Table Of Contents


User Guide

First time using the AWS CLI? See the User Guide for help getting started.

[ aws . configservice ]



Returns the current configuration for one or more requested resources. The operation also returns a list of resources that are not processed in the current request. If there are no unprocessed resources, the operation returns an empty unprocessedResourceKeys list.


  • The API does not return results for deleted resources.
  • The API does not return any tags for the requested resources. This information is filtered out of the supplementaryConfiguration section of the API response.

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.


--resource-keys <value>
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]


--resource-keys (list)

A list of resource keys to be processed with the current request. Each element in the list consists of the resource type and resource ID.

Shorthand Syntax:

resourceType=string,resourceId=string ...

JSON Syntax:

    "resourceType": "AWS::EC2::CustomerGateway"|"AWS::EC2::EIP"|"AWS::EC2::Host"|"AWS::EC2::Instance"|"AWS::EC2::InternetGateway"|"AWS::EC2::NetworkAcl"|"AWS::EC2::NetworkInterface"|"AWS::EC2::RouteTable"|"AWS::EC2::SecurityGroup"|"AWS::EC2::Subnet"|"AWS::CloudTrail::Trail"|"AWS::EC2::Volume"|"AWS::EC2::VPC"|"AWS::EC2::VPNConnection"|"AWS::EC2::VPNGateway"|"AWS::IAM::Group"|"AWS::IAM::Policy"|"AWS::IAM::Role"|"AWS::IAM::User"|"AWS::ACM::Certificate"|"AWS::RDS::DBInstance"|"AWS::RDS::DBSubnetGroup"|"AWS::RDS::DBSecurityGroup"|"AWS::RDS::DBSnapshot"|"AWS::RDS::EventSubscription"|"AWS::ElasticLoadBalancingV2::LoadBalancer"|"AWS::S3::Bucket"|"AWS::SSM::ManagedInstanceInventory"|"AWS::Redshift::Cluster"|"AWS::Redshift::ClusterSnapshot"|"AWS::Redshift::ClusterParameterGroup"|"AWS::Redshift::ClusterSecurityGroup"|"AWS::Redshift::ClusterSubnetGroup"|"AWS::Redshift::EventSubscription"|"AWS::CloudWatch::Alarm"|"AWS::CloudFormation::Stack"|"AWS::DynamoDB::Table"|"AWS::AutoScaling::AutoScalingGroup"|"AWS::AutoScaling::LaunchConfiguration"|"AWS::AutoScaling::ScalingPolicy"|"AWS::AutoScaling::ScheduledAction"|"AWS::CodeBuild::Project"|"AWS::WAF::RateBasedRule"|"AWS::WAF::Rule"|"AWS::WAF::WebACL"|"AWS::WAFRegional::RateBasedRule"|"AWS::WAFRegional::Rule"|"AWS::WAFRegional::WebACL"|"AWS::CloudFront::Distribution"|"AWS::CloudFront::StreamingDistribution"|"AWS::WAF::RuleGroup"|"AWS::WAFRegional::RuleGroup"|"AWS::Lambda::Function"|"AWS::ElasticBeanstalk::Application"|"AWS::ElasticBeanstalk::ApplicationVersion"|"AWS::ElasticBeanstalk::Environment"|"AWS::ElasticLoadBalancing::LoadBalancer"|"AWS::XRay::EncryptionConfig",
    "resourceId": "string"

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.


baseConfigurationItems -> (list)

A list that contains the current configuration of one or more resources.


The detailed configuration of a specified resource.

version -> (string)

The version number of the resource configuration.

accountId -> (string)

The 12 digit AWS account ID associated with the resource.

configurationItemCaptureTime -> (timestamp)

The time when the configuration recording was initiated.

configurationItemStatus -> (string)

The configuration item status.

configurationStateId -> (string)

An identifier that indicates the ordering of the configuration items of a resource.

arn -> (string)

The Amazon Resource Name (ARN) of the resource.

resourceType -> (string)

The type of AWS resource.

resourceId -> (string)

The ID of the resource (for example., sg-xxxxxx).

resourceName -> (string)

The custom name of the resource, if available.

awsRegion -> (string)

The region where the resource resides.

availabilityZone -> (string)

The Availability Zone associated with the resource.

resourceCreationTime -> (timestamp)

The time stamp when the resource was created.

configuration -> (string)

The description of the resource configuration.

supplementaryConfiguration -> (map)

Configuration attributes that AWS Config returns for certain resource types to supplement the information returned for the configuration parameter.

key -> (string)

value -> (string)

unprocessedResourceKeys -> (list)

A list of resource keys that were not processed with the current response. The unprocessesResourceKeys value is in the same form as ResourceKeys, so the value can be directly provided to a subsequent BatchGetResourceConfig operation. If there are no unprocessed resource keys, the response contains an empty unprocessedResourceKeys list.


The details that identify a resource within AWS Config, including the resource type and resource ID.

resourceType -> (string)

The resource type.

resourceId -> (string)

The ID of the resource (for example., sg-xxxxxx).