PutConformancePack

Creates or updates a conformance pack. A conformance pack is a collection of AWS Config rules that can be easily deployed in an account and a region and across AWS Organization.

This API creates a service linked role AWSServiceRoleForConfigConforms in your account. The service linked role is created only when the role does not exist in your account.

Note

You must specify either the TemplateS3Uri or the TemplateBody parameter, but not both. If you provide both AWS Config uses the TemplateS3Uri parameter and ignores the TemplateBody parameter.

Request Syntax

{
   "ConformancePackInputParameters": [ 
      { 
         "ParameterName": "string",
         "ParameterValue": "string"
      }
   ],
   "ConformancePackName": "string",
   "DeliveryS3Bucket": "string",
   "DeliveryS3KeyPrefix": "string",
   "TemplateBody": "string",
   "TemplateS3Uri": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

ConformancePackInputParameters

A list of ConformancePackInputParameter objects.

Type: Array of ConformancePackInputParameter objects

Array Members: Minimum number of 0 items. Maximum number of 60 items.

Required: No

ConformancePackName

Name of the conformance pack you want to create.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [a-zA-Z][-a-zA-Z0-9]*

Required: Yes

DeliveryS3Bucket

The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.

Note

This field is optional.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 63.

Required: No

DeliveryS3KeyPrefix

The prefix for the Amazon S3 bucket.

Note

This field is optional.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 1024.

Required: No

TemplateBody

A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Note

You can only use a YAML template with two resource types: AWS Config rule (AWS::Config::ConfigRule) and a remediation action (AWS::Config::RemediationConfiguration).

Type: String

Length Constraints: Minimum length of 1. Maximum length of 51200.

Required: No

TemplateS3Uri

Location of file containing the template body (s3://bucketname/prefix). The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket in the same region as the conformance pack.

Note

You must have access to read Amazon S3 bucket.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: s3://.*

Required: No

Response Syntax

{
   "ConformancePackArn": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ConformancePackArn

ARN of the conformance pack.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Errors

For information about the errors that are common to all actions, see Common Errors.

ConformancePackTemplateValidationException

You have specified a template that is not valid or supported.

HTTP Status Code: 400

InsufficientPermissionsException

Indicates one of the following errors:

• For PutConfigRule, the rule cannot be created because the IAM role assigned to AWS Config lacks permissions to perform the config:Put* action.

• For PutConfigRule, the AWS Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.

• For PutOrganizationConfigRule, organization AWS Config rule cannot be created because you do not have permissions to call IAM GetRole action or create a service linked role.

• For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because you do not have permissions:

  • To call IAM GetRole action or create a service linked role.

  • To read Amazon S3 bucket.

HTTP Status Code: 400

InvalidParameterValueException

One or more of the specified parameters are invalid. Verify that your parameters are valid and try again.

HTTP Status Code: 400

MaxNumberOfConformancePacksExceededException

You have reached the limit (6) of the number of conformance packs in an account (6 conformance pack with 25 AWS Config rules per pack).

HTTP Status Code: 400

ResourceInUseException

You see this exception in the following cases:

• For DeleteConfigRule, AWS Config is deleting this rule. Try your request again later.

• For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.

• For DeleteConfigRule, a remediation action is associated with the rule and AWS Config cannot delete this rule. Delete the remediation action associated with the rule before deleting the rule and try your request again later.

• For PutConfigOrganizationRule, organization AWS Config rule deletion is in progress. Try your request again later.

• For DeleteOrganizationConfigRule, organization AWS Config rule creation is in progress. Try your request again later.

• For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and deletion is in progress. Try your request again later.

• For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your request again later.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3