PutRemediationConfigurations - AWS Config

PutRemediationConfigurations

Adds or updates the remediation configuration with a specific AWS Config rule with the selected target or action. The API creates the RemediationConfiguration object for the AWS Config rule. The AWS Config rule must already exist for you to add a remediation configuration. The target (SSM document) must exist and have permissions to use the target.

Note

If you make backward incompatible changes to the SSM document, you must call this again to ensure the remediations can run.

This API does not support adding remediation configurations for service-linked AWS Config Rules such as Organization Config rules, the rules deployed by conformance packs, and rules deployed by AWS Security Hub.

Request Syntax

{ "RemediationConfigurations": [ { "Arn": "string", "Automatic": boolean, "ConfigRuleName": "string", "CreatedByService": "string", "ExecutionControls": { "SsmControls": { "ConcurrentExecutionRatePercentage": number, "ErrorPercentage": number } }, "MaximumAutomaticAttempts": number, "Parameters": { "string" : { "ResourceValue": { "Value": "string" }, "StaticValue": { "Values": [ "string" ] } } }, "ResourceType": "string", "RetryAttemptSeconds": number, "TargetId": "string", "TargetType": "string", "TargetVersion": "string" } ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

RemediationConfigurations

A list of remediation configuration objects.

Type: Array of RemediationConfiguration objects

Array Members: Minimum number of 0 items. Maximum number of 25 items.

Required: Yes

Response Syntax

{ "FailedBatches": [ { "FailedItems": [ { "Arn": "string", "Automatic": boolean, "ConfigRuleName": "string", "CreatedByService": "string", "ExecutionControls": { "SsmControls": { "ConcurrentExecutionRatePercentage": number, "ErrorPercentage": number } }, "MaximumAutomaticAttempts": number, "Parameters": { "string" : { "ResourceValue": { "Value": "string" }, "StaticValue": { "Values": [ "string" ] } } }, "ResourceType": "string", "RetryAttemptSeconds": number, "TargetId": "string", "TargetType": "string", "TargetVersion": "string" } ], "FailureMessage": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

FailedBatches

Returns a list of failed remediation batch objects.

Type: Array of FailedRemediationBatch objects

Errors

For information about the errors that are common to all actions, see Common Errors.

InsufficientPermissionsException

Indicates one of the following errors:

  • For PutConfigRule, the rule cannot be created because the IAM role assigned to AWS Config lacks permissions to perform the config:Put* action.

  • For PutConfigRule, the AWS Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.

  • For PutOrganizationConfigRule, organization config rule cannot be created because you do not have permissions to call IAM GetRole action or create a service linked role.

  • For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because you do not have permissions:

    • To call IAM GetRole action or create a service linked role.

    • To read Amazon S3 bucket.

HTTP Status Code: 400

InvalidParameterValueException

One or more of the specified parameters are invalid. Verify that your parameters are valid and try again.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: