Table Of Contents

Feedback

User Guide

First time using the AWS CLI? See the User Guide for help getting started.

[ aws . configservice ]

describe-aggregate-compliance-by-config-rules

Description

Returns a list of compliant and noncompliant rules with the number of resources for compliant and noncompliant rules.

Note

The results can return an empty result page, but if you have a nextToken, the results are displayed on the next page.

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.

Synopsis

  describe-aggregate-compliance-by-config-rules
--configuration-aggregator-name <value>
[--filters <value>]
[--limit <value>]
[--next-token <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

Options

--configuration-aggregator-name (string)

The name of the configuration aggregator.

--filters (structure)

Filters the results by ConfigRuleComplianceFilters object.

Shorthand Syntax:

ConfigRuleName=string,ComplianceType=string,AccountId=string,AwsRegion=string

JSON Syntax:

{
  "ConfigRuleName": "string",
  "ComplianceType": "COMPLIANT"|"NON_COMPLIANT"|"NOT_APPLICABLE"|"INSUFFICIENT_DATA",
  "AccountId": "string",
  "AwsRegion": "string"
}

--limit (integer)

The maximum number of evaluation results returned on each page. The default is maximum. If you specify 0, AWS Config uses the default.

--next-token (string)

The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.

Output

AggregateComplianceByConfigRules -> (list)

Returns a list of AggregateComplianceByConfigRule object.

(structure)

Indicates whether an AWS Config rule is compliant based on account ID, region, compliance, and rule name.

A rule is compliant if all of the resources that the rule evaluated comply with it. It is noncompliant if any of these resources do not comply.

ConfigRuleName -> (string)

The name of the AWS Config rule.

Compliance -> (structure)

Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.

ComplianceType -> (string)

Indicates whether an AWS resource or AWS Config rule is compliant.

A resource is compliant if it complies with all of the AWS Config rules that evaluate it. A resource is noncompliant if it does not comply with one or more of these rules.

A rule is compliant if all of the resources that the rule evaluates comply with it. A rule is noncompliant if any of these resources do not comply.

AWS Config returns the INSUFFICIENT_DATA value when no evaluation results are available for the AWS resource or AWS Config rule.

For the Compliance data type, AWS Config supports only COMPLIANT , NON_COMPLIANT , and INSUFFICIENT_DATA values. AWS Config does not support the NOT_APPLICABLE value for the Compliance data type.

ComplianceContributorCount -> (structure)

The number of AWS resources or AWS Config rules that cause a result of NON_COMPLIANT , up to a maximum number.

CappedCount -> (integer)

The number of AWS resources or AWS Config rules responsible for the current compliance of the item.

CapExceeded -> (boolean)

Indicates whether the maximum count is reached.

AccountId -> (string)

The 12-digit account ID of the source account.

AwsRegion -> (string)

The source region from where the data is aggregated.

NextToken -> (string)

The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.