GetComplianceSummary - AWS Resource Groups Tagging

GetComplianceSummary

Returns a table that shows counts of resources that are noncompliant with their tag policies.

For more information on tag policies, see Tag Policies in the AWS Organizations User Guide.

You can call this operation only from the organization's management account and from the us-east-1 Region.

This operation supports pagination, where the response can be sent in multiple pages. You should check the PaginationToken response parameter to determine if there are additional results available to return. Repeat the query, passing the PaginationToken response parameter value as an input to the next request until you recieve a null value. A null value for PaginationToken indicates that there are no more results waiting to be returned.

Request Syntax

{ "GroupBy": [ "string" ], "MaxResults": number, "PaginationToken": "string", "RegionFilters": [ "string" ], "ResourceTypeFilters": [ "string" ], "TagKeyFilters": [ "string" ], "TargetIdFilters": [ "string" ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

GroupBy

Specifies a list of attributes to group the counts of noncompliant resources by. If supplied, the counts are sorted by those attributes.

Type: Array of strings

Valid Values: TARGET_ID | REGION | RESOURCE_TYPE

Required: No

MaxResults

Specifies the maximum number of results to be returned in each page. A query can return fewer than this maximum, even if there are more results still to return. You should always check the PaginationToken response value to see if there are more results. You can specify a minimum of 1 and a maximum value of 100.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 1000.

Required: No

PaginationToken

Specifies a PaginationToken response value from a previous request to indicate that you want the next page of results. Leave this parameter empty in your initial request.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Pattern: [\s\S]*

Required: No

RegionFilters

Specifies a list of AWS Regions to limit the output by. If you use this parameter, the count of returned noncompliant resources includes only resources in the specified Regions.

Type: Array of strings

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [\s\S]*

Required: No

ResourceTypeFilters

Specifies that you want the response to include information for only resources of the specified types. The format of each resource type is service[:resourceType]. For example, specifying a resource type of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.

The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN). Consult the AWS General Reference for the following:

You can specify multiple resource types by using a comma separated array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter.

Type: Array of strings

Length Constraints: Minimum length of 0. Maximum length of 256.

Pattern: [\s\S]*

Required: No

TagKeyFilters

Specifies that you want the response to include information for only resources that have tags with the specified tag keys. If you use this parameter, the count of returned noncompliant resources includes only resources that have the specified tag keys.

Type: Array of strings

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\s\S]*

Required: No

TargetIdFilters

Specifies target identifiers (usually, specific account IDs) to limit the output by. If you use this parameter, the count of returned noncompliant resources includes only resources with the specified target IDs.

Type: Array of strings

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Length Constraints: Minimum length of 6. Maximum length of 68.

Pattern: [a-zA-Z0-9-]*

Required: No

Response Syntax

{ "PaginationToken": "string", "SummaryList": [ { "LastUpdated": "string", "NonCompliantResources": number, "Region": "string", "ResourceType": "string", "TargetId": "string", "TargetIdType": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

PaginationToken

A string that indicates that there is more data available than this response contains. To receive the next part of the response, specify this response value as the PaginationToken value in the request for the next page.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Pattern: [\s\S]*

SummaryList

A table that shows counts of noncompliant resources.

Type: Array of Summary objects

Errors

For information about the errors that are common to all actions, see Common Errors.

ConstraintViolationException

The request was denied because performing this operation violates a constraint.

Some of the reasons in the following list might not apply to this specific operation.

  • You must meet the prerequisites for using tag policies. For information, see Prerequisites and Permissions for Using Tag Policies in the AWS Organizations User Guide.

  • You must enable the tag policies service principal (tagpolicies.tag.amazonaws.com) to integrate with AWS Organizations For information, see EnableAWSServiceAccess.

  • You must have a tag policy attached to the organization root, an OU, or an account.

HTTP Status Code: 400

InternalServiceException

The request processing failed because of an unknown error, exception, or failure. You can retry the request.

HTTP Status Code: 500

InvalidParameterException

This error indicates one of the following:

  • A parameter is missing.

  • A malformed string was supplied for the request parameter.

  • An out-of-range value was supplied for the request parameter.

  • The target ID is invalid, unsupported, or doesn't exist.

  • You can't access the Amazon S3 bucket for report storage. For more information, see Additional Requirements for Organization-wide Tag Compliance Reports in the AWS Organizations User Guide.

HTTP Status Code: 400

ThrottledException

The request was denied to limit the frequency of submitted requests.

HTTP Status Code: 400

Examples

Example

This example illustrates one usage of GetComplianceSummary.

Sample Request

HTTP/1.1 Host: tagging.us-east-1.amazonaws.com Accept-Encoding: identity Content-Length: 663 X-Amz-Target: ResourceGroupsTaggingAPI_20170126.GetComplianceSummary X-Amz-Date: 20191201T214524Z User-Agent: aws-cli/1.11.79 Python/2.7.9 Windows/7 botocore/1.5.42 Content-Type: application/x-amz-json-1.1 Authorization: AUTHPARAMS { "GroupBy": [ "TARGET_ID", "REGION", "RESOURCE_TYPE" ] }

Sample Response

HTTP/1.1 200 OK x-amzn-RequestID: d3cf21f0-26db-11e7-a532-75e05382c8b1 Content-Type: application/x-amz-json-1.1 Date: Sun, 1 Dec 2019 21:45:25 GMT { "SummaryList": [ { "LastUpdated":"2019-10-28T21:53:16Z", "NonCompliantResources":1, "Region":"us-east-1", "ResourceType":"ec2:instance", "TargetId":"333333333333", "TargetIdType":"ACCOUNT"}, { "LastUpdated":"2019-10-28T21:53:17Z", "NonCompliantResources":0, "Region":"us-east-1", "ResourceType":"ec2:snapshot", "TargetId":"222222222222", "TargetIdType":"ACCOUNT"}, { "LastUpdated":"2019-10-28T21:53:16Z", "NonCompliantResources":1, "Region":"us-east-1", "ResourceType":"ec2:volume", "TargetId":"111111111111", "TargetIdType":"ACCOUNT"} ] } }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: