쿠키 기본 설정 선택

당사는 사이트와 서비스를 제공하는 데 필요한 필수 쿠키 및 유사한 도구를 사용합니다. 고객이 사이트를 어떻게 사용하는지 파악하고 개선할 수 있도록 성능 쿠키를 사용해 익명의 통계를 수집합니다. 필수 쿠키는 비활성화할 수 없지만 '사용자 지정' 또는 ‘거부’를 클릭하여 성능 쿠키를 거부할 수 있습니다.

사용자가 동의하는 경우 AWS와 승인된 제3자도 쿠키를 사용하여 유용한 사이트 기능을 제공하고, 사용자의 기본 설정을 기억하고, 관련 광고를 비롯한 관련 콘텐츠를 표시합니다. 필수가 아닌 모든 쿠키를 수락하거나 거부하려면 ‘수락’ 또는 ‘거부’를 클릭하세요. 더 자세한 내용을 선택하려면 ‘사용자 정의’를 클릭하세요.

PutRemediationConfigurations - AWS Config
이 페이지는 귀하의 언어로 번역되지 않았습니다. 번역 요청

PutRemediationConfigurations

Adds or updates the remediation configuration with a specific AWS Config rule with the selected target or action. The API creates the RemediationConfiguration object for the AWS Config rule. The AWS Config rule must already exist for you to add a remediation configuration. The target (SSM document) must exist and have permissions to use the target.

Note

Be aware of backward incompatible changes

If you make backward incompatible changes to the SSM document, you must call this again to ensure the remediations can run.

This API does not support adding remediation configurations for service-linked AWS Config Rules such as Organization AWS Config rules, the rules deployed by conformance packs, and rules deployed by AWS Security Hub.

Note

Required fields

For manual remediation configuration, you need to provide a value for automationAssumeRole or use a value in the assumeRolefield to remediate your resources. The SSM automation document can use either as long as it maps to a valid parameter.

However, for automatic remediation configuration, the only valid assumeRole field value is AutomationAssumeRole and you need to provide a value for AutomationAssumeRole to remediate your resources.

Note

Auto remediation can be initiated even for compliant resources

If you enable auto remediation for a specific AWS Config rule using the PutRemediationConfigurations API or the AWS Config console, it initiates the remediation process for all non-compliant resources for that specific rule. The auto remediation process relies on the compliance data snapshot which is captured on a periodic basis. Any non-compliant resource that is updated between the snapshot schedule will continue to be remediated based on the last known compliance data snapshot.

This means that in some cases auto remediation can be initiated even for compliant resources, since the bootstrap processor uses a database that can have stale evaluation results based on the last known compliance data snapshot.

Request Syntax

{ "RemediationConfigurations": [ { "Arn": "string", "Automatic": boolean, "ConfigRuleName": "string", "CreatedByService": "string", "ExecutionControls": { "SsmControls": { "ConcurrentExecutionRatePercentage": number, "ErrorPercentage": number } }, "MaximumAutomaticAttempts": number, "Parameters": { "string" : { "ResourceValue": { "Value": "string" }, "StaticValue": { "Values": [ "string" ] } } }, "ResourceType": "string", "RetryAttemptSeconds": number, "TargetId": "string", "TargetType": "string", "TargetVersion": "string" } ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

RemediationConfigurations

A list of remediation configuration objects.

Type: Array of RemediationConfiguration objects

Array Members: Minimum number of 0 items. Maximum number of 25 items.

Required: Yes

Response Syntax

{ "FailedBatches": [ { "FailedItems": [ { "Arn": "string", "Automatic": boolean, "ConfigRuleName": "string", "CreatedByService": "string", "ExecutionControls": { "SsmControls": { "ConcurrentExecutionRatePercentage": number, "ErrorPercentage": number } }, "MaximumAutomaticAttempts": number, "Parameters": { "string" : { "ResourceValue": { "Value": "string" }, "StaticValue": { "Values": [ "string" ] } } }, "ResourceType": "string", "RetryAttemptSeconds": number, "TargetId": "string", "TargetType": "string", "TargetVersion": "string" } ], "FailureMessage": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

FailedBatches

Returns a list of failed remediation batch objects.

Type: Array of FailedRemediationBatch objects

Errors

For information about the errors that are common to all actions, see Common Errors.

InsufficientPermissionsException

Indicates one of the following errors:

  • For PutConfigRule, the rule cannot be created because the IAM role assigned to AWS Config lacks permissions to perform the config:Put* action.

  • For PutConfigRule, the AWS Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.

  • For PutOrganizationConfigRule, organization AWS Config rule cannot be created because you do not have permissions to call IAM GetRole action or create a service-linked role.

  • For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because you do not have the following permissions:

    • You do not have permission to call IAM GetRole action or create a service-linked role.

    • You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.

  • For PutServiceLinkedConfigurationRecorder, a service-linked configuration recorder cannot be created because you do not have the following permissions: IAM CreateServiceLinkedRole.

HTTP Status Code: 400

InvalidParameterValueException

One or more of the specified parameters are not valid. Verify that your parameters are valid and try again.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

프라이버시사이트 이용 약관쿠키 기본 설정
© 2025, Amazon Web Services, Inc. 또는 계열사. All rights reserved.