AWS Config
API Reference (API Version 2014-11-12)

StartRemediationExecution

Runs an on-demand remediation for the specified AWS Config rules against the last known remediation configuration. It runs an execution against the current state of your resources. Remediation execution is asynchronous.

You can specify up to 100 resource keys per request. An existing StartRemediationExecution call for the specified resource keys must complete before you can call the API again.

Request Syntax

{ "ConfigRuleName": "string", "ResourceKeys": [ { "resourceId": "string", "resourceType": "string" } ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

ConfigRuleName

The list of names of AWS Config rules that you want to run remediation execution for.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Required: Yes

ResourceKeys

A list of resource keys to be processed with the current request. Each element in the list consists of the resource type and resource ID.

Type: Array of ResourceKey objects

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Required: Yes

Response Syntax

{ "FailedItems": [ { "resourceId": "string", "resourceType": "string" } ], "FailureMessage": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

FailedItems

For resources that have failed to start execution, the API returns a resource key object.

Type: Array of ResourceKey objects

Array Members: Minimum number of 1 item. Maximum number of 100 items.

FailureMessage

Returns a failure message. For example, the resource is already compliant.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

InsufficientPermissionsException

Indicates one of the following errors:

  • The rule cannot be created because the IAM role assigned to AWS Config lacks permissions to perform the config:Put* action.

  • The AWS Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.

HTTP Status Code: 400

NoSuchRemediationConfigurationException

You specified an AWS Config rule without a remediation configuration.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: