PutConfigRule
Adds or updates an AWS Config rule for evaluating whether your AWS resources comply with your desired configurations.
You can use this action for custom AWS Config rules and AWS managed Config rules. A custom AWS Config rule is a rule that you develop and maintain. An AWS managed Config rule is a customizable, predefined rule that AWS Config provides.
If you are adding a new custom AWS Config rule, you must first
create the AWS Lambda function that the rule invokes to evaluate
your resources. When you use the PutConfigRule action
to add the rule to AWS Config, you must specify the Amazon Resource
Name (ARN) that AWS Lambda assigns to the function. Specify the ARN
for the SourceIdentifier key. This key is part of the
Source object, which is part of the
ConfigRule object.
If you are adding an AWS managed Config rule, specify the
rule's identifier for the SourceIdentifier key. To
reference AWS managed Config rule identifiers, see About AWS Managed Config Rules.
For any new rule that you add, specify the
ConfigRuleName in the ConfigRule
object. Do not specify the ConfigRuleArn or the
ConfigRuleId. These values are generated by AWS
Config for new rules.
If you are updating a rule that you added previously, you can
specify the rule by ConfigRuleName,
ConfigRuleId, or ConfigRuleArn in the
ConfigRule data type that you use in this
request.
The maximum number of rules that AWS Config supports is 150.
For information about requesting a rule limit increase, see AWS Config Limits in the AWS General Reference Guide.
For more information about developing and using AWS Config rules, see Evaluating AWS Resource Configurations with AWS Config in the AWS Config Developer Guide.
Request Syntax
{ "ConfigRule": { "ConfigRuleArn": "string", "ConfigRuleId": "string", "ConfigRuleName": "string", "ConfigRuleState": "string", "CreatedBy": "string", "Description": "string", "InputParameters": "string", "MaximumExecutionFrequency": "string", "Scope": { "ComplianceResourceId": "string", "ComplianceResourceTypes": [ "string" ], "TagKey": "string", "TagValue": "string" }, "Source": { "Owner": "string", "SourceDetails": [ { "EventSource": "string", "MaximumExecutionFrequency": "string", "MessageType": "string" } ], "SourceIdentifier": "string" } } }
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- ConfigRule
-
The rule that you want to add to your account.
Type: ConfigRule object
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors.
- InsufficientPermissionsException
-
Indicates one of the following errors:
-
The rule cannot be created because the IAM role assigned to AWS Config lacks permissions to perform the config:Put* action.
-
The AWS Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.
HTTP Status Code: 400
-
- InvalidParameterValueException
-
One or more of the specified parameters are invalid. Verify that your parameters are valid and try again.
HTTP Status Code: 400
- MaxNumberOfConfigRulesExceededException
-
Failed to add the AWS Config rule because the account already contains the maximum number of 150 rules. Consider deleting any deactivated rules before you add new rules.
HTTP Status Code: 400
- NoAvailableConfigurationRecorderException
-
There are no configuration recorders available to provide the role needed to describe your resources. Create a configuration recorder.
HTTP Status Code: 400
- ResourceInUseException
-
The rule is currently being deleted or the rule is deleting your evaluation results. Try your request again later.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
