",
      compliance_resource_id: "BaseResourceId",
    },
    source: { # required
      owner: "CUSTOM_LAMBDA", # required, accepts CUSTOM_LAMBDA, AWS
      source_identifier: "StringWithCharLimit256", # required
      source_details: [
        {
          event_source: "aws.config", # accepts aws.config
          message_type: "ConfigurationItemChangeNotification", # accepts ConfigurationItemChangeNotification, ConfigurationSnapshotDeliveryCompleted, ScheduledNotification, OversizedConfigurationItemChangeNotification
          maximum_execution_frequency: "One_Hour", # accepts One_Hour, Three_Hours, Six_Hours, Twelve_Hours, TwentyFour_Hours
        },
      ],
    },
    input_parameters: "StringWithCharLimit1024",
    maximum_execution_frequency: "One_Hour", # accepts One_Hour, Three_Hours, Six_Hours, Twelve_Hours, TwentyFour_Hours
    config_rule_state: "ACTIVE", # accepts ACTIVE, DELETING, DELETING_RESULTS, EVALUATING
  },
})

Options Hash (options):

  • :config_rule (required, Types::ConfigRule)

    The rule that you want to add to your account.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#put_configuration_recorder(options = {}) ⇒ Struct

Creates a new configuration recorder to record the selected resource configurations.

You can use this action to change the role roleARN and/or the recordingGroup of an existing recorder. To change the role, call the action on the existing configuration recorder and specify a role.

Currently, you can specify only one configuration recorder per region in your account.

If ConfigurationRecorder does not have the recordingGroup parameter specified, the default is to record all supported resource types.

Examples:

Request syntax with placeholder values


resp = client.put_configuration_recorder({
  configuration_recorder: { # required
    name: "RecorderName",
    role_arn: "String",
    recording_group: {
      all_supported: false,
      include_global_resource_types: false,
      resource_types: ["AWS::EC2::CustomerGateway"], # accepts AWS::EC2::CustomerGateway, AWS::EC2::EIP, AWS::EC2::Host, AWS::EC2::Instance, AWS::EC2::InternetGateway, AWS::EC2::NetworkAcl, AWS::EC2::NetworkInterface, AWS::EC2::RouteTable, AWS::EC2::SecurityGroup, AWS::EC2::Subnet, AWS::CloudTrail::Trail, AWS::EC2::Volume, AWS::EC2::VPC, AWS::EC2::VPNConnection, AWS::EC2::VPNGateway, AWS::IAM::Group, AWS::IAM::Policy, AWS::IAM::Role, AWS::IAM::User, AWS::ACM::Certificate, AWS::RDS::DBInstance, AWS::RDS::DBSubnetGroup, AWS::RDS::DBSecurityGroup, AWS::RDS::DBSnapshot, AWS::RDS::EventSubscription, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::S3::Bucket, AWS::SSM::ManagedInstanceInventory, AWS::Redshift::Cluster, AWS::Redshift::ClusterSnapshot, AWS::Redshift::ClusterParameterGroup, AWS::Redshift::ClusterSecurityGroup, AWS::Redshift::ClusterSubnetGroup, AWS::Redshift::EventSubscription, AWS::CloudWatch::Alarm, AWS::CloudFormation::Stack, AWS::DynamoDB::Table, AWS::AutoScaling::AutoScalingGroup, AWS::AutoScaling::LaunchConfiguration, AWS::AutoScaling::ScalingPolicy, AWS::AutoScaling::ScheduledAction
    },
  },
})

Options Hash (options):

  • :configuration_recorder (required, Types::ConfigurationRecorder)

    The configuration recorder object that records each configuration change made to the resources.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#put_delivery_channel(options = {}) ⇒ Struct

Creates a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic.

Before you can create a delivery channel, you must create a configuration recorder.

You can use this action to change the Amazon S3 bucket or an Amazon SNS topic of the existing delivery channel. To change the Amazon S3 bucket or an Amazon SNS topic, call this action and specify the changed values for the S3 bucket and the SNS topic. If you specify a different value for either the S3 bucket or the SNS topic, this action will keep the existing value for the parameter that is not changed.

You can have only one delivery channel per region in your account.

Examples:

Request syntax with placeholder values


resp = client.put_delivery_channel({
  delivery_channel: { # required
    name: "ChannelName",
    s3_bucket_name: "String",
    s3_key_prefix: "String",
    sns_topic_arn: "String",
    config_snapshot_delivery_properties: {
      delivery_frequency: "One_Hour", # accepts One_Hour, Three_Hours, Six_Hours, Twelve_Hours, TwentyFour_Hours
    },
  },
})

Options Hash (options):

  • :delivery_channel (required, Types::DeliveryChannel)

    The configuration delivery channel object that delivers the configuration information to an Amazon S3 bucket, and to an Amazon SNS topic.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#put_evaluations(options = {}) ⇒ Types::PutEvaluationsResponse

Used by an AWS Lambda function to deliver evaluation results to AWS Config. This action is required in every AWS Lambda function that is invoked by an AWS Config rule.

Examples:

Request syntax with placeholder values


resp = client.put_evaluations({
  evaluations: [
    {
      compliance_resource_type: "StringWithCharLimit256", # required
      compliance_resource_id: "BaseResourceId", # required
      compliance_type: "COMPLIANT", # required, accepts COMPLIANT, NON_COMPLIANT, NOT_APPLICABLE, INSUFFICIENT_DATA
      annotation: "StringWithCharLimit256",
      ordering_timestamp: Time.now, # required
    },
  ],
  result_token: "String", # required
  test_mode: false,
})

Response structure


resp.failed_evaluations #=> Array
resp.failed_evaluations[0].compliance_resource_type #=> String
resp.failed_evaluations[0].compliance_resource_id #=> String
resp.failed_evaluations[0].compliance_type #=> String, one of "COMPLIANT", "NON_COMPLIANT", "NOT_APPLICABLE", "INSUFFICIENT_DATA"
resp.failed_evaluations[0].annotation #=> String
resp.failed_evaluations[0].ordering_timestamp #=> Time

Options Hash (options):

  • :evaluations (Array<Types::Evaluation>)

    The assessments that the AWS Lambda function performs. Each evaluation identifies an AWS resource and indicates whether it complies with the AWS Config rule that invokes the AWS Lambda function.

  • :result_token (required, String)

    An encrypted token that associates an evaluation with an AWS Config rule. Identifies the rule and the event that triggered the evaluation

  • :test_mode (Boolean)

    Use this parameter to specify a test run for PutEvaluations. You can verify whether your AWS Lambda function will deliver evaluation results to AWS Config. No updates occur to your existing evaluations, and evaluation results are not sent to AWS Config.

    When TestMode is true, PutEvaluations doesn\'t require a valid value for the ResultToken parameter, but the value cannot be null.

Returns:

See Also:

#start_config_rules_evaluation(options = {}) ⇒ Struct

Runs an on-demand evaluation for the specified Config rules against the last known configuration state of the resources. Use StartConfigRulesEvaluation when you want to test a rule that you updated is working as expected. StartConfigRulesEvaluation does not re-record the latest configuration state for your resources; it re-runs an evaluation against the last known state of your resources.

You can specify up to 25 Config rules per request.

An existing StartConfigRulesEvaluation call must complete for the specified rules before you can call the API again. If you chose to have AWS Config stream to an Amazon SNS topic, you will receive a ConfigRuleEvaluationStarted notification when the evaluation starts.

You don't need to call the StartConfigRulesEvaluation API to run an evaluation for a new rule. When you create a new rule, AWS Config automatically evaluates your resources against the rule.

The StartConfigRulesEvaluation API is useful if you want to run on-demand evaluations, such as the following example:

  1. You have a custom rule that evaluates your IAM resources every 24 hours.

  2. You update your Lambda function to add additional conditions to your rule.

  3. Instead of waiting for the next periodic evaluation, you call the StartConfigRulesEvaluation API.

  4. AWS Config invokes your Lambda function and evaluates your IAM resources.

  5. Your custom rule will still run periodic evaluations every 24 hours.

Examples:

Request syntax with placeholder values


resp = client.start_config_rules_evaluation({
  config_rule_names: ["StringWithCharLimit64"],
})

Options Hash (options):

  • :config_rule_names (Array<String>)

    The list of names of Config rules that you want to run evaluations for.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#start_configuration_recorder(options = {}) ⇒ Struct

Starts recording configurations of the AWS resources you have selected to record in your AWS account.

You must have created at least one delivery channel to successfully start the configuration recorder.

Examples:

Request syntax with placeholder values


resp = client.start_configuration_recorder({
  configuration_recorder_name: "RecorderName", # required
})

Options Hash (options):

  • :configuration_recorder_name (required, String)

    The name of the recorder object that records each configuration change made to the resources.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#stop_configuration_recorder(options = {}) ⇒ Struct

Stops recording configurations of the AWS resources you have selected to record in your AWS account.

Examples:

Request syntax with placeholder values


resp = client.stop_configuration_recorder({
  configuration_recorder_name: "RecorderName", # required
})

Options Hash (options):

  • :configuration_recorder_name (required, String)

    The name of the recorder object that records each configuration change made to the resources.

Returns:

  • (Struct)

    Returns an empty response.

See Also:

#wait_until(waiter_name, params = {}) {|waiter| ... } ⇒ Boolean

Waiters polls an API operation until a resource enters a desired state.

Basic Usage

Waiters will poll until they are succesful, they fail by entering a terminal state, or until a maximum number of attempts are made.

# polls in a loop, sleeping between attempts client.waiter_until(waiter_name, params)

Configuration

You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. You configure waiters by passing a block to #wait_until:

# poll for ~25 seconds
client.wait_until(...) do |w|
  w.max_attempts = 5
  w.delay = 5
end

Callbacks

You can be notified before each polling attempt and before each delay. If you throw :success or :failure from these callbacks, it will terminate the waiter.

started_at = Time.now
client.wait_until(...) do |w|

  # disable max attempts
  w.max_attempts = nil

  # poll for 1 hour, instead of a number of attempts
  w.before_wait do |attempts, response|
    throw :failure if Time.now - started_at > 3600
  end

end

Handling Errors

When a waiter is successful, it returns true. When a waiter fails, it raises an error. All errors raised extend from Waiters::Errors::WaiterFailed.

begin
  client.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
  # resource did not enter the desired state in time
end

Parameters:

  • waiter_name (Symbol)

    The name of the waiter. See #waiter_names for a full list of supported waiters.

  • params (Hash) (defaults to: {})

    Additional request parameters. See the #waiter_names for a list of supported waiters and what request they call. The called request determines the list of accepted parameters.

Yield Parameters:

Returns:

  • (Boolean)

    Returns true if the waiter was successful.

Raises:

  • (Errors::FailureStateError)

    Raised when the waiter terminates because the waiter has entered a state that it will not transition out of, preventing success.

  • (Errors::TooManyAttemptsError)

    Raised when the configured maximum number of attempts have been made, and the waiter is not yet successful.

  • (Errors::UnexpectedError)

    Raised when an error is encounted while polling for a resource that is not expected.

  • (Errors::NoSuchWaiterError)

    Raised when you request to wait for an unknown state.

#waiter_namesArray<Symbol>

Returns the list of supported waiters. The following table lists the supported waiters and the client method they call:

Waiter NameClient MethodDefault Delay:Default Max Attempts:

Returns:

  • (Array<Symbol>)

    the list of supported waiters.