DeleteOrganizationConfigRule - AWS Config

DeleteOrganizationConfigRule

Deletes the specified organization AWS Config rule and all of its evaluation results from all member accounts in that organization.

Only a management account and a delegated administrator account can delete an organization AWS Config rule. When calling this API with a delegated administrator, you must ensure AWS Organizations ListDelegatedAdministrator permissions are added.

AWS Config sets the state of a rule to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a rule while it is in this state.

Request Syntax

{ "OrganizationConfigRuleName": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

OrganizationConfigRuleName

The name of organization AWS Config rule that you want to delete.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: .*\S.*

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

NoSuchOrganizationConfigRuleException

The AWS Config rule in the request is not valid. Verify that the rule is an organization AWS Config Process Check rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.

HTTP Status Code: 400

OrganizationAccessDeniedException

For PutConfigurationAggregator API, you can see this exception for the following reasons:

  • No permission to call EnableAWSServiceAccess API

  • The configuration aggregator cannot be updated because your AWS Organization management account or the delegated administrator role changed. Delete this aggregator and create a new one with the current AWS Organization.

  • The configuration aggregator is associated with a previous AWS Organization and AWS Config cannot aggregate data with current AWS Organization. Delete this aggregator and create a new one with the current AWS Organization.

  • You are not a registered delegated administrator for AWS Config with permissions to call ListDelegatedAdministrators API. Ensure that the management account registers delagated administrator for AWS Config service principle name before the delegated administrator creates an aggregator.

For all OrganizationConfigRule and OrganizationConformancePack APIs, AWS Config throws an exception if APIs are called from member accounts. All APIs must be called from organization management account.

HTTP Status Code: 400

ResourceInUseException

You see this exception in the following cases:

  • For DeleteConfigRule, AWS Config is deleting this rule. Try your request again later.

  • For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.

  • For DeleteConfigRule, a remediation action is associated with the rule and AWS Config cannot delete this rule. Delete the remediation action associated with the rule before deleting the rule and try your request again later.

  • For PutConfigOrganizationRule, organization AWS Config rule deletion is in progress. Try your request again later.

  • For DeleteOrganizationConfigRule, organization AWS Config rule creation is in progress. Try your request again later.

  • For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and deletion is in progress. Try your request again later.

  • For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your request again later.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: