PutConformancePack - AWS Config
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsSee Also

PutConformancePack

Creates or updates a conformance pack. A conformance pack is a collection of AWS Config rules that can be easily deployed in an account and a region and across an organization. For information on how many conformance packs you can have per account, see Service Limits in the AWS Config Developer Guide.

This API creates a service-linked role AWSServiceRoleForConfigConforms in your account. The service-linked role is created only when the role does not exist in your account.

Note

You must specify only one of the follow parameters: TemplateS3Uri, TemplateBody or TemplateSSMDocumentDetails.

Request Syntax

{
   "ConformancePackInputParameters": [ 
      { 
         "ParameterName": "string",
         "ParameterValue": "string"
      }
   ],
   "ConformancePackName": "string",
   "DeliveryS3Bucket": "string",
   "DeliveryS3KeyPrefix": "string",
   "TemplateBody": "string",
   "TemplateS3Uri": "string",
   "TemplateSSMDocumentDetails": { 
      "DocumentName": "string",
      "DocumentVersion": "string"
   }
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

ConformancePackInputParameters

A list of ConformancePackInputParameter objects.

Type: Array of ConformancePackInputParameter objects

Array Members: Minimum number of 0 items. Maximum number of 60 items.

Required: No

ConformancePackName

The unique name of the conformance pack you want to deploy.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [a-zA-Z][-a-zA-Z0-9]*

Required: Yes

DeliveryS3Bucket

The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.

Note

This field is optional.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 63.

Required: No

DeliveryS3KeyPrefix

The prefix for the Amazon S3 bucket.

Note

This field is optional.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 1024.

Required: No

TemplateBody

A string containing the full conformance pack template body. The structure containing the template body has a minimum length of 1 byte and a maximum length of 51,200 bytes.

Note

You can use a YAML template with two resource types: AWS Config rule (AWS::Config::ConfigRule) and remediation action (AWS::Config::RemediationConfiguration).

Type: String

Length Constraints: Minimum length of 1. Maximum length of 51200.

Required: No

TemplateS3Uri

The location of the file containing the template body (s3://bucketname/prefix). The uri must point to a conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket in the same Region as the conformance pack.

Note

You must have access to read Amazon S3 bucket. In addition, in order to ensure a successful deployment, the template object must not be in an archived storage class if this parameter is passed.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: s3://.*

Required: No

TemplateSSMDocumentDetails

An object of type TemplateSSMDocumentDetails, which contains the name or the Amazon Resource Name (ARN) of the AWS Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.

Type: TemplateSSMDocumentDetails object

Required: No

Response Syntax

{
   "ConformancePackArn": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ConformancePackArn

ARN of the conformance pack.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Errors

For information about the errors that are common to all actions, see Common Errors.

ConformancePackTemplateValidationException

You have specified a template that is not valid or supported.

HTTP Status Code: 400

InsufficientPermissionsException

Indicates one of the following errors:

  • For PutConfigRule, the rule cannot be created because the IAM role assigned to AWS Config lacks permissions to perform the config:Put* action.

  • For PutConfigRule, the AWS Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.

  • For PutOrganizationConfigRule, organization AWS Config rule cannot be created because you do not have permissions to call IAM GetRole action or create a service-linked role.

  • For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because you do not have the following permissions:

    • You do not have permission to call IAM GetRole action or create a service-linked role.

    • You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.

HTTP Status Code: 400

InvalidParameterValueException

One or more of the specified parameters are not valid. Verify that your parameters are valid and try again.

HTTP Status Code: 400

MaxNumberOfConformancePacksExceededException

You have reached the limit of the number of conformance packs you can create in an account. For more information, see Service Limits in the AWS Config Developer Guide.

HTTP Status Code: 400

ResourceInUseException

You see this exception in the following cases:

  • For DeleteConfigRule, AWS Config is deleting this rule. Try your request again later.

  • For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.

  • For DeleteConfigRule, a remediation action is associated with the rule and AWS Config cannot delete this rule. Delete the remediation action associated with the rule before deleting the rule and try your request again later.

  • For PutConfigOrganizationRule, organization AWS Config rule deletion is in progress. Try your request again later.

  • For DeleteOrganizationConfigRule, organization AWS Config rule creation is in progress. Try your request again later.

  • For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and deletion is in progress. Try your request again later.

  • For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your request again later.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: