PutConformancePack
Creates or updates a conformance pack. A conformance pack is a collection of AWS Config rules that can be easily deployed in an account and a region and across AWS Organization.
This API creates a service linked role AWSServiceRoleForConfigConforms
in your account.
The service linked role is created only when the role does not exist in your account.
You must specify either the TemplateS3Uri
or the TemplateBody
parameter, but not both.
If you provide both AWS Config uses the TemplateS3Uri
parameter and ignores the TemplateBody
parameter.
Request Syntax
{
"ConformancePackInputParameters": [
{
"ParameterName": "string
",
"ParameterValue": "string
"
}
],
"ConformancePackName": "string
",
"DeliveryS3Bucket": "string
",
"DeliveryS3KeyPrefix": "string
",
"TemplateBody": "string
",
"TemplateS3Uri": "string
"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- ConformancePackInputParameters
-
A list of
ConformancePackInputParameter
objects.Type: Array of ConformancePackInputParameter objects
Array Members: Minimum number of 0 items. Maximum number of 60 items.
Required: No
- ConformancePackName
-
Name of the conformance pack you want to create.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern:
[a-zA-Z][-a-zA-Z0-9]*
Required: Yes
- DeliveryS3Bucket
-
Amazon S3 bucket where AWS Config stores conformance pack templates.
Note This field is optional.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 63.
Required: No
- DeliveryS3KeyPrefix
-
The prefix for the Amazon S3 bucket.
Note This field is optional.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 1024.
Required: No
- TemplateBody
-
A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
Note You can only use a YAML template with one resource type, that is, config rule and a remediation action.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 51200.
Required: No
- TemplateS3Uri
-
Location of file containing the template body (
s3://bucketname/prefix
). The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket in the same region as the conformance pack.Note You must have access to read Amazon S3 bucket.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern:
s3://.*
Required: No
Response Syntax
{
"ConformancePackArn": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- ConformancePackArn
-
ARN of the conformance pack.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Errors
For information about the errors that are common to all actions, see Common Errors.
- ConformancePackTemplateValidationException
-
You have specified a template that is not valid or supported.
HTTP Status Code: 400
- InsufficientPermissionsException
-
Indicates one of the following errors:
-
For PutConfigRule, the rule cannot be created because the IAM role assigned to AWS Config lacks permissions to perform the config:Put* action.
-
For PutConfigRule, the AWS Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.
-
For PutOrganizationConfigRule, organization config rule cannot be created because you do not have permissions to call IAM
GetRole
action or create a service linked role. -
For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because you do not have permissions:
-
To call IAM
GetRole
action or create a service linked role. -
To read Amazon S3 bucket.
-
HTTP Status Code: 400
-
- InvalidParameterValueException
-
One or more of the specified parameters are invalid. Verify that your parameters are valid and try again.
HTTP Status Code: 400
- MaxNumberOfConformancePacksExceededException
-
You have reached the limit (6) of the number of conformance packs in an account (6 conformance pack with 25 AWS Config rules per pack).
HTTP Status Code: 400
- ResourceInUseException
-
You see this exception in the following cases:
-
For DeleteConfigRule, AWS Config is deleting this rule. Try your request again later.
-
For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.
-
For DeleteConfigRule, a remediation action is associated with the rule and AWS Config cannot delete this rule. Delete the remediation action associated with the rule before deleting the rule and try your request again later.
-
For PutConfigOrganizationRule, organization config rule deletion is in progress. Try your request again later.
-
For DeleteOrganizationConfigRule, organization config rule creation is in progress. Try your request again later.
-
For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and deletion is in progress. Try your request again later.
-
For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your request again later.
HTTP Status Code: 400
-
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: