AWS Config
API Reference (API Version 2014-11-12)


Runs an on-demand remediation for the specified AWS Config rules against the last known remediation configuration. It runs an execution against the current state of your resources. Remediation execution is asynchronous.

You can specify up to 100 resource keys per request. An existing StartRemediationExecution call for the specified resource keys must complete before you can call the API again.

Request Syntax

{ "ConfigRuleName": "string", "ResourceKeys": [ { "resourceId": "string", "resourceType": "string" } ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


The list of names of AWS Config rules that you want to run remediation execution for.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: .*\S.*

Required: Yes


A list of resource keys to be processed with the current request. Each element in the list consists of the resource type and resource ID.

Type: Array of ResourceKey objects

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Required: Yes

Response Syntax

{ "FailedItems": [ { "resourceId": "string", "resourceType": "string" } ], "FailureMessage": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


For resources that have failed to start execution, the API returns a resource key object.

Type: Array of ResourceKey objects

Array Members: Minimum number of 1 item. Maximum number of 100 items.


Returns a failure message. For example, the resource is already compliant.

Type: String


For information about the errors that are common to all actions, see Common Errors.


Indicates one of the following errors:

  • For PutConfigRule, the rule cannot be created because the IAM role assigned to AWS Config lacks permissions to perform the config:Put* action.

  • For PutConfigRule, the AWS Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.

  • For OrganizationConfigRule, organization config rule cannot be created because you do not have permissions to call IAM GetRole action or create service linked role.

HTTP Status Code: 400


One or more of the specified parameters are invalid. Verify that your parameters are valid and try again.

HTTP Status Code: 400


You specified an AWS Config rule without a remediation configuration.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: