Smaws_Client_ConfigServiceConfig Service client library built on EIO.
val service : Smaws_Lib.Service.descriptorThe requested action is not valid.
For PutStoredQuery, you will see this exception if there are missing required fields or if the input value fails the validation, or if you are trying to create more than 300 queries.
For GetStoredQuery, ListStoredQuery, and DeleteStoredQuery you will see this exception if there are missing required fields or if the input value fails the validation.
type untag_resource_request = {tag_keys : string list;The keys of the tags to be removed.
*)resource_arn : string;The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the supported resources are ConfigRule, ConfigurationAggregator and AggregatorAuthorization.
}You have specified a resource that does not exist.
type resource_type = | SSMDocument| Route53ResolverFirewallRuleGroup| RedshiftEndpointAccess| RDSOptionGroup| QuickSightTheme| QuickSightTemplate| QuickSightDataSource| M2Environment| KMSAlias| ImageBuilderImageRecipe| GroundStationDataflowEndpointGroup| GrafanaWorkspace| EC2NetworkInsightsAnalysis| EC2NetworkInsightsAccessScope| CognitoUserPoolGroup| CognitoUserPoolClient| CognitoUserPool| AppStreamFleet| ResourceExplorer2Index| NetworkManagerConnectPeer| LambdaCodeSigningConfig| KafkaConnectConnector| IoTTwinMakerSyncJob| IoTCACertificate| IAMInstanceProfile| ECSCapacityProvider| EC2TransitGatewayMulticastDomain| EC2TransitGatewayConnect| EC2IPAMPool| EC2CarrierGateway| ConnectQuickConnect| ConnectInstance| AppMeshMesh| AppMeshGatewayRoute| ACMPCACertificateAuthorityActivation| BatchSchedulingPolicy| Route53ResolverResolverQueryLoggingConfig| CodeGuruProfilerProfilingGroup| APSRuleGroupsNamespace| MediaConnectFlowSource| TransferCertificate| ServiceDiscoveryInstance| Route53ResolverResolverQueryLoggingConfigAssociation| InspectorV2Filter| IoTProvisioningTemplate| IoTWirelessFuotaTask| IoTJobTemplate| AppStreamStack| MSKBatchScramSecret| SageMakerFeatureGroup| CodeBuildReportGroup| IoTTwinMakerComponentType| PersonalizeDatasetGroup| IoTWirelessMulticastGroup| NetworkManagerLinkAssociation| NetworkManagerCustomerGatewayAssociation| S3AccessPoint| PinpointEmailChannel| LogsDestination| KinesisVideoStream| KendraIndex| EC2ClientVpnEndpoint| EC2CapacityReservation| DMSEndpoint| CustomerProfilesObjectType| AppRunnerService| AppMeshVirtualRouter| AppMeshVirtualGateway| AppConfigHostedConfigurationVersion| ACMPCACertificateAuthority| ResilienceHubApp| PinpointEventStream| PinpointEmailTemplate| PersonalizeSolution| PersonalizeSchema| PersonalizeDataset| MSKConfiguration| MediaTailorPlaybackConfiguration| MediaConnectFlowVpcInterface| MediaConnectFlowEntitlement| GroundStationMissionProfile| GreengrassV2ComponentVersion| ForecastDatasetGroup| EvidentlyLaunch| EC2IPAMScope| AthenaPreparedStatement| AppMeshRoute| AppIntegrationsEventIntegration| AmplifyBranch| KinesisFirehoseDeliveryStream| TransferConnector| TransferAgreement| SageMakerDomain| PinpointInAppTemplate| PinpointCampaign| IAMServerCertificate| IAMSAMLProvider| ForecastDataset| EvidentlyProject| EC2SpotFleet| EC2PrefixList| CodeArtifactRepository| AppStreamApplication| AppRunnerVpcConnector| AppMeshVirtualService| AppMeshVirtualNode| AmplifyApp| SignerSigningProfile| CassandraKeyspace| ECSTaskSet| SageMakerImage| SageMakerAppImageConfig| Route53ResolverFirewallRuleGroupAssociation| RedshiftScheduledAction| PinpointApp| PanoramaPackage| NetworkManagerSite| NetworkManagerLink| NetworkManagerGlobalNetwork| NetworkManagerDevice| IoTWirelessServiceProfile| IoTFleetMetric| ImageBuilderImagePipeline| GroundStationConfig| ECRPullThroughCacheRule| EC2SubnetRouteTableAssociation| EC2EC2Fleet| DeviceFarmProject| DeviceFarmInstanceProfile| CloudWatchMetricStream| AuditManagerAssessment| AppFlowFlow| AppConfigDeploymentStrategy| ConnectPhoneNumber| AutoScalingWarmPool| CustomerProfilesDomain| NetworkManagerTransitGatewayRegistration| IoTTwinMakerScene| EC2IPAM| EC2TrafficMirrorFilter| EC2NetworkInsightsPath| EC2DHCPOptions| EventsRule| PinpointApplicationSettings| PinpointSegment| HealthLakeFHIRDatastore| RoboMakerRobotApplication| RoboMakerSimulationApplication| Route53RecoveryReadinessResourceSet| Route53RecoveryControlRoutingControl| Route53RecoveryControlControlPanel| Route53RecoveryControlSafetyRule| Route53RecoveryControlCluster| LookoutVisionProject| AppStreamDirectoryConfig| KinesisVideoSignalingChannel| MediaPackagePackagingConfiguration| EventSchemasSchema| EventsConnection| IoTScheduledAudit| S3StorageLens| EC2TrafficMirrorTarget| IoTAccountAuditConfiguration| LookoutMetricsAlert| LexBotAlias| IoTSiteWiseGateway| EC2TrafficMirrorSession| RoboMakerRobotApplicationVersion| Route53ResolverFirewallDomainList| IoTCustomMetric| CodeGuruReviewerRepositoryAssociation| LexBot| BudgetsBudgetsAction| DeviceFarmTestGridProject| S3MultiRegionAccessPoint| RDSGlobalCluster| KinesisAnalyticsV2Application| IVSPlaybackKeyPair| IVSRecordingConfiguration| IVSChannel| IoTSiteWiseAssetModel| IoTSiteWisePortal| IoTSiteWiseProject| IoTSiteWiseDashboard| IoTAnalyticsChannel| IoTAnalyticsPipeline| IoTAnalyticsDataset| IoTTwinMakerEntity| IoTTwinMakerWorkspace| IoTMitigationAction| IoTPolicy| GlueMLTransform| EKSAddon| EKSIdentityProviderConfig| TransferWorkflow| ResilienceHubResiliencyPolicy| Route53RecoveryReadinessRecoveryGroup| MediaPackagePackagingGroup| LightsailStaticIp| LightsailBucket| IoTAnalyticsDatastore| IoTDimension| IoTRoleAlias| IoTSecurityProfile| IoTAuthorizer| FraudDetectorOutcome| FraudDetectorVariable| FraudDetectorEntityType| FraudDetectorLabel| EventSchemasDiscoverer| EventSchemasRegistryPolicy| EventSchemasRegistry| Cloud9EnvironmentEC2| AppConfigConfigurationProfile| AppConfigEnvironment| AmazonMQBroker| SESTemplate| GuardDutyFilter| SESReceiptFilter| DataSyncLocationFSxWindows| FISExperimentTemplate| LightsailDisk| EventsApiDestination| EventsArchive| SESReceiptRuleSet| EventsEndpoint| RUMAppMonitor| LightsailCertificate| BackupReportPlan| ECRRegistryPolicy| Route53RecoveryReadinessReadinessCheck| Route53RecoveryReadinessCell| GlueClassifier| DataSyncLocationHDFS| DataSyncLocationObjectStorage| ImageBuilderInfrastructureConfiguration| ImageBuilderDistributionConfiguration| ImageBuilderContainerRecipe| EventsEventBus| ServiceDiscoveryHttpNamespace| IoTEventsAlarmModel| IoTEventsDetectorModel| IoTEventsInput| Route53HostedZone| SESConfigurationSet| SESContactList| ServiceDiscoveryPublicDnsNamespace| ServiceDiscoveryService| SageMakerNotebookInstanceLifecycleConfig| SageMakerWorkteam| GuardDutyIPSet| GuardDutyThreatIntelSet| GlueJob| EKSFargateProfile| NetworkInsightsAccessScopeAnalysis| DataSyncLocationNFS| DataSyncTask| DataSyncLocationEFS| DataSyncLocationS3| DataSyncLocationFSxLustre| DataSyncLocationSMB| AppSyncGraphQLApi| AppConfigApplication| DMSCertificate| TransitGatewayRouteTable| TransitGatewayAttachment| GlobalAcceleratorListener| GlobalAcceleratorEndpointGroup| GlobalAcceleratorAccelerator| DetectiveGraph| AthenaDataCatalog| AthenaWorkGroup| AccessAnalyzerAnalyzer| BatchComputeEnvironment| BatchJobQueue| StepFunctionsStateMachine| ListenerV2| SageMakerModel| WorkSpacesConnectionAlias| WorkSpacesWorkspace| StepFunctionsActivity| MSKCluster| DMSEventSubscription| DMSReplicationSubnetGroup| Route53ResolverResolverRuleAssociation| Route53ResolverResolverRule| Route53ResolverResolverEndpoint| SageMakerCodeRepository| EMRSecurityConfiguration| GuardDutyDetector| ECRPublicRepository| LaunchTemplate| CodeDeployDeploymentGroup| CodeDeployDeploymentConfig| CodeDeployApplication| KinesisStreamConsumer| KinesisStream| TransitGateway| OpenSearchDomain| EKSCluster| EFSFileSystem| EFSAccessPoint| ECSTaskDefinition| ECSService| ECSCluster| ECRRepository| BackupRecoveryPoint| BackupVault| BackupSelection| BackupPlan| FileData| Topic| Secret| QLDBLedger| Key| Queue| Portfolio| CloudFormationProduct| CloudFormationProvisionedProduct| Pipeline| Api| StageV2| RestApi| Stage| ResourceCompliance| ConformancePackCompliance| RegionalProtection| Protection| PatchCompliance| AssociationCompliance| EncryptionConfig| ManagedRuleSetV2| RegexPatternSetV2| IPSetV2| RuleGroupV2| WebACLV2| Environment| ApplicationVersion| Application| NetworkFirewallRuleGroup| NetworkFirewallFirewallPolicy| NetworkFirewallFirewall| Function| StreamingDistribution| Distribution| RegionalWebACL| RegionalRuleGroup| RegionalRule| RegionalRateBasedRule| WebACL| RuleGroup| Rule| RateBasedRule| Project| Table| ScheduledAction| ScalingPolicy| LaunchConfiguration| AutoScalingGroup| LoadBalancer| Stack| Alarm| ManagedInstanceInventory| RedshiftEventSubscription| ClusterSubnetGroup| ClusterSecurityGroup| ClusterParameterGroup| ClusterSnapshot| Cluster| AccountPublicAccessBlock| Bucket| EventSubscription| DBClusterSnapshot| DBCluster| DBSnapshot| DBSecurityGroup| DBSubnetGroup| DBInstance| Certificate| LoadBalancerV2| User| Role| Policy| Group| Domain| VPCPeeringConnection| FlowLog| VPCEndpointService| VPCEndpoint| EgressOnlyInternetGateway| NatGateway| RegisteredHAInstance| VPNGateway| VPNConnection| VPC| Volume| Trail| Subnet| SecurityGroup| RouteTable| NetworkInterface| NetworkAcl| InternetGateway| Instance| Host| EIP| CustomerGatewaytype aggregate_resource_identifier = {resource_name : string option;The name of the Amazon Web Services resource.
*)resource_type : resource_type;The type of the Amazon Web Services resource.
*)resource_id : string;The ID of the Amazon Web Services resource.
*)source_region : string;The source region where data is aggregated.
*)source_account_id : string;The 12-digit account ID of the source account.
*)}The details that identify a resource that is collected by Config aggregator, including the resource type, ID, (if available) the custom resource name, the source account, and source region.
You have reached the limit of the number of tags you can use. For more information, see Service Limits in the Config Developer Guide.
type time_window = {end_time : float option;The end time of an execution. The end time must be after the start date.
*)start_time : float option;The start time of an execution.
*)}Filters evaluation results based on start and end times.
type template_ssm_document_details = {document_version : string option;The version of the SSM document to use to create a conformance pack. By default, Config uses the latest version.
This field is optional.
*)document_name : string;The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack. If you use the document name, Config checks only your account and Amazon Web Services Region for the SSM document.
*)}This API allows you to create a conformance pack template with an Amazon Web Services Systems Manager document (SSM document). To deploy a conformance pack using an SSM document, first create an SSM document with conformance pack content, and then provide the DocumentName in the PutConformancePack API. You can also provide the DocumentVersion.
The TemplateSSMDocumentDetails object contains the name of the SSM document and the version of the SSM document.
type tag = {value : string option;The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
*)key : string option;One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
*)}The tags for the resource. The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
type stored_query_metadata = {description : string option;A unique description for the query.
*)query_name : string;The name of the query.
*)query_arn : string;Amazon Resource Name (ARN) of the query. For example, arn:partition:service:region:account-id:resource-type/resource-name/resource-id.
*)query_id : string;The ID of the query.
*)}Returns details of a specific query.
type stored_query = {expression : string option;The expression of the query. For example, SELECT
resourceId,
resourceType,
supplementaryConfiguration.BucketVersioningConfiguration.status
WHERE
resourceType = 'AWS::S3::Bucket'
AND supplementaryConfiguration.BucketVersioningConfiguration.status = 'Off'.
description : string option;A unique description for the query.
*)query_name : string;The name of the query.
*)query_arn : string option;Amazon Resource Name (ARN) of the query. For example, arn:partition:service:region:account-id:resource-type/resource-name/resource-id.
*)query_id : string option;The ID of the query.
*)}Provides the details of a stored query.
type stop_configuration_recorder_request = {configuration_recorder_name : string;The name of the recorder object that records each configuration change made to the resources.
*)}The input for the StopConfigurationRecorder action.
You have specified a configuration recorder that does not exist.
type status_detail_filters = {member_account_rule_status : member_account_rule_status option;Indicates deployment status for Config rule in the member account. When management account calls PutOrganizationConfigRule action for the first time, Config rule status is created in the member account. When management account calls PutOrganizationConfigRule action for the second time, Config rule status is updated in the member account. Config rule status is deleted when the management account deletes OrganizationConfigRule and disables service access for config-multiaccountsetup.amazonaws.com.
Config sets the state of the rule to:
CREATE_SUCCESSFUL when Config rule has been created in the member account.CREATE_IN_PROGRESS when Config rule is being created in the member account.CREATE_FAILED when Config rule creation has failed in the member account.DELETE_FAILED when Config rule deletion has failed in the member account.DELETE_IN_PROGRESS when Config rule is being deleted in the member account.DELETE_SUCCESSFUL when Config rule has been deleted in the member account.UPDATE_SUCCESSFUL when Config rule has been updated in the member account.UPDATE_IN_PROGRESS when Config rule is being updated in the member account.UPDATE_FAILED when Config rule deletion has failed in the member account.account_id : string option;The 12-digit account ID of the member account within an organization.
*)}Status filter object to filter results based on specific member account ID or status type for an organization Config rule.
type resource_details = {resource_configuration_schema_type : resource_configuration_schema_type option;The schema type of the resource configuration.
You can find the Resource type schema, or CFN_RESOURCE_SCHEMA, in "Amazon Web Services public extensions" within the CloudFormation registry or with the following CLI commmand: aws cloudformation describe-type --type-name "AWS::S3::Bucket" --type RESOURCE.
For more information, see Managing extensions through the CloudFormation registry and Amazon Web Services resource and property types reference in the CloudFormation User Guide.
*)resource_configuration : string;The resource definition to be evaluated as per the resource configuration schema type.
*)resource_type : string;The type of resource being evaluated.
*)resource_id : string;A unique resource ID for an evaluation.
*)}Returns information about the resource being evaluated.
type evaluation_context = {evaluation_context_identifier : string option;A unique EvaluationContextIdentifier ID for an EvaluationContext.
*)}Use EvaluationContext to group independently initiated proactive resource evaluations. For example, CFN Stack. If you want to check just a resource definition, you do not need to provide evaluation context.
type start_resource_evaluation_request = {client_token : string option;A client token is a unique, case-sensitive string of up to 64 ASCII characters. To make an idempotent API request using one of these actions, specify a client token in the request.
Avoid reusing the same client token for other API requests. If you retry a request that completed successfully using the same client token and the same parameters, the retry succeeds without performing any further actions. If you retry a successful request using the same client token, but one or more of the parameters are different, other than the Region or Availability Zone, the retry fails with an IdempotentParameterMismatch error.
*)evaluation_timeout : int option;The timeout for an evaluation. The default is 900 seconds. You cannot specify a number greater than 3600. If you specify 0, Config uses the default.
*)evaluation_mode : evaluation_mode;The mode of an evaluation. The valid values for this API are DETECTIVE and PROACTIVE.
evaluation_context : evaluation_context option;Returns an EvaluationContext object.
resource_details : resource_details;Returns a ResourceDetails object.
}One or more of the specified parameters are not valid. Verify that your parameters are valid and try again.
Using the same client token with one or more different parameters. Specify a new client token with the parameter changes and try again.
type resource_key = {resource_id : string;The ID of the resource (for example., sg-xxxxxx).
*)resource_type : resource_type;The resource type.
*)}The details that identify a resource within Config, including the resource type and resource ID.
type start_remediation_execution_response = {failed_items : resource_key list option;For resources that have failed to start execution, the API returns a resource key object.
*)failure_message : string option;Returns a failure message. For example, the resource is already compliant.
*)}type start_remediation_execution_request = {resource_keys : resource_key list;A list of resource keys to be processed with the current request. Each element in the list consists of the resource type and resource ID.
*)config_rule_name : string;The list of names of Config rules that you want to run remediation execution for.
*)}You specified an Config rule without a remediation configuration.
Indicates one of the following errors:
GetRole action or create a service-linked role.For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because you do not have the following permissions:
GetRole action or create a service-linked role.type start_configuration_recorder_request = {configuration_recorder_name : string;The name of the recorder object that records each configuration change made to the resources.
*)}The input for the StartConfigurationRecorder action.
There is no delivery channel available to record configurations.
The output when you start the evaluation for the specified Config rule.
You see this exception in the following cases:
The Config rule in the request is not valid. Verify that the rule is an Config Process Check rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
For StartConfigRulesEvaluation API, this exception is thrown if an evaluation is in progress or if you call the StartConfigRulesEvaluation API more than once per minute.
For PutConfigurationAggregator API, this exception is thrown if the number of accounts and aggregators exceeds the limit.
The specified next token is not valid. Specify the nextToken string that was returned in the previous response to get the next page of results.
The specified limit is outside the allowable range.
The syntax of the query is incorrect.
Details about the fields such as name of the field.
Details about the query.
type select_resource_config_response = {next_token : string option;The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
query_info : query_info option;Returns the QueryInfo object.
results : string list option;Returns the results for the SQL query.
*)}type select_resource_config_request = {next_token : string option;The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
limit : int option;The maximum number of query results returned on each page.
*)expression : string;The SQL query SELECT command.
}You have specified a configuration aggregator that does not exist.
type select_aggregate_resource_config_response = {next_token : string option;The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
*)query_info : query_info option;results : string list option;Returns the results for the SQL query.
*)}type select_aggregate_resource_config_request = {next_token : string option;The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
*)max_results : int option;The maximum number of query results returned on each page. Config also allows the Limit request parameter.
*)limit : int option;The maximum number of query results returned on each page.
*)configuration_aggregator_name : string;The name of the configuration aggregator.
*)expression : string;The SQL query SELECT command.
*)}Two users are trying to modify the same query at the same time. Wait for a moment and try again.
type put_stored_query_request = {stored_query : stored_query;A list of StoredQuery objects. The mandatory fields are QueryName and Expression.
When you are creating a query, you must provide a query name and an expression. When you are updating a query, you must provide a query name but updating the description is optional.
*)}Failed to add the retention configuration because a retention configuration with that name already exists.
type retention_configuration = {retention_period_in_days : int;Number of days Config stores your historical information.
Currently, only applicable to the configuration item history.
*)name : string;The name of the retention configuration object.
*)}An object with the name of the retention configuration and the retention period in days. The object stores the configuration for data retention in Config.
type put_retention_configuration_response = {retention_configuration : retention_configuration option;Returns a retention configuration object.
*)}You have reached the limit of active custom resource types in your account. There is a limit of 100,000. Delete unused resources using DeleteResourceConfig .
type put_resource_config_request = {configuration : string;The configuration object of the resource in valid JSON format. It must match the schema registered with CloudFormation.
The configuration JSON must not exceed 64 KB.
*)resource_name : string option;Name of the resource.
*)resource_id : string;Unique identifier of the resource.
*)schema_version_id : string;Version of the schema registered for the ResourceType in CloudFormation.
*)resource_type : string;The type of the resource. The custom resource type must be registered with CloudFormation.
You cannot use the organization names “amzn”, “amazon”, “alexa”, “custom” with custom resource types. It is the first part of the ResourceType up to the first ::.
*)}type remediation_exception = {expiration_time : float option;The time when the remediation exception will be deleted.
*)message : string option;An explanation of an remediation exception.
*)resource_id : string;The ID of the resource (for example., sg-xxxxxx).
*)resource_type : string;The type of a resource.
*)config_rule_name : string;The name of the Config rule.
*)}An object that represents the details about the remediation exception. The details include the rule name, an explanation of an exception, the time when the exception will be deleted, the resource ID, and resource type.
type failed_remediation_exception_batch = {failed_items : remediation_exception list option;Returns remediation exception resource key object of the failed items.
*)failure_message : string option;Returns a failure message. For example, the auto-remediation has failed.
*)}List of each of the failed remediation exceptions with specific reasons.
type put_remediation_exceptions_response = {failed_batches : failed_remediation_exception_batch list option;Returns a list of failed remediation exceptions batch objects. Each object in the batch consists of a list of failed items and failure messages.
*)}type remediation_exception_resource_key = {resource_id : string option;The ID of the resource (for example., sg-xxxxxx).
*)resource_type : string option;The type of a resource.
*)}The details that identify a resource within Config, including the resource type and resource ID.
type put_remediation_exceptions_request = {expiration_time : float option;The exception is automatically deleted after the expiration date.
*)message : string option;The message contains an explanation of the exception.
*)resource_keys : remediation_exception_resource_key list;An exception list of resource exception keys to be processed with the current request. Config adds exception for each resource key. For example, Config adds 3 exceptions for 3 resource keys.
*)config_rule_name : string;The name of the Config rule for which you want to create remediation exception.
*)}The dynamic value of the resource.
type remediation_parameter_value = {static_value : static_value option;The value is static and does not change at run-time.
*)resource_value : resource_value option;The value is dynamic and changes at run-time.
*)}The value is either a dynamic (resource) value or a static value. You must select either a dynamic value or a static value.
type ssm_controls = {error_percentage : int option;The percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. You can specify a percentage of errors, for example 10%. If you do not specifiy a percentage, the default is 50%. For example, if you set the ErrorPercentage to 40% for 10 non-compliant resources, then SSM stops running the automations when the fifth error is received.
*)concurrent_execution_rate_percentage : int option;The maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. You can specify a percentage, such as 10%. The default value is 10.
*)}Amazon Web Services Systems Manager (SSM) specific remediation controls.
The controls that Config uses for executing remediations.
type remediation_configuration = {created_by_service : string option;Name of the service that owns the service-linked rule, if applicable.
*)arn : string option;Amazon Resource Name (ARN) of remediation configuration.
*)retry_attempt_seconds : int option;Time window to determine whether or not to add a remediation exception to prevent infinite remediation attempts. If MaximumAutomaticAttempts remediation attempts have been made under RetryAttemptSeconds, a remediation exception will be added to the resource. If you do not select a number, the default is 60 seconds.
For example, if you specify RetryAttemptSeconds as 50 seconds and MaximumAutomaticAttempts as 5, Config will run auto-remediations 5 times within 50 seconds before adding a remediation exception to the resource.
maximum_automatic_attempts : int option;The maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
For example, if you specify MaximumAutomaticAttempts as 5 with RetryAttemptSeconds as 50 seconds, Config will put a RemediationException on your behalf for the failing resource after the 5th failed attempt within 50 seconds.
*)execution_controls : execution_controls option;An ExecutionControls object.
*)automatic : bool option;The remediation is triggered automatically.
*)resource_type : string option;The type of a resource.
*)parameters : (string * remediation_parameter_value) list option;An object of the RemediationParameterValue.
*)target_version : string option;Version of the target. For example, version of the SSM document.
If you make backward incompatible changes to the SSM document, you must call PutRemediationConfiguration API again to ensure the remediations can run.
*)target_id : string;Target ID is the name of the SSM document.
*)target_type : remediation_target_type;The type of the target. Target executes remediation. For example, SSM document.
*)config_rule_name : string;The name of the Config rule.
*)}An object that represents the details about the remediation configuration that includes the remediation action, parameters, and data to execute the action.
type failed_remediation_batch = {failed_items : remediation_configuration list option;Returns remediation configurations of the failed items.
*)failure_message : string option;Returns a failure message. For example, the resource is already compliant.
*)}List of each of the failed remediations with specific reasons.
type put_remediation_configurations_response = {failed_batches : failed_remediation_batch list option;Returns a list of failed remediation batch objects.
*)}type put_remediation_configurations_request = {remediation_configurations : remediation_configuration list;A list of remediation configuration objects.
*)}You have specified a template that is not valid or supported.
Config resource cannot be created because your organization does not have all features enabled.
For PutConfigurationAggregator API, you can see this exception for the following reasons:
EnableAWSServiceAccess APIListDelegatedAdministrators API. Ensure that the management account registers delagated administrator for Config service principle name before the delegated administrator creates an aggregator.For all OrganizationConfigRule and OrganizationConformancePack APIs, Config throws an exception if APIs are called from member accounts. All APIs must be called from organization management account.
You have reached the limit of the number of organization conformance packs you can create in an account. For more information, see Service Limits in the Config Developer Guide.
type conformance_pack_input_parameter = {parameter_value : string;Another part of the key-value pair.
*)parameter_name : string;One part of a key-value pair.
*)}Input parameters in the form of key-value pairs for the conformance pack, both of which you define. Keys can have a maximum character length of 255 characters, and values can have a maximum length of 4096 characters.
type put_organization_conformance_pack_request = {excluded_accounts : string list option;A list of Amazon Web Services accounts to be excluded from an organization conformance pack while deploying a conformance pack.
*)conformance_pack_input_parameters : conformance_pack_input_parameter list
option;A list of ConformancePackInputParameter objects.
delivery_s3_key_prefix : string option;The prefix for the Amazon S3 bucket.
This field is optional.
*)delivery_s3_bucket : string option;The name of the Amazon S3 bucket where Config stores conformance pack templates.
This field is optional. If used, it must be prefixed with awsconfigconforms.
template_body : string option;A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
*)template_s3_uri : string option;Location of file containing the template body. The uri must point to the conformance pack template (max size: 300 KB).
You must have access to read Amazon S3 bucket. In addition, in order to ensure a successful deployment, the template object must not be in an archived storage class if this parameter is passed.
*)organization_conformance_pack_name : string;Name of the organization conformance pack you want to create.
*)}You have reached the limit of the number of organization Config rules you can create. For more information, see see Service Limits in the Config Developer Guide.
type organization_managed_rule_metadata = {tag_value_scope : string option;The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
*)tag_key_scope : string option;One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
*)resource_id_scope : string option;The ID of the Amazon Web Services resource that was evaluated.
*)resource_types_scope : string list option;The type of the Amazon Web Services resource that was evaluated.
*)maximum_execution_frequency : maximum_execution_frequency option;The maximum frequency with which Config runs evaluations for a rule. This is for an Config managed rule that is triggered at a periodic frequency.
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.
input_parameters : string option;A string, in JSON format, that is passed to your organization Config rule Lambda function.
*)rule_identifier : string;For organization config managed rules, a predefined identifier from a list. For example, IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see Using Config managed rules.
description : string option;The description that you provide for your organization Config rule.
*)}An object that specifies organization managed rule metadata such as resource type and ID of Amazon Web Services resource along with the rule identifier. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
type organization_custom_rule_metadata = {tag_value_scope : string option;The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
*)tag_key_scope : string option;One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
*)resource_id_scope : string option;The ID of the Amazon Web Services resource that was evaluated.
*)resource_types_scope : string list option;The type of the Amazon Web Services resource that was evaluated.
*)maximum_execution_frequency : maximum_execution_frequency option;The maximum frequency with which Config runs evaluations for a rule. Your custom rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.
input_parameters : string option;A string, in JSON format, that is passed to your organization Config rule Lambda function.
*)organization_config_rule_trigger_types : organization_config_rule_trigger_type
list;The type of notification that triggers Config to run an evaluation for a rule. You can specify the following notification types:
ConfigurationItemChangeNotification - Triggers an evaluation when Config delivers a configuration item as a result of a resource change.OversizedConfigurationItemChangeNotification - Triggers an evaluation when Config delivers an oversized configuration item. Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.ScheduledNotification - Triggers a periodic evaluation at the frequency specified for MaximumExecutionFrequency.lambda_function_arn : string;The lambda function ARN.
*)description : string option;The description that you provide for your organization Config rule.
*)}An object that specifies organization custom rule metadata such as resource type, resource ID of Amazon Web Services resource, Lambda function ARN, and organization trigger types that trigger Config to evaluate your Amazon Web Services resources against a rule. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
type organization_custom_policy_rule_metadata = {debug_log_delivery_accounts : string list option;A list of accounts that you can enable debug logging for your organization Config Custom Policy rule. List is null when debug logging is enabled for all accounts.
*)policy_text : string;The policy definition containing the logic for your organization Config Custom Policy rule.
*)policy_runtime : string;The runtime system for your organization Config Custom Policy rules. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
*)tag_value_scope : string option;The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
*)tag_key_scope : string option;One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
*)resource_id_scope : string option;The ID of the Amazon Web Services resource that was evaluated.
*)resource_types_scope : string list option;The type of the Amazon Web Services resource that was evaluated.
*)maximum_execution_frequency : maximum_execution_frequency option;The maximum frequency with which Config runs evaluations for a rule. Your Config Custom Policy rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
input_parameters : string option;A string, in JSON format, that is passed to your organization Config Custom Policy rule.
*)organization_config_rule_trigger_types : organization_config_rule_trigger_type_no_s_n
list
option;The type of notification that initiates Config to run an evaluation for a rule. For Config Custom Policy rules, Config supports change-initiated notification types:
ConfigurationItemChangeNotification - Initiates an evaluation when Config delivers a configuration item as a result of a resource change.OversizedConfigurationItemChangeNotification - Initiates an evaluation when Config delivers an oversized configuration item. Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.description : string option;The description that you provide for your organization Config Custom Policy rule.
*)}An object that specifies metadata for your organization's Config Custom Policy rule. The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that initiate Config to evaluate Amazon Web Services resources against a rule.
type put_organization_config_rule_request = {organization_custom_policy_rule_metadata : organization_custom_policy_rule_metadata
option;An OrganizationCustomPolicyRuleMetadata object. This object specifies metadata for your organization's Config Custom Policy rule. The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that initiate Config to evaluate Amazon Web Services resources against a rule.
excluded_accounts : string list option;A comma-separated list of accounts that you want to exclude from an organization Config rule.
*)organization_custom_rule_metadata : organization_custom_rule_metadata option;An OrganizationCustomRuleMetadata object. This object specifies organization custom rule metadata such as resource type, resource ID of Amazon Web Services resource, Lambda function ARN, and organization trigger types that trigger Config to evaluate your Amazon Web Services resources against a rule. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
organization_managed_rule_metadata : organization_managed_rule_metadata option;An OrganizationManagedRuleMetadata object. This object specifies organization managed rule metadata such as resource type and ID of Amazon Web Services resource along with the rule identifier. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
organization_config_rule_name : string;The name that you assign to an organization Config rule.
*)}type external_evaluation = {ordering_timestamp : float;The time when the compliance was recorded.
*)annotation : string option;Supplementary information about the reason of compliance. For example, this task was completed on a specific date.
*)compliance_type : compliance_type;The compliance of the Amazon Web Services resource. The valid values are COMPLIANT, NON_COMPLIANT, and NOT_APPLICABLE.
compliance_resource_id : string;The evaluated compliance resource ID. Config accepts only Amazon Web Services account ID.
*)compliance_resource_type : string;The evaluated compliance resource type. Config accepts AWS::::Account resource type.
}Identifies an Amazon Web Services resource and indicates whether it complies with the Config rule that it was evaluated against.
type put_external_evaluation_request = {external_evaluation : external_evaluation;An ExternalEvaluation object that provides details about compliance.
config_rule_name : string;The name of the Config rule.
*)}The specified ResultToken is not valid.
type evaluation = {ordering_timestamp : float;The time of the event in Config that triggered the evaluation. For event-based evaluations, the time indicates when Config created the configuration item that triggered the evaluation. For periodic evaluations, the time indicates when Config triggered the evaluation at the frequency that you specified (for example, every 24 hours).
*)annotation : string option;Supplementary information about how the evaluation determined the compliance.
*)compliance_type : compliance_type;Indicates whether the Amazon Web Services resource complies with the Config rule that it was evaluated against.
For the Evaluation data type, Config supports only the COMPLIANT, NON_COMPLIANT, and NOT_APPLICABLE values. Config does not support the INSUFFICIENT_DATA value for this data type.
Similarly, Config does not accept INSUFFICIENT_DATA as the value for ComplianceType from a PutEvaluations request. For example, an Lambda function for a custom Config rule cannot pass an INSUFFICIENT_DATA value to Config.
compliance_resource_id : string;The ID of the Amazon Web Services resource that was evaluated.
*)compliance_resource_type : string;The type of Amazon Web Services resource that was evaluated.
*)}Identifies an Amazon Web Services resource and indicates whether it complies with the Config rule that it was evaluated against.
type put_evaluations_response = {failed_evaluations : evaluation list option;Requests that failed because of a client or server error.
*)}type put_evaluations_request = {test_mode : bool option;Use this parameter to specify a test run for PutEvaluations. You can verify whether your Lambda function will deliver evaluation results to Config. No updates occur to your existing evaluations, and evaluation results are not sent to Config.
When TestMode is true, PutEvaluations doesn't require a valid value for the ResultToken parameter, but the value cannot be null.
result_token : string;An encrypted token that associates an evaluation with an Config rule. Identifies the rule and the event that triggered the evaluation.
*)evaluations : evaluation list option;The assessments that the Lambda function performs. Each evaluation identifies an Amazon Web Services resource and indicates whether it complies with the Config rule that invokes the Lambda function.
*)}The specified Amazon S3 bucket does not exist.
There are no configuration recorders available to provide the role needed to describe your resources. Create a configuration recorder.
You have reached the limit of the number of delivery channels you can create.
The specified Amazon SNS topic does not exist.
The specified Amazon KMS Key ARN is not valid.
The specified Amazon S3 key prefix is not valid.
Your Amazon S3 bucket policy does not permit Config to write to it.
type config_snapshot_delivery_properties = {delivery_frequency : maximum_execution_frequency option;The frequency with which Config delivers configuration snapshots.
*)}Provides options for how often Config delivers configuration snapshots to the Amazon S3 bucket in your delivery channel.
The frequency for a rule that triggers evaluations for your resources when Config delivers the configuration snapshot is set by one of two values, depending on which is less frequent:
deliveryFrequency parameter within the delivery channel configuration, which sets how often Config delivers configuration snapshots. This value also sets how often Config invokes evaluations for Config rules.MaximumExecutionFrequency parameter, which sets the maximum frequency with which Config invokes evaluations for the rule. For more information, see ConfigRule.If the deliveryFrequency value is less frequent than the MaximumExecutionFrequency value for a rule, Config invokes the rule only as often as the deliveryFrequency value.
MaximumExecutionFrequency value for Six_Hours.deliveryFrequency value for TwentyFour_Hours.deliveryFrequency is less frequent than MaximumExecutionFrequency, Config invokes evaluations for the rule every 24 hours.You should set the MaximumExecutionFrequency value to be at least as frequent as the deliveryFrequency value. You can view the deliveryFrequency value by using the DescribeDeliveryChannnels action.
To update the deliveryFrequency with which Config delivers your configuration snapshots, use the PutDeliveryChannel action.
type delivery_channel = {config_snapshot_delivery_properties : config_snapshot_delivery_properties
option;The options for how often Config delivers configuration snapshots to the Amazon S3 bucket.
*)sns_topic_ar_n : string option;The Amazon Resource Name (ARN) of the Amazon SNS topic to which Config sends notifications about configuration changes.
If you choose a topic from another account, the topic must have policies that grant access permissions to Config. For more information, see Permissions for the Amazon SNS Topic in the Config Developer Guide.
*)s3_kms_key_arn : string option;The Amazon Resource Name (ARN) of the Key Management Service (KMS ) KMS key (KMS key) used to encrypt objects delivered by Config. Must belong to the same Region as the destination S3 bucket.
*)s3_key_prefix : string option;The prefix for the specified Amazon S3 bucket.
*)s3_bucket_name : string option;The name of the Amazon S3 bucket to which Config delivers configuration snapshots and configuration history files.
If you specify a bucket that belongs to another Amazon Web Services account, that bucket must have policies that grant access permissions to Config. For more information, see Permissions for the Amazon S3 Bucket in the Config Developer Guide.
*)name : string option;The name of the delivery channel. By default, Config assigns the name "default" when creating the delivery channel. To change the delivery channel name, you must use the DeleteDeliveryChannel action to delete your current delivery channel, and then you must use the PutDeliveryChannel command to create a delivery channel that has the desired name.
*)}The channel through which Config delivers notifications and updated configuration states.
type put_delivery_channel_request = {delivery_channel : delivery_channel;The configuration delivery channel object that delivers the configuration information to an Amazon S3 bucket and to an Amazon SNS topic.
*)}The input for the PutDeliveryChannel action.
You have reached the limit of the number of conformance packs you can create in an account. For more information, see Service Limits in the Config Developer Guide.
You have specified a template that is not valid or supported.
type put_conformance_pack_request = {template_ssm_document_details : template_ssm_document_details option;An object of type TemplateSSMDocumentDetails, which contains the name or the Amazon Resource Name (ARN) of the Amazon Web Services Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.
conformance_pack_input_parameters : conformance_pack_input_parameter list
option;A list of ConformancePackInputParameter objects.
delivery_s3_key_prefix : string option;The prefix for the Amazon S3 bucket.
This field is optional.
*)delivery_s3_bucket : string option;The name of the Amazon S3 bucket where Config stores conformance pack templates.
This field is optional.
*)template_body : string option;A string containing the full conformance pack template body. The structure containing the template body has a minimum length of 1 byte and a maximum length of 51,200 bytes.
You can use a YAML template with two resource types: Config rule (AWS::Config::ConfigRule) and remediation action (AWS::Config::RemediationConfiguration).
template_s3_uri : string option;The location of the file containing the template body (s3://bucketname/prefix). The uri must point to a conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket in the same Region as the conformance pack.
You must have access to read Amazon S3 bucket. In addition, in order to ensure a successful deployment, the template object must not be in an archived storage class if this parameter is passed.
*)conformance_pack_name : string;The unique name of the conformance pack you want to deploy.
*)}You have reached the limit of the number of configuration recorders you can create.
You have provided a null or empty Amazon Resource Name (ARN) for the IAM role assumed by Config and used by the configuration recorder.
Indicates one of the following errors:
You have provided a combination of parameter values that is not valid. For example:
allSupported field of RecordingGroup to true, but providing a non-empty list for the resourceTypesfield of RecordingGroup.allSupported field of RecordingGroup to true, but also setting the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES.You have provided a name for the configuration recorder that is not valid.
type exclusion_by_resource_types = {resource_types : resource_type list option;A comma-separated list of resource types to exclude from recording by the configuration recorder.
*)}Specifies whether the configuration recorder excludes certain resource types from being recorded. Use the resourceTypes field to enter a comma-separated list of resource types you want to exclude from recording.
By default, when Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, Config starts recording resources of that type automatically.
How to use the exclusion recording strategy
To use this option, you must set the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES.
Config will then record configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded.
Global resource types and the exclusion recording strategy
Unless specifically listed as exclusions, AWS::RDS::GlobalCluster will be recorded automatically in all supported Config Regions were the configuration recorder is enabled.
IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:
type recording_strategy = {use_only : recording_strategy_type option;The recording strategy for the configuration recorder.
ALL_SUPPORTED_RESOURCE_TYPES, Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the allSupported field of RecordingGroup to true. When Config adds support for a new resource type, Config automatically starts recording resources of that type. For a list of supported resource types, see Supported Resource Types in the Config developer guide.INCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for only the resource types that you specify in the resourceTypes field of RecordingGroup.EXCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded in the resourceTypes field of ExclusionByResourceTypes.Required and optional fields
The recordingStrategy field is optional when you set the allSupported field of RecordingGroup to true.
The recordingStrategy field is optional when you list resource types in the resourceTypes field of RecordingGroup.
The recordingStrategy field is required if you list resource types to exclude from recording in the resourceTypes field of ExclusionByResourceTypes.
Overriding fields
If you choose EXCLUSION_BY_RESOURCE_TYPES for the recording strategy, the exclusionByResourceTypes field will override other properties in the request.
For example, even if you set includeGlobalResourceTypes to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the resourceTypes field of exclusionByResourceTypes.
Global resource types and the exclusion recording strategy
By default, if you choose the EXCLUSION_BY_RESOURCE_TYPES recording strategy, when Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, Config starts recording resources of that type automatically.
Unless specifically listed as exclusions, AWS::RDS::GlobalCluster will be recorded automatically in all supported Config Regions were the configuration recorder is enabled.
IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:
}Specifies the recording strategy of the configuration recorder.
type recording_group = {recording_strategy : recording_strategy option;An object that specifies the recording strategy for the configuration recorder.
useOnly field of RecordingStrategy to ALL_SUPPORTED_RESOURCE_TYPES, Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the allSupported field of RecordingGroup to true. When Config adds support for a new resource type, Config automatically starts recording resources of that type.useOnly field of RecordingStrategy to INCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for only the resource types you specify in the resourceTypes field of RecordingGroup.useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for all supported resource types except the resource types that you specify to exclude from being recorded in the resourceTypes field of ExclusionByResourceTypes.Required and optional fields
The recordingStrategy field is optional when you set the allSupported field of RecordingGroup to true.
The recordingStrategy field is optional when you list resource types in the resourceTypes field of RecordingGroup.
The recordingStrategy field is required if you list resource types to exclude from recording in the resourceTypes field of ExclusionByResourceTypes.
Overriding fields
If you choose EXCLUSION_BY_RESOURCE_TYPES for the recording strategy, the exclusionByResourceTypes field will override other properties in the request.
For example, even if you set includeGlobalResourceTypes to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the resourceTypes field of exclusionByResourceTypes.
Global resources types and the resource exclusion recording strategy
By default, if you choose the EXCLUSION_BY_RESOURCE_TYPES recording strategy, when Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, Config starts recording resources of that type automatically.
Unless specifically listed as exclusions, AWS::RDS::GlobalCluster will be recorded automatically in all supported Config Regions were the configuration recorder is enabled.
IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:
exclusion_by_resource_types : exclusion_by_resource_types option;An object that specifies how Config excludes resource types from being recorded by the configuration recorder.
Required fields
To use this option, you must set the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES.
resource_types : resource_type list option;A comma-separated list that specifies which resource types Config records.
For a list of valid resourceTypes values, see the Resource Type Value column in Supported Amazon Web Services resource Types in the Config developer guide.
Required and optional fields
Optionally, you can set the useOnly field of RecordingStrategy to INCLUSION_BY_RESOURCE_TYPES.
To record all configuration changes, set the allSupported field of RecordingGroup to true, and either omit this field or don't specify any resource types in this field. If you set the allSupported field to false and specify values for resourceTypes, when Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group.
Region availability
Before specifying a resource type for Config to track, check Resource Coverage by Region Availability to see if the resource type is supported in the Amazon Web Services Region where you set up Config. If a resource type is supported by Config in at least one Region, you can enable the recording of that resource type in all Regions supported by Config, even if the specified resource type is not supported in the Amazon Web Services Region where you set up Config.
*)include_global_resource_types : bool option;This option is a bundle which only applies to the global IAM resource types: IAM users, groups, roles, and customer managed policies. These global IAM resource types can only be recorded by Config in Regions where Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:
Aurora global clusters are recorded in all enabled Regions
The AWS::RDS::GlobalCluster resource type will be recorded in all supported Config Regions where the configuration recorder is enabled, even if includeGlobalResourceTypes is setfalse. The includeGlobalResourceTypes option is a bundle which only applies to IAM users, groups, roles, and customer managed policies.
If you do not want to record AWS::RDS::GlobalCluster in all enabled Regions, use one of the following recording strategies:
EXCLUSION_BY_RESOURCE_TYPES), orINCLUSION_BY_RESOURCE_TYPES).For more information, see Selecting Which Resources are Recorded in the Config developer guide.
includeGlobalResourceTypes and the exclusion recording strategy
The includeGlobalResourceTypes field has no impact on the EXCLUSION_BY_RESOURCE_TYPES recording strategy. This means that the global IAM resource types (IAM users, groups, roles, and customer managed policies) will not be automatically added as exclusions for exclusionByResourceTypes when includeGlobalResourceTypes is set to false.
The includeGlobalResourceTypes field should only be used to modify the AllSupported field, as the default for the AllSupported field is to record configuration changes for all supported resource types excluding the global IAM resource types. To include the global IAM resource types when AllSupported is set to true, make sure to set includeGlobalResourceTypes to true.
To exclude the global IAM resource types for the EXCLUSION_BY_RESOURCE_TYPES recording strategy, you need to manually add them to the resourceTypes field of exclusionByResourceTypes.
Required and optional fields
Before you set this field to true, set the allSupported field of RecordingGroup to true. Optionally, you can set the useOnly field of RecordingStrategy to ALL_SUPPORTED_RESOURCE_TYPES.
Overriding fields
If you set this field to false but list global IAM resource types in the resourceTypes field of RecordingGroup, Config will still record configuration changes for those specified resource types regardless of if you set the includeGlobalResourceTypes field to false.
If you do not want to record configuration changes to the global IAM resource types (IAM users, groups, roles, and customer managed policies), make sure to not list them in the resourceTypes field in addition to setting the includeGlobalResourceTypes field to false.
all_supported : bool option;Specifies whether Config records configuration changes for all supported resource types, excluding the global IAM resource types.
If you set this field to true, when Config adds support for a new resource type, Config starts recording resources of that type automatically.
If you set this field to true, you cannot enumerate specific resource types to record in the resourceTypes field of RecordingGroup, or to exclude in the resourceTypes field of ExclusionByResourceTypes.
Region availability
Check Resource Coverage by Region Availability to see if a resource type is supported in the Amazon Web Services Region where you set up Config.
*)}Specifies which resource types Config records for configuration changes. By default, Config records configuration changes for all current and future supported resource types in the Amazon Web Services Region where you have enabled Config, excluding the global IAM resource types: IAM users, groups, roles, and customer managed policies.
In the recording group, you specify whether you want to record all supported current and future supported resource types or to include or exclude specific resources types. For a list of supported resource types, see Supported Resource Types in the Config developer guide.
If you don't want Config to record all current and future supported resource types (excluding the global IAM resource types), use one of the following recording strategies:
EXCLUSION_BY_RESOURCE_TYPES), orINCLUSION_BY_RESOURCE_TYPES).If you use the recording strategy to Record all current and future resource types (ALL_SUPPORTED_RESOURCE_TYPES), you can use the flag includeGlobalResourceTypes to include the global IAM resource types in your recording.
Aurora global clusters are recorded in all enabled Regions
The AWS::RDS::GlobalCluster resource type will be recorded in all supported Config Regions where the configuration recorder is enabled.
If you do not want to record AWS::RDS::GlobalCluster in all enabled Regions, use the EXCLUSION_BY_RESOURCE_TYPES or INCLUSION_BY_RESOURCE_TYPES recording strategy.
type recording_mode_override = {recording_frequency : recording_frequency;The recording frequency that will be applied to all the resource types specified in the override.
Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.
*)resource_types : resource_type list;A comma-separated list that specifies which resource types Config includes in the override.
Daily recording is not supported for the following resource types:
AWS::Config::ResourceComplianceAWS::Config::ConformancePackComplianceAWS::Config::ConfigurationRecorderdescription : string option;A description that you provide for the override.
*)}An object for you to specify your overrides for the recording mode.
type recording_mode = {recording_mode_overrides : recording_mode_override list option;An array of recordingModeOverride objects for you to specify your overrides for the recording mode. The recordingModeOverride object in the recordingModeOverrides array consists of three fields: a description, the new recordingFrequency, and an array of resourceTypes to override.
recording_frequency : recording_frequency;The default recording frequency that Config uses to record configuration changes.
Daily recording is not supported for the following resource types:
AWS::Config::ResourceComplianceAWS::Config::ConformancePackComplianceAWS::Config::ConfigurationRecorderFor the allSupported (ALL_SUPPORTED_RESOURCE_TYPES) recording strategy, these resource types will be set to Continuous recording.
}Specifies the default recording frequency that Config uses to record configuration changes. Config supports Continuous recording and Daily recording.
Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.
You can also override the recording frequency for specific resource types.
type configuration_recorder = {recording_mode : recording_mode option;Specifies the default recording frequency that Config uses to record configuration changes. Config supports Continuous recording and Daily recording.
Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.
You can also override the recording frequency for specific resource types.
*)recording_group : recording_group option;Specifies which resource types Config records for configuration changes.
High Number of Config Evaluations
You may notice increased activity in your account during your initial month recording with Config when compared to subsequent months. During the initial bootstrapping process, Config runs evaluations on all the resources in your account that you have selected for Config to record.
If you are running ephemeral workloads, you may see increased activity from Config as it records configuration changes associated with creating and deleting these temporary resources. An ephemeral workload is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances, Amazon EMR jobs, and Auto Scaling. If you want to avoid the increased activity from running ephemeral workloads, you can run these types of workloads in a separate account with Config turned off to avoid increased configuration recording and rule evaluations.
*)role_ar_n : string option;Amazon Resource Name (ARN) of the IAM role assumed by Config and used by the configuration recorder.
While the API model does not require this field, the server will reject a request without a defined roleARN for the configuration recorder.
Pre-existing Config role
If you have used an Amazon Web Services service that uses Config, such as Security Hub or Control Tower, and an Config role has already been created, make sure that the IAM role that you use when setting up Config keeps the same minimum permissions as the already created Config role. You must do this so that the other Amazon Web Services service continues to run as expected.
For example, if Control Tower has an IAM role that allows Config to read Amazon Simple Storage Service (Amazon S3) objects, make sure that the same permissions are granted within the IAM role you use when setting up Config. Otherwise, it may interfere with how Control Tower operates. For more information about IAM roles for Config, see Identity and Access Management for Config in the Config Developer Guide.
*)name : string option;The name of the configuration recorder. Config automatically assigns the name of "default" when creating the configuration recorder.
You cannot change the name of the configuration recorder after it has been created. To change the configuration recorder name, you must delete it and create a new configuration recorder with a new name.
*)}Records configuration changes to your specified resource types. For more information about the configuration recorder, see Managing the Configuration Recorder in the Config Developer Guide.
type put_configuration_recorder_request = {configuration_recorder : configuration_recorder;An object for the configuration recorder to record configuration changes for specified resource types.
*)}The input for the PutConfigurationRecorder action.
type account_aggregation_source = {aws_regions : string list option;The source regions being aggregated.
*)all_aws_regions : bool option;If true, aggregate existing Config regions and future regions.
*)account_ids : string list;The 12-digit account ID of the account being aggregated.
*)}A collection of accounts and regions.
type organization_aggregation_source = {all_aws_regions : bool option;If true, aggregate existing Config regions and future regions.
*)aws_regions : string list option;The source regions being aggregated.
*)role_arn : string;ARN of the IAM role used to retrieve Amazon Web Services Organization details associated with the aggregator account.
*)}This object contains regions to set up the aggregator and an IAM role to retrieve organization details.
type configuration_aggregator = {created_by : string option;Amazon Web Services service that created the configuration aggregator.
*)last_updated_time : float option;The time of the last update.
*)creation_time : float option;The time stamp when the configuration aggregator was created.
*)organization_aggregation_source : organization_aggregation_source option;Provides an organization and list of regions to be aggregated.
*)account_aggregation_sources : account_aggregation_source list option;Provides a list of source accounts and regions to be aggregated.
*)configuration_aggregator_arn : string option;The Amazon Resource Name (ARN) of the aggregator.
*)configuration_aggregator_name : string option;The name of the aggregator.
*)}The details about the configuration aggregator, including information about source accounts, regions, and metadata of the aggregator.
type put_configuration_aggregator_response = {configuration_aggregator : configuration_aggregator option;Returns a ConfigurationAggregator object.
*)}type put_configuration_aggregator_request = {organization_aggregation_source : organization_aggregation_source option;An OrganizationAggregationSource object.
*)account_aggregation_sources : account_aggregation_source list option;A list of AccountAggregationSource object.
*)configuration_aggregator_name : string;The name of the configuration aggregator.
*)}Failed to add the Config rule because the account already contains the maximum number of 1000 rules. Consider deleting any deactivated rules before you add new rules.
type scope = {compliance_resource_id : string option;The ID of the only Amazon Web Services resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for ComplianceResourceTypes.
tag_value : string option;The tag value applied to only those Amazon Web Services resources that you want to trigger an evaluation for the rule. If you specify a value for TagValue, you must also specify a value for TagKey.
tag_key : string option;The tag key that is applied to only those Amazon Web Services resources that you want to trigger an evaluation for the rule.
*)compliance_resource_types : string list option;The resource types of only those Amazon Web Services resources that you want to trigger an evaluation for the rule. You can only specify one type if you also specify a resource ID for ComplianceResourceId.
}Defines which resources trigger an evaluation for an Config rule. The scope can include one or more resource types, a combination of a tag key and value, or a combination of one resource type and one resource ID. Specify a scope to constrain which resources trigger an evaluation for a rule. Otherwise, evaluations for the rule are triggered when any resource in your recording group changes in configuration.
type source_detail = {maximum_execution_frequency : maximum_execution_frequency option;The frequency at which you want Config to run evaluations for a custom rule with a periodic trigger. If you specify a value for MaximumExecutionFrequency, then MessageType must use the ScheduledNotification value.
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.
Based on the valid value you choose, Config runs evaluations once for each valid value. For example, if you choose Three_Hours, Config runs evaluations once every three hours. In this case, Three_Hours is the frequency of this rule.
message_type : message_type option;The type of notification that triggers Config to run an evaluation for a rule. You can specify the following notification types:
ConfigurationItemChangeNotification - Triggers an evaluation when Config delivers a configuration item as a result of a resource change.OversizedConfigurationItemChangeNotification - Triggers an evaluation when Config delivers an oversized configuration item. Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.ScheduledNotification - Triggers a periodic evaluation at the frequency specified for MaximumExecutionFrequency.ConfigurationSnapshotDeliveryCompleted - Triggers a periodic evaluation when Config delivers a configuration snapshot.If you want your custom rule to be triggered by configuration changes, specify two SourceDetail objects, one for ConfigurationItemChangeNotification and one for OversizedConfigurationItemChangeNotification.
event_source : event_source option;The source of the event, such as an Amazon Web Services service, that triggers Config to evaluate your Amazon Web Services resources.
*)}Provides the source and the message types that trigger Config to evaluate your Amazon Web Services resources against a rule. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic. You can specify the parameter values for SourceDetail only for custom rules.
type custom_policy_details = {enable_debug_log_delivery : bool option;The boolean expression for enabling debug logging for your Config Custom Policy rule. The default value is false.
policy_text : string;The policy definition containing the logic for your Config Custom Policy rule.
*)policy_runtime : string;The runtime system for your Config Custom Policy rule. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
*)}Provides the runtime system, policy definition, and whether debug logging enabled. You can specify the following CustomPolicyDetails parameter values only for Config Custom Policy rules.
type source = {custom_policy_details : custom_policy_details option;Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set to CUSTOM_POLICY.
source_details : source_detail list option;Provides the source and the message types that cause Config to evaluate your Amazon Web Services resources against a rule. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
If the owner is set to CUSTOM_POLICY, the only acceptable values for the Config rule trigger message type are ConfigurationItemChangeNotification and OversizedConfigurationItemChangeNotification.
source_identifier : string option;For Config Managed rules, a predefined identifier from a list. For example, IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see List of Config Managed Rules.
For Config Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's Lambda function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name.
For Config Custom Policy rules, this field will be ignored.
*)owner : owner;Indicates whether Amazon Web Services or the customer owns and manages the Config rule.
Config Managed Rules are predefined rules owned by Amazon Web Services. For more information, see Config Managed Rules in the Config developer guide.
Config Custom Rules are rules that you can develop either with Guard (CUSTOM_POLICY) or Lambda (CUSTOM_LAMBDA). For more information, see Config Custom Rules in the Config developer guide.
}Provides the CustomPolicyDetails, the rule owner (Amazon Web Services for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your Amazon Web Services resources.
type evaluation_mode_configuration = {mode : evaluation_mode option;The mode of an evaluation. The valid values are Detective or Proactive.
*)}The configuration object for Config rule evaluation mode. The supported valid values are Detective or Proactive.
type config_rule = {evaluation_modes : evaluation_mode_configuration list option;The modes the Config rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.
*)created_by : string option;Service principal name of the service that created the rule.
The field is populated only if the service-linked rule is created by a service. The field is empty if you create your own rule.
*)config_rule_state : config_rule_state option;Indicates whether the Config rule is active or is currently being deleted by Config. It can also indicate the evaluation status for the Config rule.
Config sets the state of the rule to EVALUATING temporarily after you use the StartConfigRulesEvaluation request to evaluate your resources against the Config rule.
Config sets the state of the rule to DELETING_RESULTS temporarily after you use the DeleteEvaluationResults request to delete the current evaluation results for the Config rule.
Config temporarily sets the state of a rule to DELETING after you use the DeleteConfigRule request to delete the rule. After Config deletes the rule, the rule and all of its evaluations are erased and are no longer available.
maximum_execution_frequency : maximum_execution_frequency option;The maximum frequency with which Config runs evaluations for a rule. You can specify a value for MaximumExecutionFrequency when:
ConfigSnapshotDeliveryProperties.By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.
input_parameters : string option;A string, in JSON format, that is passed to the Config rule Lambda function.
*)source : source;Provides the rule owner (Amazon Web Services for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your Amazon Web Services resources.
scope : scope option;Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.
The scope can be empty.
*)description : string option;The description that you provide for the Config rule.
*)config_rule_id : string option;The ID of the Config rule.
*)config_rule_arn : string option;The Amazon Resource Name (ARN) of the Config rule.
*)config_rule_name : string option;The name that you assign to the Config rule. The name is required if you are adding a new rule.
*)}Config rules evaluate the configuration settings of your Amazon Web Services resources. A rule can run when Config detects a configuration change to an Amazon Web Services resource or at a periodic frequency that you choose (for example, every 24 hours). There are two types of rules: Config Managed Rules and Config Custom Rules.
Config Managed Rules are predefined, customizable rules created by Config. For a list of managed rules, see List of Config Managed Rules.
Config Custom Rules are rules that you create from scratch. There are two ways to create Config custom rules: with Lambda functions (Lambda Developer Guide) and with Guard (Guard GitHub Repository), a policy-as-code language. Config custom rules created with Lambda are called Config Custom Lambda Rules and Config custom rules created with Guard are called Config Custom Policy Rules.
For more information about developing and using Config rules, see Evaluating Resource with Config Rules in the Config Developer Guide.
You can use the Amazon Web Services CLI and Amazon Web Services SDKs if you want to create a rule that triggers evaluations for your resources when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
type put_config_rule_request = {config_rule : config_rule;The rule that you want to add to your account.
*)}An object that represents the authorizations granted to aggregator accounts and regions.
type list_stored_queries_response = {next_token : string option;If the previous paginated request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.
stored_query_metadata : stored_query_metadata list option;A list of StoredQueryMetadata objects.
}The specified time range is not valid. The earlier time is not chronologically before the later time.
type resource_evaluation = {evaluation_start_timestamp : float option;The starting time of an execution.
*)evaluation_mode : evaluation_mode option;The mode of an evaluation. The valid values are Detective or Proactive.
*)resource_evaluation_id : string option;The ResourceEvaluationId of a evaluation.
*)}Returns details of a resource evaluation.
type list_resource_evaluations_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
resource_evaluations : resource_evaluation list option;Returns a ResourceEvaluations object.
}type resource_evaluation_filters = {evaluation_context_identifier : string option;Filters evaluations for a given infrastructure deployment. For example: CFN Stack.
*)time_window : time_window option;Returns a TimeWindow object.
evaluation_mode : evaluation_mode option;Filters all resource evaluations results based on an evaluation mode.
Currently, DECTECTIVE is not supported as a valid value. Ignore other documentation stating otherwise.
}Returns details of a resource evaluation based on the selected filter.
type list_resource_evaluations_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of evaluations returned on each page. The default is 10. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
*)filters : resource_evaluation_filters option;Returns a ResourceEvaluationFilters object.
}type resource_identifier = {resource_deletion_time : float option;The time that the resource was deleted.
*)resource_name : string option;The custom name of the resource (if available).
*)resource_id : string option;The ID of the resource (for example, sg-xxxxxx).
resource_type : resource_type option;The type of resource.
*)}The details that identify a resource that is discovered by Config, including the resource type, ID, and (if available) the custom resource name.
type list_discovered_resources_response = {next_token : string option;The string that you use in a subsequent request to get the next page of results in a paginated response.
*)resource_identifiers : resource_identifier list option;The details that identify a resource that is discovered by Config, including the resource type, ID, and (if available) the custom resource name.
*)}type list_discovered_resources_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
include_deleted_resources : bool option;Specifies whether Config includes deleted resources in the results. By default, deleted resources are not included.
*)limit : int option;The maximum number of resource identifiers returned on each page. The default is 100. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
*)resource_name : string option;The custom name of only those resources that you want Config to list in the response. If you do not specify this parameter, Config lists all resources of the specified type that it has discovered.
*)resource_ids : string list option;The IDs of only those resources that you want Config to list in the response. If you do not specify this parameter, Config lists all resources of the specified type that it has discovered. You can list a minimum of 1 resourceID and a maximum of 20 resourceIds.
*)resource_type : resource_type;The type of resources that you want Config to list in the response.
*)}type conformance_pack_compliance_score = {last_updated_time : float option;The time that the conformance pack compliance score was last updated.
*)conformance_pack_name : string option;The name of the conformance pack.
*)score : string option;Compliance score for the conformance pack. Conformance packs with no evaluation results will have a compliance score of INSUFFICIENT_DATA.
}A compliance score is the percentage of the number of compliant rule-resource combinations in a conformance pack compared to the number of total possible rule-resource combinations in the conformance pack. This metric provides you with a high-level view of the compliance state of your conformance packs. You can use it to identify, investigate, and understand the level of compliance in your conformance packs.
type list_conformance_pack_compliance_scores_response = {conformance_pack_compliance_scores : conformance_pack_compliance_score list;A list of ConformancePackComplianceScore objects.
next_token : string option;The nextToken string that you can use to get the next page of results in a paginated response.
}type conformance_pack_compliance_scores_filters = {conformance_pack_names : string list;The names of the conformance packs whose compliance scores you want to include in the conformance pack compliance score result set. You can include up to 25 conformance packs in the ConformancePackNames array of strings, each with a character limit of 256 characters for the conformance pack name.
}A list of filters to apply to the conformance pack compliance score result set.
type list_conformance_pack_compliance_scores_request = {next_token : string option;The nextToken string in a prior request that you can use to get the paginated response for the next set of conformance pack compliance scores.
limit : int option;The maximum number of conformance pack compliance scores returned on each page.
*)sort_by : sort_by option;Sorts your conformance pack compliance scores in either ascending or descending order, depending on SortOrder.
By default, conformance pack compliance scores are sorted in alphabetical order by name of the conformance pack. Enter SCORE, to sort conformance pack compliance scores by the numerical value of the compliance score.
sort_order : sort_order option;Determines the order in which conformance pack compliance scores are sorted. Either in ascending or descending order.
By default, conformance pack compliance scores are sorted in alphabetical order by name of the conformance pack. Conformance pack compliance scores are sorted in reverse alphabetical order if you enter DESCENDING.
You can sort conformance pack compliance scores by the numerical value of the compliance score by entering SCORE in the SortBy action. When compliance scores are sorted by SCORE, conformance packs with a compliance score of INSUFFICIENT_DATA will be last when sorting by ascending order and first when sorting by descending order.
filters : conformance_pack_compliance_scores_filters option;Filters the results based on the ConformancePackComplianceScoresFilters.
}type list_aggregate_discovered_resources_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
resource_identifiers : aggregate_resource_identifier list option;Returns a list of ResourceIdentifiers objects.
}type resource_filters = {region : string option;The source region.
*)resource_name : string option;The name of the resource.
*)resource_id : string option;The ID of the resource.
*)account_id : string option;The 12-digit source account ID.
*)}Filters the results by resource account ID, region, resource ID, and resource name.
type list_aggregate_discovered_resources_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of resource identifiers returned on each page. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
*)filters : resource_filters option;Filters the results based on the ResourceFilters object.
resource_type : resource_type;The type of resources that you want Config to list in the response.
*)configuration_aggregator_name : string;The name of the configuration aggregator.
*)}type get_stored_query_response = {stored_query : stored_query option;Returns a StoredQuery object.
}type evaluation_status = {failure_reason : string option;An explanation for failed execution status.
*)status : resource_evaluation_status;The status of an execution. The valid values are In_Progress, Succeeded or Failed.
*)}Returns status details of an evaluation.
type get_resource_evaluation_summary_response = {resource_details : resource_details option;Returns a ResourceDetails object.
evaluation_context : evaluation_context option;Returns an EvaluationContext object.
compliance : compliance_type option;The compliance status of the resource evaluation summary.
*)evaluation_start_timestamp : float option;The start timestamp when Config rule starts evaluating compliance for the provided resource details.
*)evaluation_status : evaluation_status option;Returns an EvaluationStatus object.
evaluation_mode : evaluation_mode option;Lists results of the mode that you requested to retrieve the resource evaluation summary. The valid values are Detective or Proactive.
*)resource_evaluation_id : string option;The unique ResourceEvaluationId of Amazon Web Services resource execution for which you want to retrieve the evaluation summary.
}You have specified a resource that is either unknown or has not been discovered.
type relationship = {relationship_name : string option;The type of relationship with the related resource.
*)resource_name : string option;The custom name of the related resource, if available.
*)resource_id : string option;The ID of the related resource (for example, sg-xxxxxx).
resource_type : resource_type option;The resource type of the related resource.
*)}The relationship of the related resource to the main resource.
type configuration_item = {configuration_item_delivery_time : float option;The time when configuration changes for the resource were delivered.
This field is optional and is not guaranteed to be present in a configuration item (CI). If you are using daily recording, this field will be populated. However, if you are using continuous recording, this field will be omitted since the delivery time is instantaneous as the CI is available right away. For more information on daily recording and continuous recording, see Recording Frequency in the Config Developer Guide.
*)recording_frequency : recording_frequency option;The recording frequency that Config uses to record configuration changes for the resource.
*)supplementary_configuration : (string * string) list option;Configuration attributes that Config returns for certain resource types to supplement the information returned for the configuration parameter.
configuration : string option;The description of the resource configuration.
*)relationships : relationship list option;A list of related Amazon Web Services resources.
*)resource_creation_time : float option;The time stamp when the resource was created.
*)availability_zone : string option;The Availability Zone associated with the resource.
*)aws_region : string option;The region where the resource resides.
*)resource_name : string option;The custom name of the resource, if available.
*)resource_id : string option;The ID of the resource (for example, sg-xxxxxx).
resource_type : resource_type option;The type of Amazon Web Services resource.
*)arn : string option;Amazon Resource Name (ARN) associated with the resource.
*)configuration_item_md5_hash : string option;Unique MD5 hash that represents the configuration item's state.
You can use MD5 hash to compare the states of two or more configuration items that are associated with the same resource.
*)configuration_state_id : string option;An identifier that indicates the ordering of the configuration items of a resource.
*)configuration_item_status : configuration_item_status option;The configuration item status. Valid values include:
configuration_item_capture_time : float option;The time when the recording of configuration changes was initiated for the resource.
*)account_id : string option;The 12-digit Amazon Web Services account ID associated with the resource.
*)version : string option;The version number of the resource configuration.
*)}A list that contains detailed configurations of a specified resource.
type get_resource_config_history_response = {next_token : string option;The string that you use in a subsequent request to get the next page of results in a paginated response.
*)configuration_items : configuration_item list option;A list that contains the configuration history of one or more resources.
*)}The output for the GetResourceConfigHistory action.
type get_resource_config_history_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of configuration items returned on each page. The default is 10. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
*)chronological_order : chronological_order option;The chronological order for configuration items listed. By default, the results are listed in reverse chronological order.
*)earlier_time : float option;The chronologically earliest time in the time range for which the history requested. If not specified, the action returns paginated results that contain configuration items that start when the first configuration item was recorded.
*)later_time : float option;The chronologically latest time in the time range for which the history requested. If not specified, current time is taken.
*)resource_id : string;The ID of the resource (for example., sg-xxxxxx).
resource_type : resource_type;The resource type.
*)}The input for the GetResourceConfigHistory action.
The Config rule in the request is not valid. Verify that the rule is an organization Config Process Check rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
Config organization conformance pack that you passed in the filter does not exist.
For DeleteOrganizationConformancePack, you tried to delete an organization conformance pack that does not exist.
type organization_conformance_pack_detailed_status = {last_update_time : float option;The timestamp of the last status update.
*)error_message : string option;An error message indicating that conformance pack account creation or deletion has failed due to an error in the member account.
*)error_code : string option;An error code that is returned when conformance pack creation or deletion failed in the member account.
*)status : organization_resource_detailed_status;Indicates deployment status for conformance pack in a member account. When management account calls PutOrganizationConformancePack action for the first time, conformance pack status is created in the member account. When management account calls PutOrganizationConformancePack action for the second time, conformance pack status is updated in the member account. Conformance pack status is deleted when the management account deletes OrganizationConformancePack and disables service access for config-multiaccountsetup.amazonaws.com.
Config sets the state of the conformance pack to:
CREATE_SUCCESSFUL when conformance pack has been created in the member account.CREATE_IN_PROGRESS when conformance pack is being created in the member account.CREATE_FAILED when conformance pack creation has failed in the member account.DELETE_FAILED when conformance pack deletion has failed in the member account.DELETE_IN_PROGRESS when conformance pack is being deleted in the member account.DELETE_SUCCESSFUL when conformance pack has been deleted in the member account.UPDATE_SUCCESSFUL when conformance pack has been updated in the member account.UPDATE_IN_PROGRESS when conformance pack is being updated in the member account.UPDATE_FAILED when conformance pack deletion has failed in the member account.conformance_pack_name : string;The name of conformance pack deployed in the member account.
*)account_id : string;The 12-digit account ID of a member account.
*)}Organization conformance pack creation or deletion status in each member account. This includes the name of the conformance pack, the status, error code and error message when the conformance pack creation or deletion failed.
type get_organization_conformance_pack_detailed_status_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
*)organization_conformance_pack_detailed_statuses : organization_conformance_pack_detailed_status
list
option;A list of OrganizationConformancePackDetailedStatus objects.
}type organization_resource_detailed_status_filters = {status : organization_resource_detailed_status option;Indicates deployment status for conformance pack in a member account. When management account calls PutOrganizationConformancePack action for the first time, conformance pack status is created in the member account. When management account calls PutOrganizationConformancePack action for the second time, conformance pack status is updated in the member account. Conformance pack status is deleted when the management account deletes OrganizationConformancePack and disables service access for config-multiaccountsetup.amazonaws.com.
Config sets the state of the conformance pack to:
CREATE_SUCCESSFUL when conformance pack has been created in the member account.CREATE_IN_PROGRESS when conformance pack is being created in the member account.CREATE_FAILED when conformance pack creation has failed in the member account.DELETE_FAILED when conformance pack deletion has failed in the member account.DELETE_IN_PROGRESS when conformance pack is being deleted in the member account.DELETE_SUCCESSFUL when conformance pack has been deleted in the member account.UPDATE_SUCCESSFUL when conformance pack has been updated in the member account.UPDATE_IN_PROGRESS when conformance pack is being updated in the member account.UPDATE_FAILED when conformance pack deletion has failed in the member account.account_id : string option;The 12-digit account ID of the member account within an organization.
*)}Status filter object to filter results based on specific member account ID or status type for an organization conformance pack.
type get_organization_conformance_pack_detailed_status_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
*)limit : int option;The maximum number of OrganizationConformancePackDetailedStatuses returned on each page. If you do not specify a number, Config uses the default. The default is 100.
filters : organization_resource_detailed_status_filters option;An OrganizationResourceDetailedStatusFilters object.
organization_conformance_pack_name : string;The name of organization conformance pack for which you want status details for member accounts.
*)}type member_account_status = {last_update_time : float option;The timestamp of the last status update.
*)error_message : string option;An error message indicating that Config rule account creation or deletion has failed due to an error in the member account.
*)error_code : string option;An error code that is returned when Config rule creation or deletion failed in the member account.
*)member_account_rule_status : member_account_rule_status;Indicates deployment status for Config rule in the member account. When management account calls PutOrganizationConfigRule action for the first time, Config rule status is created in the member account. When management account calls PutOrganizationConfigRule action for the second time, Config rule status is updated in the member account. Config rule status is deleted when the management account deletes OrganizationConfigRule and disables service access for config-multiaccountsetup.amazonaws.com.
Config sets the state of the rule to:
CREATE_SUCCESSFUL when Config rule has been created in the member account.CREATE_IN_PROGRESS when Config rule is being created in the member account.CREATE_FAILED when Config rule creation has failed in the member account.DELETE_FAILED when Config rule deletion has failed in the member account.DELETE_IN_PROGRESS when Config rule is being deleted in the member account.DELETE_SUCCESSFUL when Config rule has been deleted in the member account.UPDATE_SUCCESSFUL when Config rule has been updated in the member account.UPDATE_IN_PROGRESS when Config rule is being updated in the member account.UPDATE_FAILED when Config rule deletion has failed in the member account.config_rule_name : string;The name of Config rule deployed in the member account.
*)account_id : string;The 12-digit account ID of a member account.
*)}Organization Config rule creation or deletion status in each member account. This includes the name of the rule, the status, error code and error message when the rule creation or deletion failed.
type get_organization_config_rule_detailed_status_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
organization_config_rule_detailed_status : member_account_status list option;A list of MemberAccountStatus objects.
}type get_organization_config_rule_detailed_status_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of OrganizationConfigRuleDetailedStatus returned on each page. If you do not specify a number, Config uses the default. The default is 100.
filters : status_detail_filters option;A StatusDetailFilters object.
organization_config_rule_name : string;The name of your organization Config rule for which you want status details for member accounts.
*)}type resource_count = {count : int option;The number of resources.
*)resource_type : resource_type option;The resource type (for example, "AWS::EC2::Instance").
}An object that contains the resource type and the number of resources.
type get_discovered_resource_counts_response = {next_token : string option;The string that you use in a subsequent request to get the next page of results in a paginated response.
*)resource_counts : resource_count list option;The list of ResourceCount objects. Each object is listed in descending order by the number of resources.
total_discovered_resources : int option;The total number of resources that Config is recording in the region for your account. If you specify resource types in the request, Config returns only the total number of resources for those resource types.
Example
GetDiscoveredResourceCounts action and specify the resource type, "AWS::EC2::Instances", in the request.totalDiscoveredResources.}type get_discovered_resource_counts_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of ResourceCount objects returned on each page. The default is 100. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
resource_types : string list option;The comma-separated list that specifies the resource types that you want Config to return (for example, "AWS::EC2::Instance", "AWS::IAM::User").
If a value for resourceTypes is not specified, Config returns all resource types that Config is recording in the region for your account.
If the configuration recorder is turned off, Config returns an empty list of ResourceCount objects. If the configuration recorder is not recording a specific resource type (for example, S3 buckets), that resource type is not returned in the list of ResourceCount objects.
}You specified one or more conformance packs that do not exist.
type conformance_pack_compliance_summary = {conformance_pack_compliance_status : conformance_pack_compliance_type;The status of the conformance pack.
*)conformance_pack_name : string;The name of the conformance pack name.
*)}Summary includes the name and status of the conformance pack.
type get_conformance_pack_compliance_summary_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
*)conformance_pack_compliance_summary_list : conformance_pack_compliance_summary
list
option;A list of ConformancePackComplianceSummary objects.
}type get_conformance_pack_compliance_summary_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
*)limit : int option;The maximum number of conformance packs returned on each page.
*)conformance_pack_names : string list;Names of conformance packs.
*)}Config rule that you passed in the filter does not exist.
type evaluation_result_qualifier = {evaluation_mode : evaluation_mode option;The mode of an evaluation. The valid values are Detective or Proactive.
*)resource_id : string option;The ID of the evaluated Amazon Web Services resource.
*)resource_type : string option;The type of Amazon Web Services resource that was evaluated.
*)config_rule_name : string option;The name of the Config rule that was used in the evaluation.
*)}Identifies an Config rule that evaluated an Amazon Web Services resource, and provides the type and ID of the resource that the rule evaluated.
type evaluation_result_identifier = {resource_evaluation_id : string option;A Unique ID for an evaluation result.
*)ordering_timestamp : float option;The time of the event that triggered the evaluation of your Amazon Web Services resources. The time can indicate when Config delivered a configuration item change notification, or it can indicate when Config delivered the configuration snapshot, depending on which event triggered the evaluation.
*)evaluation_result_qualifier : evaluation_result_qualifier option;Identifies an Config rule used to evaluate an Amazon Web Services resource, and provides the type and ID of the evaluated resource.
*)}Uniquely identifies an evaluation result.
type conformance_pack_evaluation_result = {annotation : string option;Supplementary information about how the evaluation determined the compliance.
*)result_recorded_time : float;The time when Config recorded the evaluation result.
*)config_rule_invoked_time : float;The time when Config rule evaluated Amazon Web Services resource.
*)evaluation_result_identifier : evaluation_result_identifier;compliance_type : conformance_pack_compliance_type;The compliance type. The allowed values are COMPLIANT and NON_COMPLIANT. INSUFFICIENT_DATA is not supported.
}The details of a conformance pack evaluation. Provides Config rule and Amazon Web Services resource type that was evaluated, the compliance of the conformance pack, related time stamps, and supplementary information.
type get_conformance_pack_compliance_details_response = {next_token : string option;The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
conformance_pack_rule_evaluation_results : conformance_pack_evaluation_result
list
option;Returns a list of ConformancePackEvaluationResult objects.
conformance_pack_name : string;Name of the conformance pack.
*)}type conformance_pack_evaluation_filters = {resource_ids : string list option;Filters the results by resource IDs.
This is valid only when you provide resource type. If there is no resource type, you will see an error.
*)resource_type : string option;Filters the results by the resource type (for example, "AWS::EC2::Instance").
compliance_type : conformance_pack_compliance_type option;Filters the results by compliance.
The allowed values are COMPLIANT and NON_COMPLIANT. INSUFFICIENT_DATA is not supported.
config_rule_names : string list option;Filters the results by Config rule names.
*)}Filters a conformance pack by Config rule names, compliance types, Amazon Web Services resource types, and resource IDs.
type get_conformance_pack_compliance_details_request = {next_token : string option;The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
limit : int option;The maximum number of evaluation results returned on each page. If you do no specify a number, Config uses the default. The default is 100.
*)filters : conformance_pack_evaluation_filters option;A ConformancePackEvaluationFilters object.
conformance_pack_name : string;Name of the conformance pack.
*)}type compliance_contributor_count = {cap_exceeded : bool option;Indicates whether the maximum count is reached.
*)capped_count : int option;The number of Amazon Web Services resources or Config rules responsible for the current compliance of the item.
*)}The number of Amazon Web Services resources or Config rules responsible for the current compliance of the item, up to a maximum number.
type compliance_summary = {compliance_summary_timestamp : float option;The time that Config created the compliance summary.
*)non_compliant_resource_count : compliance_contributor_count option;The number of Config rules or Amazon Web Services resources that are noncompliant, up to a maximum of 25 for rules and 100 for resources.
*)compliant_resource_count : compliance_contributor_count option;The number of Config rules or Amazon Web Services resources that are compliant, up to a maximum of 25 for rules and 100 for resources.
*)}The number of Config rules or Amazon Web Services resources that are compliant and noncompliant.
type compliance_summary_by_resource_type = {compliance_summary : compliance_summary option;The number of Amazon Web Services resources that are compliant or noncompliant, up to a maximum of 100 for each.
*)resource_type : string option;The type of Amazon Web Services resource.
*)}The number of Amazon Web Services resources of a specific type that are compliant or noncompliant, up to a maximum of 100 for each.
type get_compliance_summary_by_resource_type_response = {compliance_summaries_by_resource_type : compliance_summary_by_resource_type
list
option;The number of resources that are compliant and the number that are noncompliant. If one or more resource types were provided with the request, the numbers are returned for each resource type. The maximum number returned is 100.
*)}type get_compliance_summary_by_resource_type_request = {resource_types : string list option;Specify one or more resource types to get the number of resources that are compliant and the number that are noncompliant for each resource type.
For this request, you can specify an Amazon Web Services resource type such as AWS::EC2::Instance. You can specify that the resource type is an Amazon Web Services account by specifying AWS::::Account.
}type get_compliance_summary_by_config_rule_response = {compliance_summary : compliance_summary option;The number of Config rules that are compliant and the number that are noncompliant, up to a maximum of 25 for each.
*)}type evaluation_result = {result_token : string option;An encrypted token that associates an evaluation with an Config rule. The token identifies the rule, the Amazon Web Services resource being evaluated, and the event that triggered the evaluation.
*)annotation : string option;Supplementary information about how the evaluation determined the compliance.
*)config_rule_invoked_time : float option;The time when the Config rule evaluated the Amazon Web Services resource.
*)result_recorded_time : float option;The time when Config recorded the evaluation result.
*)compliance_type : compliance_type option;Indicates whether the Amazon Web Services resource complies with the Config rule that evaluated it.
For the EvaluationResult data type, Config supports only the COMPLIANT, NON_COMPLIANT, and NOT_APPLICABLE values. Config does not support the INSUFFICIENT_DATA value for the EvaluationResult data type.
evaluation_result_identifier : evaluation_result_identifier option;Uniquely identifies the evaluation result.
*)}The details of an Config evaluation. Provides the Amazon Web Services resource that was evaluated, the compliance of the resource, related time stamps, and supplementary information.
type get_compliance_details_by_resource_response = {next_token : string option;The string that you use in a subsequent request to get the next page of results in a paginated response.
*)evaluation_results : evaluation_result list option;Indicates whether the specified Amazon Web Services resource complies each Config rule.
*)}type get_compliance_details_by_resource_request = {resource_evaluation_id : string option;The unique ID of Amazon Web Services resource execution for which you want to retrieve evaluation results.
You need to only provide either a ResourceEvaluationID or a ResourceID and ResourceType.
next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
compliance_types : compliance_type list option;Filters the results by compliance.
INSUFFICIENT_DATA is a valid ComplianceType that is returned when an Config rule cannot be evaluated. However, INSUFFICIENT_DATA cannot be used as a ComplianceType for filtering results.
resource_id : string option;The ID of the Amazon Web Services resource for which you want compliance information.
*)resource_type : string option;The type of the Amazon Web Services resource for which you want compliance information.
*)}type get_compliance_details_by_config_rule_response = {next_token : string option;The string that you use in a subsequent request to get the next page of results in a paginated response.
*)evaluation_results : evaluation_result list option;Indicates whether the Amazon Web Services resource complies with the specified Config rule.
*)}type get_compliance_details_by_config_rule_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of evaluation results returned on each page. The default is 10. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
*)compliance_types : compliance_type list option;Filters the results by compliance.
INSUFFICIENT_DATA is a valid ComplianceType that is returned when an Config rule cannot be evaluated. However, INSUFFICIENT_DATA cannot be used as a ComplianceType for filtering results.
config_rule_name : string;The name of the Config rule for which you want compliance information.
*)}The configuration item size is outside the allowable range.
type get_aggregate_resource_config_response = {configuration_item : configuration_item option;Returns a ConfigurationItem object.
}type get_aggregate_resource_config_request = {resource_identifier : aggregate_resource_identifier;An object that identifies aggregate resource.
*)configuration_aggregator_name : string;The name of the configuration aggregator.
*)}type grouped_resource_count = {resource_count : int;The number of resources in the group.
*)group_name : string;The name of the group that can be region, account ID, or resource type. For example, region1, region2 if the region was chosen as GroupByKey.
}The count of resources that are grouped by the group name.
type get_aggregate_discovered_resource_counts_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
grouped_resource_counts : grouped_resource_count list option;Returns a list of GroupedResourceCount objects.
*)group_by_key : string option;The key passed into the request object. If GroupByKey is not provided, the result will be empty.
total_discovered_resources : int;The total number of resources that are present in an aggregator with the filters that you provide.
*)}type resource_count_filters = {region : string option;The region where the account is located.
*)account_id : string option;The 12-digit ID of the account.
*)resource_type : resource_type option;The type of the Amazon Web Services resource.
*)}Filters the resource count based on account ID, region, and resource type.
type get_aggregate_discovered_resource_counts_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of GroupedResourceCount objects returned on each page. The default is 1000. You cannot specify a number greater than 1000. If you specify 0, Config uses the default.
group_by_key : resource_count_group_key option;The key to group the resource counts.
*)filters : resource_count_filters option;Filters the results based on the ResourceCountFilters object.
configuration_aggregator_name : string;The name of the configuration aggregator.
*)}type aggregate_conformance_pack_compliance_count = {non_compliant_conformance_pack_count : int option;Number of noncompliant conformance packs.
*)compliant_conformance_pack_count : int option;Number of compliant conformance packs.
*)}The number of conformance packs that are compliant and noncompliant.
type aggregate_conformance_pack_compliance_summary = {group_name : string option;Groups the result based on Amazon Web Services account ID or Amazon Web Services Region.
*)compliance_summary : aggregate_conformance_pack_compliance_count option;Returns an AggregateConformancePackComplianceCount object.
}Provides a summary of compliance based on either account ID or region.
type get_aggregate_conformance_pack_compliance_summary_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
group_by_key : string option;Groups the result based on Amazon Web Services account ID or Amazon Web Services Region.
*)aggregate_conformance_pack_compliance_summaries : aggregate_conformance_pack_compliance_summary
list
option;Returns a list of AggregateConformancePackComplianceSummary object.
}type aggregate_conformance_pack_compliance_summary_filters = {aws_region : string option;The source Amazon Web Services Region from where the data is aggregated.
*)account_id : string option;The 12-digit Amazon Web Services account ID of the source account.
*)}Filters the results based on account ID and region.
type get_aggregate_conformance_pack_compliance_summary_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of results returned on each page. The default is maximum. If you specify 0, Config uses the default.
*)group_by_key : aggregate_conformance_pack_compliance_summary_group_key option;Groups the result based on Amazon Web Services account ID or Amazon Web Services Region.
*)filters : aggregate_conformance_pack_compliance_summary_filters option;Filters the results based on the AggregateConformancePackComplianceSummaryFilters object.
configuration_aggregator_name : string;The name of the configuration aggregator.
*)}type aggregate_compliance_count = {compliance_summary : compliance_summary option;The number of compliant and noncompliant Config rules.
*)group_name : string option;The 12-digit account ID or region based on the GroupByKey value.
*)}Returns the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator.
type get_aggregate_config_rule_compliance_summary_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
aggregate_compliance_counts : aggregate_compliance_count list option;Returns a list of AggregateComplianceCounts object.
*)group_by_key : string option;Groups the result based on ACCOUNT_ID or AWS_REGION.
*)}type config_rule_compliance_summary_filters = {aws_region : string option;The source region where the data is aggregated.
*)account_id : string option;The 12-digit account ID of the source account.
*)}Filters the results based on the account IDs and regions.
type get_aggregate_config_rule_compliance_summary_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of evaluation results returned on each page. The default is 1000. You cannot specify a number greater than 1000. If you specify 0, Config uses the default.
*)group_by_key : config_rule_compliance_summary_group_key option;Groups the result based on ACCOUNT_ID or AWS_REGION.
*)filters : config_rule_compliance_summary_filters option;Filters the results based on the ConfigRuleComplianceSummaryFilters object.
*)configuration_aggregator_name : string;The name of the configuration aggregator.
*)}type aggregate_evaluation_result = {aws_region : string option;The source region from where the data is aggregated.
*)account_id : string option;The 12-digit account ID of the source account.
*)annotation : string option;Supplementary information about how the agrregate evaluation determined the compliance.
*)config_rule_invoked_time : float option;The time when the Config rule evaluated the Amazon Web Services resource.
*)result_recorded_time : float option;The time when Config recorded the aggregate evaluation result.
*)compliance_type : compliance_type option;The resource compliance status.
For the AggregationEvaluationResult data type, Config supports only the COMPLIANT and NON_COMPLIANT. Config does not support the NOT_APPLICABLE and INSUFFICIENT_DATA value.
evaluation_result_identifier : evaluation_result_identifier option;Uniquely identifies the evaluation result.
*)}The details of an Config evaluation for an account ID and region in an aggregator. Provides the Amazon Web Services resource that was evaluated, the compliance of the resource, related time stamps, and supplementary information.
type get_aggregate_compliance_details_by_config_rule_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
aggregate_evaluation_results : aggregate_evaluation_result list option;Returns an AggregateEvaluationResults object.
*)}type get_aggregate_compliance_details_by_config_rule_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of evaluation results returned on each page. The default is 50. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
*)compliance_type : compliance_type option;The resource compliance status.
For the GetAggregateComplianceDetailsByConfigRuleRequest data type, Config supports only the COMPLIANT and NON_COMPLIANT. Config does not support the NOT_APPLICABLE and INSUFFICIENT_DATA values.
aws_region : string;The source region from where the data is aggregated.
*)account_id : string;The 12-digit account ID of the source account.
*)config_rule_name : string;The name of the Config rule for which you want compliance information.
*)configuration_aggregator_name : string;The name of the configuration aggregator.
*)}You have specified a retention configuration that does not exist.
type describe_retention_configurations_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
retention_configurations : retention_configuration list option;Returns a retention configuration object.
*)}type describe_retention_configurations_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
retention_configuration_names : string list option;A list of names of retention configurations for which you want details. If you do not specify a name, Config returns details for all the retention configurations for that account.
Currently, Config supports only one retention configuration per region in your account.
*)}type remediation_execution_step = {stop_time : float option;The time when the step stopped.
*)start_time : float option;The time when the step started.
*)error_message : string option;An error message if the step was interrupted during execution.
*)state : remediation_execution_step_state option;The valid status of the step.
*)name : string option;The details of the step.
*)}Name of the step from the SSM document.
type remediation_execution_status = {last_updated_time : float option;The time when the remediation execution was last updated.
*)invocation_time : float option;Start time when the remediation was executed.
*)step_details : remediation_execution_step list option;Details of every step.
*)state : remediation_execution_state option;ENUM of the values.
*)resource_key : resource_key option;}Provides details of the current status of the invoked remediation action for that resource.
type describe_remediation_execution_status_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
remediation_execution_statuses : remediation_execution_status list option;Returns a list of remediation execution statuses objects.
*)}type describe_remediation_execution_status_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of RemediationExecutionStatuses returned on each page. The default is maximum. If you specify 0, Config uses the default.
*)resource_keys : resource_key list option;A list of resource keys to be processed with the current request. Each element in the list consists of the resource type and resource ID.
*)config_rule_name : string;A list of Config rule names.
*)}type describe_remediation_exceptions_response = {next_token : string option;The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
remediation_exceptions : remediation_exception list option;Returns a list of remediation exception objects.
*)}type describe_remediation_exceptions_request = {next_token : string option;The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
limit : int option;The maximum number of RemediationExceptionResourceKey returned on each page. The default is 25. If you specify 0, Config uses the default.
*)resource_keys : remediation_exception_resource_key list option;An exception list of resource exception keys to be processed with the current request. Config adds exception for each resource key. For example, Config adds 3 exceptions for 3 resource keys.
*)config_rule_name : string;The name of the Config rule.
*)}type describe_remediation_configurations_response = {remediation_configurations : remediation_configuration list option;Returns a remediation configuration object.
*)}type pending_aggregation_request = {requester_aws_region : string option;The region requesting to aggregate data.
*)requester_account_id : string option;The 12-digit account ID of the account requesting to aggregate data.
*)}An object that represents the account ID and region of an aggregator account that is requesting authorization but is not yet authorized.
type describe_pending_aggregation_requests_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
pending_aggregation_requests : pending_aggregation_request list option;Returns a PendingAggregationRequests object.
*)}type describe_pending_aggregation_requests_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of evaluation results returned on each page. The default is maximum. If you specify 0, Config uses the default.
*)}type organization_conformance_pack_status = {last_update_time : float option;The timestamp of the last update.
*)error_message : string option;An error message indicating that organization conformance pack creation or deletion failed due to an error.
*)error_code : string option;An error code that is returned when organization conformance pack creation or deletion has failed in a member account.
*)status : organization_resource_status;Indicates deployment status of an organization conformance pack. When management account calls PutOrganizationConformancePack for the first time, conformance pack status is created in all the member accounts. When management account calls PutOrganizationConformancePack for the second time, conformance pack status is updated in all the member accounts. Additionally, conformance pack status is updated when one or more member accounts join or leave an organization. Conformance pack status is deleted when the management account deletes OrganizationConformancePack in all the member accounts and disables service access for config-multiaccountsetup.amazonaws.com.
Config sets the state of the conformance pack to:
CREATE_SUCCESSFUL when an organization conformance pack has been successfully created in all the member accounts.CREATE_IN_PROGRESS when an organization conformance pack creation is in progress.CREATE_FAILED when an organization conformance pack creation failed in one or more member accounts within that organization.DELETE_FAILED when an organization conformance pack deletion failed in one or more member accounts within that organization.DELETE_IN_PROGRESS when an organization conformance pack deletion is in progress.DELETE_SUCCESSFUL when an organization conformance pack has been successfully deleted from all the member accounts.UPDATE_SUCCESSFUL when an organization conformance pack has been successfully updated in all the member accounts.UPDATE_IN_PROGRESS when an organization conformance pack update is in progress.UPDATE_FAILED when an organization conformance pack update failed in one or more member accounts within that organization.organization_conformance_pack_name : string;The name that you assign to organization conformance pack.
*)}Returns the status for an organization conformance pack in an organization.
type describe_organization_conformance_pack_statuses_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
*)organization_conformance_pack_statuses : organization_conformance_pack_status
list
option;A list of OrganizationConformancePackStatus objects.
}type describe_organization_conformance_pack_statuses_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
*)limit : int option;The maximum number of OrganizationConformancePackStatuses returned on each page. If you do no specify a number, Config uses the default. The default is 100.
*)organization_conformance_pack_names : string list option;The names of organization conformance packs for which you want status details. If you do not specify any names, Config returns details for all your organization conformance packs.
*)}type organization_conformance_pack = {last_update_time : float;Last time when organization conformation pack was updated.
*)excluded_accounts : string list option;A comma-separated list of accounts excluded from organization conformance pack.
*)conformance_pack_input_parameters : conformance_pack_input_parameter list
option;A list of ConformancePackInputParameter objects.
delivery_s3_key_prefix : string option;Any folder structure you want to add to an Amazon S3 bucket.
This field is optional.
*)delivery_s3_bucket : string option;The name of the Amazon S3 bucket where Config stores conformance pack templates.
This field is optional.
*)organization_conformance_pack_arn : string;Amazon Resource Name (ARN) of organization conformance pack.
*)organization_conformance_pack_name : string;The name you assign to an organization conformance pack.
*)}An organization conformance pack that has information about conformance packs that Config creates in member accounts.
type describe_organization_conformance_packs_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
*)organization_conformance_packs : organization_conformance_pack list option;Returns a list of OrganizationConformancePacks objects.
*)}type describe_organization_conformance_packs_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
*)limit : int option;The maximum number of organization config packs returned on each page. If you do no specify a number, Config uses the default. The default is 100.
*)organization_conformance_pack_names : string list option;The name that you assign to an organization conformance pack.
*)}type organization_config_rule_status = {last_update_time : float option;The timestamp of the last update.
*)error_message : string option;An error message indicating that organization Config rule creation or deletion failed due to an error.
*)error_code : string option;An error code that is returned when organization Config rule creation or deletion has failed.
*)organization_rule_status : organization_rule_status;Indicates deployment status of an organization Config rule. When management account calls PutOrganizationConfigRule action for the first time, Config rule status is created in all the member accounts. When management account calls PutOrganizationConfigRule action for the second time, Config rule status is updated in all the member accounts. Additionally, Config rule status is updated when one or more member accounts join or leave an organization. Config rule status is deleted when the management account deletes OrganizationConfigRule in all the member accounts and disables service access for config-multiaccountsetup.amazonaws.com.
Config sets the state of the rule to:
CREATE_SUCCESSFUL when an organization Config rule has been successfully created in all the member accounts.CREATE_IN_PROGRESS when an organization Config rule creation is in progress.CREATE_FAILED when an organization Config rule creation failed in one or more member accounts within that organization.DELETE_FAILED when an organization Config rule deletion failed in one or more member accounts within that organization.DELETE_IN_PROGRESS when an organization Config rule deletion is in progress.DELETE_SUCCESSFUL when an organization Config rule has been successfully deleted from all the member accounts.UPDATE_SUCCESSFUL when an organization Config rule has been successfully updated in all the member accounts.UPDATE_IN_PROGRESS when an organization Config rule update is in progress.UPDATE_FAILED when an organization Config rule update failed in one or more member accounts within that organization.organization_config_rule_name : string;The name that you assign to organization Config rule.
*)}Returns the status for an organization Config rule in an organization.
type describe_organization_config_rule_statuses_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
organization_config_rule_statuses : organization_config_rule_status list option;A list of OrganizationConfigRuleStatus objects.
}type describe_organization_config_rule_statuses_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of OrganizationConfigRuleStatuses returned on each page. If you do no specify a number, Config uses the default. The default is 100.
organization_config_rule_names : string list option;The names of organization Config rules for which you want status details. If you do not specify any names, Config returns details for all your organization Config rules.
*)}type organization_custom_policy_rule_metadata_no_policy = {debug_log_delivery_accounts : string list option;A list of accounts that you can enable debug logging for your organization Config Custom Policy rule. List is null when debug logging is enabled for all accounts.
*)policy_runtime : string option;The runtime system for your organization Config Custom Policy rules. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
*)tag_value_scope : string option;The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
*)tag_key_scope : string option;One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
*)resource_id_scope : string option;The ID of the Amazon Web Services resource that was evaluated.
*)resource_types_scope : string list option;The type of the Amazon Web Services resource that was evaluated.
*)maximum_execution_frequency : maximum_execution_frequency option;The maximum frequency with which Config runs evaluations for a rule. Your Config Custom Policy rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
input_parameters : string option;A string, in JSON format, that is passed to your organization Config Custom Policy rule.
*)organization_config_rule_trigger_types : organization_config_rule_trigger_type_no_s_n
list
option;The type of notification that triggers Config to run an evaluation for a rule. For Config Custom Policy rules, Config supports change triggered notification types:
ConfigurationItemChangeNotification - Triggers an evaluation when Config delivers a configuration item as a result of a resource change.OversizedConfigurationItemChangeNotification - Triggers an evaluation when Config delivers an oversized configuration item. Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.description : string option;The description that you provide for your organization Config Custom Policy rule.
*)}metadata for your organization Config Custom Policy rule including the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that trigger Config to evaluate Amazon Web Services resources against a rule.
type organization_config_rule = {organization_custom_policy_rule_metadata : organization_custom_policy_rule_metadata_no_policy
option;An object that specifies metadata for your organization's Config Custom Policy rule. The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that initiate Config to evaluate Amazon Web Services resources against a rule.
*)last_update_time : float option;The timestamp of the last update.
*)excluded_accounts : string list option;A comma-separated list of accounts excluded from organization Config rule.
*)organization_custom_rule_metadata : organization_custom_rule_metadata option;An OrganizationCustomRuleMetadata object.
organization_managed_rule_metadata : organization_managed_rule_metadata option;An OrganizationManagedRuleMetadata object.
organization_config_rule_arn : string;Amazon Resource Name (ARN) of organization Config rule.
*)organization_config_rule_name : string;The name that you assign to organization Config rule.
*)}An organization Config rule that has information about Config rules that Config creates in member accounts.
type describe_organization_config_rules_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
organization_config_rules : organization_config_rule list option;Returns a list of OrganizationConfigRule objects.
}type describe_organization_config_rules_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of organization Config rules returned on each page. If you do no specify a number, Config uses the default. The default is 100.
*)organization_config_rule_names : string list option;The names of organization Config rules for which you want details. If you do not specify any names, Config returns details for all your organization Config rules.
*)}You have specified a delivery channel that does not exist.
type config_export_delivery_info = {next_delivery_time : float option;The time that the next delivery occurs.
*)last_successful_time : float option;The time of the last successful delivery.
*)last_attempt_time : float option;The time of the last attempted delivery.
*)last_error_message : string option;The error message from the last attempted delivery.
*)last_error_code : string option;The error code from the last attempted delivery.
*)last_status : delivery_status option;Status of the last attempted delivery.
*)}Provides status of the delivery of the snapshot or the configuration history to the specified Amazon S3 bucket. Also provides the status of notifications about the Amazon S3 delivery to the specified Amazon SNS topic.
type config_stream_delivery_info = {last_status_change_time : float option;The time from the last status change.
*)last_error_message : string option;The error message from the last attempted delivery.
*)last_error_code : string option;The error code from the last attempted delivery.
*)last_status : delivery_status option;Status of the last attempted delivery.
Note Providing an SNS topic on a DeliveryChannel for Config is optional. If the SNS delivery is turned off, the last status will be Not_Applicable.
*)}A list that contains the status of the delivery of the configuration stream notification to the Amazon SNS topic.
type delivery_channel_status = {config_stream_delivery_info : config_stream_delivery_info option;A list containing the status of the delivery of the configuration stream notification to the specified Amazon SNS topic.
*)config_history_delivery_info : config_export_delivery_info option;A list that contains the status of the delivery of the configuration history to the specified Amazon S3 bucket.
*)config_snapshot_delivery_info : config_export_delivery_info option;A list containing the status of the delivery of the snapshot to the specified Amazon S3 bucket.
*)name : string option;The name of the delivery channel.
*)}The status of a specified delivery channel.
Valid values: Success | Failure
type describe_delivery_channel_status_response = {delivery_channels_status : delivery_channel_status list option;A list that contains the status of a specified delivery channel.
*)}The output for the DescribeDeliveryChannelStatus action.
type describe_delivery_channels_response = {delivery_channels : delivery_channel list option;A list that contains the descriptions of the specified delivery channel.
*)}The output for the DescribeDeliveryChannels action.
type conformance_pack_status_detail = {last_update_completed_time : float option;Last time when conformation pack creation and update was successful.
*)last_update_requested_time : float;Last time when conformation pack creation and update was requested.
*)conformance_pack_status_reason : string option;The reason of conformance pack creation failure.
*)stack_arn : string;Amazon Resource Name (ARN) of CloudFormation stack.
*)conformance_pack_state : conformance_pack_state;Indicates deployment status of conformance pack.
Config sets the state of the conformance pack to:
conformance_pack_arn : string;Amazon Resource Name (ARN) of comformance pack.
*)conformance_pack_id : string;ID of the conformance pack.
*)conformance_pack_name : string;Name of the conformance pack.
*)}Status details of a conformance pack.
type describe_conformance_pack_status_response = {next_token : string option;The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
conformance_pack_status_details : conformance_pack_status_detail list option;A list of ConformancePackStatusDetail objects.
}type describe_conformance_pack_status_request = {next_token : string option;The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
limit : int option;The maximum number of conformance packs status returned on each page.
*)conformance_pack_names : string list option;Comma-separated list of conformance pack names.
*)}type conformance_pack_detail = {template_ssm_document_details : template_ssm_document_details option;An object that contains the name or Amazon Resource Name (ARN) of the Amazon Web Services Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.
*)created_by : string option;The Amazon Web Services service that created the conformance pack.
*)last_update_requested_time : float option;The last time a conformation pack update was requested.
*)conformance_pack_input_parameters : conformance_pack_input_parameter list
option;A list of ConformancePackInputParameter objects.
delivery_s3_key_prefix : string option;The prefix for the Amazon S3 bucket.
This field is optional.
*)delivery_s3_bucket : string option;The name of the Amazon S3 bucket where Config stores conformance pack templates.
This field is optional.
*)conformance_pack_id : string;ID of the conformance pack.
*)conformance_pack_arn : string;Amazon Resource Name (ARN) of the conformance pack.
*)conformance_pack_name : string;Name of the conformance pack.
*)}Returns details of a conformance pack. A conformance pack is a collection of Config rules and remediation actions that can be easily deployed in an account and a region.
type describe_conformance_packs_response = {next_token : string option;The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
conformance_pack_details : conformance_pack_detail list option;Returns a list of ConformancePackDetail objects.
}type describe_conformance_packs_request = {next_token : string option;The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
limit : int option;The maximum number of conformance packs returned on each page.
*)conformance_pack_names : string list option;Comma-separated list of conformance pack names for which you want details. If you do not specify any names, Config returns details for all your conformance packs.
*)}type conformance_pack_rule_compliance = {controls : string list option;Controls for the conformance pack. A control is a process to prevent or detect problems while meeting objectives. A control can align with a specific compliance regime or map to internal controls defined by an organization.
*)compliance_type : conformance_pack_compliance_type option;Compliance of the Config rule.
*)config_rule_name : string option;Name of the Config rule.
*)}Compliance information of one or more Config rules within a conformance pack. You can filter using Config rule names and compliance types.
type describe_conformance_pack_compliance_response = {next_token : string option;The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
conformance_pack_rule_compliance_list : conformance_pack_rule_compliance list;Returns a list of ConformancePackRuleCompliance objects.
conformance_pack_name : string;Name of the conformance pack.
*)}type conformance_pack_compliance_filters = {compliance_type : conformance_pack_compliance_type option;Filters the results by compliance.
The allowed values are COMPLIANT and NON_COMPLIANT. INSUFFICIENT_DATA is not supported.
config_rule_names : string list option;Filters the results by Config rule names.
*)}Filters the conformance pack by compliance types and Config rule names.
type describe_conformance_pack_compliance_request = {next_token : string option;The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
limit : int option;The maximum number of Config rules within a conformance pack are returned on each page.
*)filters : conformance_pack_compliance_filters option;A ConformancePackComplianceFilters object.
conformance_pack_name : string;Name of the conformance pack.
*)}type configuration_recorder_status = {last_status_change_time : float option;The time of the latest change in status of an recording event processed by the recorder.
*)last_error_message : string option;The latest error message from when the recorder last failed.
*)last_error_code : string option;The latest error code from when the recorder last failed.
*)last_status : recorder_status option;The status of the latest recording event processed by the recorder.
*)recording : bool option;Specifies whether or not the recorder is currently recording.
*)last_stop_time : float option;The time the recorder was last stopped.
*)last_start_time : float option;The time the recorder was last started.
*)name : string option;The name of the configuration recorder.
*)}The current status of the configuration recorder.
For a detailed status of recording events over time, add your Config events to CloudWatch metrics and use CloudWatch metrics.
type describe_configuration_recorder_status_response = {configuration_recorders_status : configuration_recorder_status list option;A list that contains status of the specified recorders.
*)}The output for the DescribeConfigurationRecorderStatus action, in JSON format.
type describe_configuration_recorder_status_request = {configuration_recorder_names : string list option;The name(s) of the configuration recorder. If the name is not specified, the action returns the current status of all the configuration recorders associated with the account.
*)}The input for the DescribeConfigurationRecorderStatus action.
type describe_configuration_recorders_response = {configuration_recorders : configuration_recorder list option;A list that contains the descriptions of the specified configuration recorders.
*)}The output for the DescribeConfigurationRecorders action.
The input for the DescribeConfigurationRecorders action.
type aggregated_source_status = {last_error_message : string option;The message indicating that the source account aggregation failed due to an error.
*)last_error_code : string option;The error code that Config returned when the source account aggregation last failed.
*)last_update_time : float option;The time of the last update.
*)last_update_status : aggregated_source_status_type option;Filters the last updated status type.
aws_region : string option;The region authorized to collect aggregated data.
*)source_type : aggregated_source_type option;The source account or an organization.
*)source_id : string option;The source account ID or an organization.
*)}The current sync status between the source and the aggregator account.
type describe_configuration_aggregator_sources_status_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
aggregated_source_status_list : aggregated_source_status list option;Returns an AggregatedSourceStatus object.
*)}type describe_configuration_aggregator_sources_status_request = {limit : int option;The maximum number of AggregatorSourceStatus returned on each page. The default is maximum. If you specify 0, Config uses the default.
*)next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
update_status : aggregated_source_status_type list option;Filters the status type.
configuration_aggregator_name : string;The name of the configuration aggregator.
*)}type describe_configuration_aggregators_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
configuration_aggregators : configuration_aggregator list option;Returns a ConfigurationAggregators object.
*)}type describe_configuration_aggregators_request = {limit : int option;The maximum number of configuration aggregators returned on each page. The default is maximum. If you specify 0, Config uses the default.
*)next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
configuration_aggregator_names : string list option;The name of the configuration aggregators.
*)}type describe_config_rules_response = {next_token : string option;The string that you use in a subsequent request to get the next page of results in a paginated response.
*)config_rules : config_rule list option;The details about your Config rules.
*)}type describe_config_rules_filters = {evaluation_mode : evaluation_mode option;The mode of an evaluation. The valid values are Detective or Proactive.
*)}Returns a filtered list of Detective or Proactive Config rules. By default, if the filter is not defined, this API returns an unfiltered list. For more information on Detective or Proactive Config rules, see Evaluation Mode in the Config Developer Guide.
type describe_config_rules_request = {filters : describe_config_rules_filters option;Returns a list of Detective or Proactive Config rules. By default, this API returns an unfiltered list. For more information on Detective or Proactive Config rules, see Evaluation Mode in the Config Developer Guide.
*)next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
config_rule_names : string list option;The names of the Config rules for which you want details. If you do not specify any names, Config returns details for all your rules.
*)}type config_rule_evaluation_status = {last_debug_log_delivery_time : float option;The time Config last attempted to deliver a debug log for your Config Custom Policy rules.
*)last_debug_log_delivery_status_reason : string option;The reason Config was not able to deliver a debug log. This is for the last failed attempt to retrieve a debug log for your Config Custom Policy rules.
*)last_debug_log_delivery_status : string option;The status of the last attempted delivery of a debug log for your Config Custom Policy rules. Either Successful or Failed.
first_evaluation_started : bool option;Indicates whether Config has evaluated your resources against the rule at least once.
true - Config has evaluated your Amazon Web Services resources against the rule at least once.false - Config has not finished evaluating your Amazon Web Services resources against the rule at least once.last_error_message : string option;The error message that Config returned when the rule last failed.
*)last_error_code : string option;The error code that Config returned when the rule last failed.
*)last_deactivated_time : float option;The time that you last turned off the Config rule.
*)first_activated_time : float option;The time that you first activated the Config rule.
*)last_failed_evaluation_time : float option;The time that Config last failed to evaluate your Amazon Web Services resources against the rule.
*)last_successful_evaluation_time : float option;The time that Config last successfully evaluated your Amazon Web Services resources against the rule.
*)last_failed_invocation_time : float option;The time that Config last failed to invoke the Config rule to evaluate your Amazon Web Services resources.
*)last_successful_invocation_time : float option;The time that Config last successfully invoked the Config rule to evaluate your Amazon Web Services resources.
*)config_rule_id : string option;The ID of the Config rule.
*)config_rule_arn : string option;The Amazon Resource Name (ARN) of the Config rule.
*)config_rule_name : string option;The name of the Config rule.
*)}Status information for your Config Managed rules and Config Custom Policy rules. The status includes information such as the last time the rule ran, the last time it failed, and the related error for the last failure.
This action does not return status information about Config Custom Lambda rules.
type describe_config_rule_evaluation_status_response = {next_token : string option;The string that you use in a subsequent request to get the next page of results in a paginated response.
*)config_rules_evaluation_status : config_rule_evaluation_status list option;Status information about your Config managed rules.
*)}type describe_config_rule_evaluation_status_request = {limit : int option;The number of rule evaluation results that you want returned.
This parameter is required if the rule limit for your account is more than the default of 1000 rules.
For information about requesting a rule limit increase, see Config Limits in the Amazon Web Services General Reference Guide.
*)next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
config_rule_names : string list option;The name of the Config managed rules for which you want status information. If you do not specify any names, Config returns status information for all Config managed rules that you use.
*)}type compliance = {compliance_contributor_count : compliance_contributor_count option;The number of Amazon Web Services resources or Config rules that cause a result of NON_COMPLIANT, up to a maximum number.
compliance_type : compliance_type option;Indicates whether an Amazon Web Services resource or Config rule is compliant.
A resource is compliant if it complies with all of the Config rules that evaluate it. A resource is noncompliant if it does not comply with one or more of these rules.
A rule is compliant if all of the resources that the rule evaluates comply with it. A rule is noncompliant if any of these resources do not comply.
Config returns the INSUFFICIENT_DATA value when no evaluation results are available for the Amazon Web Services resource or Config rule.
For the Compliance data type, Config supports only COMPLIANT, NON_COMPLIANT, and INSUFFICIENT_DATA values. Config does not support the NOT_APPLICABLE value for the Compliance data type.
}Indicates whether an Amazon Web Services resource or Config rule is compliant and provides the number of contributors that affect the compliance.
type compliance_by_resource = {compliance : compliance option;Indicates whether the Amazon Web Services resource complies with all of the Config rules that evaluated it.
*)resource_id : string option;The ID of the Amazon Web Services resource that was evaluated.
*)resource_type : string option;The type of the Amazon Web Services resource that was evaluated.
*)}Indicates whether an Amazon Web Services resource that is evaluated according to one or more Config rules is compliant. A resource is compliant if it complies with all of the rules that evaluate it. A resource is noncompliant if it does not comply with one or more of these rules.
type describe_compliance_by_resource_response = {next_token : string option;The string that you use in a subsequent request to get the next page of results in a paginated response.
*)compliance_by_resources : compliance_by_resource list option;Indicates whether the specified Amazon Web Services resource complies with all of the Config rules that evaluate it.
*)}type describe_compliance_by_resource_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of evaluation results returned on each page. The default is 10. You cannot specify a number greater than 100. If you specify 0, Config uses the default.
*)compliance_types : compliance_type list option;Filters the results by compliance.
*)resource_id : string option;The ID of the Amazon Web Services resource for which you want compliance information. You can specify only one resource ID. If you specify a resource ID, you must also specify a type for ResourceType.
resource_type : string option;The types of Amazon Web Services resources for which you want compliance information (for example, AWS::EC2::Instance). For this action, you can specify that the resource type is an Amazon Web Services account by specifying AWS::::Account.
}type compliance_by_config_rule = {compliance : compliance option;Indicates whether the Config rule is compliant.
*)config_rule_name : string option;The name of the Config rule.
*)}Indicates whether an Config rule is compliant. A rule is compliant if all of the resources that the rule evaluated comply with it. A rule is noncompliant if any of these resources do not comply.
type describe_compliance_by_config_rule_response = {next_token : string option;The string that you use in a subsequent request to get the next page of results in a paginated response.
*)compliance_by_config_rules : compliance_by_config_rule list option;Indicates whether each of the specified Config rules is compliant.
*)}type describe_compliance_by_config_rule_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
compliance_types : compliance_type list option;Filters the results by compliance.
*)config_rule_names : string list option;Specify one or more Config rule names to filter the results by rule.
*)}type aggregate_conformance_pack_compliance = {total_rule_count : int option;Total number of compliant rules, noncompliant rules, and the rules that do not have any applicable resources to evaluate upon resulting in insufficient data.
*)non_compliant_rule_count : int option;The number of noncompliant Config Rules.
*)compliant_rule_count : int option;The number of compliant Config Rules.
*)compliance_type : conformance_pack_compliance_type option;The compliance status of the conformance pack.
*)}Provides the number of compliant and noncompliant rules within a conformance pack. Also provides the compliance status of the conformance pack and the total rule count which includes compliant rules, noncompliant rules, and rules that cannot be evaluated due to insufficient data.
A conformance pack is compliant if all of the rules in a conformance packs are compliant. It is noncompliant if any of the rules are not compliant. The compliance status of a conformance pack is INSUFFICIENT_DATA only if all rules within a conformance pack cannot be evaluated due to insufficient data. If some of the rules in a conformance pack are compliant but the compliance status of other rules in that same conformance pack is INSUFFICIENT_DATA, the conformance pack shows compliant.
type aggregate_compliance_by_conformance_pack = {aws_region : string option;The source Amazon Web Services Region from where the data is aggregated.
*)account_id : string option;The 12-digit Amazon Web Services account ID of the source account.
*)compliance : aggregate_conformance_pack_compliance option;The compliance status of the conformance pack.
*)conformance_pack_name : string option;The name of the conformance pack.
*)}Provides aggregate compliance of the conformance pack. Indicates whether a conformance pack is compliant based on the name of the conformance pack, account ID, and region.
A conformance pack is compliant if all of the rules in a conformance packs are compliant. It is noncompliant if any of the rules are not compliant. The compliance status of a conformance pack is INSUFFICIENT_DATA only if all rules within a conformance pack cannot be evaluated due to insufficient data. If some of the rules in a conformance pack are compliant but the compliance status of other rules in that same conformance pack is INSUFFICIENT_DATA, the conformance pack shows compliant.
type describe_aggregate_compliance_by_conformance_packs_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
aggregate_compliance_by_conformance_packs : aggregate_compliance_by_conformance_pack
list
option;Returns the AggregateComplianceByConformancePack object.
}type aggregate_conformance_pack_compliance_filters = {aws_region : string option;The source Amazon Web Services Region from where the data is aggregated.
*)account_id : string option;The 12-digit Amazon Web Services account ID of the source account.
*)compliance_type : conformance_pack_compliance_type option;The compliance status of the conformance pack.
*)conformance_pack_name : string option;The name of the conformance pack.
*)}Filters the conformance packs based on an account ID, region, compliance type, and the name of the conformance pack.
type describe_aggregate_compliance_by_conformance_packs_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of conformance packs compliance details returned on each page. The default is maximum. If you specify 0, Config uses the default.
*)filters : aggregate_conformance_pack_compliance_filters option;Filters the result by AggregateConformancePackComplianceFilters object.
configuration_aggregator_name : string;The name of the configuration aggregator.
*)}type aggregate_compliance_by_config_rule = {aws_region : string option;The source region from where the data is aggregated.
*)account_id : string option;The 12-digit account ID of the source account.
*)compliance : compliance option;Indicates whether an Amazon Web Services resource or Config rule is compliant and provides the number of contributors that affect the compliance.
*)config_rule_name : string option;The name of the Config rule.
*)}Indicates whether an Config rule is compliant based on account ID, region, compliance, and rule name.
A rule is compliant if all of the resources that the rule evaluated comply with it. It is noncompliant if any of these resources do not comply.
type describe_aggregate_compliance_by_config_rules_response = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
aggregate_compliance_by_config_rules : aggregate_compliance_by_config_rule list
option;Returns a list of AggregateComplianceByConfigRule object.
*)}type config_rule_compliance_filters = {aws_region : string option;The source region where the data is aggregated.
*)account_id : string option;The 12-digit account ID of the source account.
*)compliance_type : compliance_type option;The rule compliance status.
For the ConfigRuleComplianceFilters data type, Config supports only COMPLIANT and NON_COMPLIANT. Config does not support the NOT_APPLICABLE and the INSUFFICIENT_DATA values.
config_rule_name : string option;The name of the Config rule.
*)}Filters the compliance results based on account ID, region, compliance type, and rule name.
type describe_aggregate_compliance_by_config_rules_request = {next_token : string option;The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
limit : int option;The maximum number of evaluation results returned on each page. The default is maximum. If you specify 0, Config uses the default.
*)filters : config_rule_compliance_filters option;Filters the results by ConfigRuleComplianceFilters object.
*)configuration_aggregator_name : string;The name of the configuration aggregator.
*)}The output for the DeliverConfigSnapshot action, in JSON format.
type deliver_config_snapshot_request = {delivery_channel_name : string;The name of the delivery channel through which the snapshot is delivered.
*)}The input for the DeliverConfigSnapshot action.
You tried to delete a remediation exception that does not exist.
type failed_delete_remediation_exceptions_batch = {failed_items : remediation_exception_resource_key list option;Returns remediation exception resource key object of the failed items.
*)failure_message : string option;Returns a failure message for delete remediation exception. For example, Config creates an exception due to an internal error.
*)}List of each of the failed delete remediation exceptions with specific reasons.
type delete_remediation_exceptions_response = {failed_batches : failed_delete_remediation_exceptions_batch list option;Returns a list of failed delete remediation exceptions batch objects. Each object in the batch consists of a list of failed items and failure messages.
*)}type delete_remediation_exceptions_request = {resource_keys : remediation_exception_resource_key list;An exception list of resource exception keys to be processed with the current request. Config adds exception for each resource key. For example, Config adds 3 exceptions for 3 resource keys.
*)config_rule_name : string;The name of the Config rule for which you want to delete remediation exception configuration.
*)}Remediation action is in progress. You can either cancel execution in Amazon Web Services Systems Manager or wait and try again later.
The output when you delete the evaluation results for the specified Config rule.
You cannot delete the delivery channel you specified because the configuration recorder is running.
The input for the DeleteDeliveryChannel action. The action accepts the following data, in JSON format.
type delete_configuration_recorder_request = {configuration_recorder_name : string;The name of the configuration recorder to be deleted. You can retrieve the name of your configuration recorder by using the DescribeConfigurationRecorders action.
}The request object for the DeleteConfigurationRecorder action.
type base_configuration_item = {configuration_item_delivery_time : float option;The time when configuration changes for the resource were delivered.
This field is optional and is not guaranteed to be present in a configuration item (CI). If you are using daily recording, this field will be populated. However, if you are using continuous recording, this field will be omitted since the delivery time is instantaneous as the CI is available right away. For more information on daily recording and continuous recording, see Recording Frequency in the Config Developer Guide.
*)recording_frequency : recording_frequency option;The recording frequency that Config uses to record configuration changes for the resource.
*)supplementary_configuration : (string * string) list option;Configuration attributes that Config returns for certain resource types to supplement the information returned for the configuration parameter.
*)configuration : string option;The description of the resource configuration.
*)resource_creation_time : float option;The time stamp when the resource was created.
*)availability_zone : string option;The Availability Zone associated with the resource.
*)aws_region : string option;The region where the resource resides.
*)resource_name : string option;The custom name of the resource, if available.
*)resource_id : string option;The ID of the resource (for example., sg-xxxxxx).
*)resource_type : resource_type option;The type of Amazon Web Services resource.
*)arn : string option;The Amazon Resource Name (ARN) of the resource.
*)configuration_state_id : string option;An identifier that indicates the ordering of the configuration items of a resource.
*)configuration_item_status : configuration_item_status option;The configuration item status. Valid values include:
configuration_item_capture_time : float option;The time when the recording of configuration changes was initiated for the resource.
*)account_id : string option;The 12-digit Amazon Web Services account ID associated with the resource.
*)version : string option;The version number of the resource configuration.
*)}The detailed configurations of a specified resource.
type batch_get_resource_config_response = {unprocessed_resource_keys : resource_key list option;A list of resource keys that were not processed with the current response. The unprocessesResourceKeys value is in the same form as ResourceKeys, so the value can be directly provided to a subsequent BatchGetResourceConfig operation. If there are no unprocessed resource keys, the response contains an empty unprocessedResourceKeys list.
*)base_configuration_items : base_configuration_item list option;A list that contains the current configuration of one or more resources.
*)}type batch_get_resource_config_request = {resource_keys : resource_key list;A list of resource keys to be processed with the current request. Each element in the list consists of the resource type and resource ID.
*)}type batch_get_aggregate_resource_config_response = {unprocessed_resource_identifiers : aggregate_resource_identifier list option;A list of resource identifiers that were not processed with current scope. The list is empty if all the resources are processed.
*)base_configuration_items : base_configuration_item list option;A list that contains the current configuration of one or more resources.
*)}type batch_get_aggregate_resource_config_request = {resource_identifiers : aggregate_resource_identifier list;A list of aggregate ResourceIdentifiers objects.
*)configuration_aggregator_name : string;The name of the configuration aggregator.
*)}Config Config provides a way to keep track of the configurations of all the Amazon Web Services resources associated with your Amazon Web Services account. You can use Config to get the current and historical configurations of each Amazon Web Services resource and also to get information about the relationship between the resources. An Amazon Web Services resource can be an Amazon Compute Cloud (Amazon EC2) instance, an Elastic Block Store (EBS) volume, an elastic network Interface (ENI), or a security group. For a complete list of resources currently supported by Config, see Supported Amazon Web Services resources.
You can access and manage Config through the Amazon Web Services Management Console, the Amazon Web Services Command Line Interface (Amazon Web Services CLI), the Config API, or the Amazon Web Services SDKs for Config. This reference guide contains documentation for the Config API and the Amazon Web Services CLI commands that you can use to manage Config. The Config API uses the Signature Version 4 protocol for signing requests. For more information about how to sign a request with this protocol, see Signature Version 4 Signing Process. For detailed information about Config features and their associated actions or commands, as well as how to work with Amazon Web Services Management Console, see What Is Config in the Config Developer Guide.
type base_document = Smaws_Lib.Json.tval make_untag_resource_request :
tag_keys:string list ->
resource_arn:string ->
unit ->
untag_resource_requestCreate a untag_resource_request type
val make_aggregate_resource_identifier :
?resource_name:string ->
resource_type:resource_type ->
resource_id:string ->
source_region:string ->
source_account_id:string ->
unit ->
aggregate_resource_identifierCreate a aggregate_resource_identifier type
val make_time_window :
?end_time:float ->
?start_time:float ->
unit ->
time_windowCreate a time_window type
val make_template_ssm_document_details :
?document_version:string ->
document_name:string ->
unit ->
template_ssm_document_detailsCreate a template_ssm_document_details type
val make_tag_resource_request :
tags:tag list ->
resource_arn:string ->
unit ->
tag_resource_requestCreate a tag_resource_request type
val make_stored_query_metadata :
?description:string ->
query_name:string ->
query_arn:string ->
query_id:string ->
unit ->
stored_query_metadataCreate a stored_query_metadata type
val make_stored_query :
?expression:string ->
?description:string ->
?query_arn:string ->
?query_id:string ->
query_name:string ->
unit ->
stored_queryCreate a stored_query type
val make_stop_configuration_recorder_request :
configuration_recorder_name:string ->
unit ->
stop_configuration_recorder_requestCreate a stop_configuration_recorder_request type
val make_status_detail_filters :
?member_account_rule_status:member_account_rule_status ->
?account_id:string ->
unit ->
status_detail_filtersCreate a status_detail_filters type
val make_static_value : values:string list -> unit -> static_valueCreate a static_value type
val make_start_resource_evaluation_response :
?resource_evaluation_id:string ->
unit ->
start_resource_evaluation_responseCreate a start_resource_evaluation_response type
val make_resource_details :
?resource_configuration_schema_type:resource_configuration_schema_type ->
resource_configuration:string ->
resource_type:string ->
resource_id:string ->
unit ->
resource_detailsCreate a resource_details type
val make_evaluation_context :
?evaluation_context_identifier:string ->
unit ->
evaluation_contextCreate a evaluation_context type
val make_start_resource_evaluation_request :
?client_token:string ->
?evaluation_timeout:int ->
?evaluation_context:evaluation_context ->
evaluation_mode:evaluation_mode ->
resource_details:resource_details ->
unit ->
start_resource_evaluation_requestCreate a start_resource_evaluation_request type
val make_resource_key :
resource_id:string ->
resource_type:resource_type ->
unit ->
resource_keyCreate a resource_key type
val make_start_remediation_execution_response :
?failed_items:resource_key list ->
?failure_message:string ->
unit ->
start_remediation_execution_responseCreate a start_remediation_execution_response type
val make_start_remediation_execution_request :
resource_keys:resource_key list ->
config_rule_name:string ->
unit ->
start_remediation_execution_requestCreate a start_remediation_execution_request type
val make_start_configuration_recorder_request :
configuration_recorder_name:string ->
unit ->
start_configuration_recorder_requestCreate a start_configuration_recorder_request type
val make_start_config_rules_evaluation_response :
unit ->
start_config_rules_evaluation_responseCreate a start_config_rules_evaluation_response type
val make_start_config_rules_evaluation_request :
?config_rule_names:string list ->
unit ->
start_config_rules_evaluation_requestCreate a start_config_rules_evaluation_request type
val make_field_info : ?name:string -> unit -> field_infoCreate a field_info type
val make_query_info : ?select_fields:field_info list -> unit -> query_infoCreate a query_info type
val make_select_resource_config_response :
?next_token:string ->
?query_info:query_info ->
?results:string list ->
unit ->
select_resource_config_responseCreate a select_resource_config_response type
val make_select_resource_config_request :
?next_token:string ->
?limit:int ->
expression:string ->
unit ->
select_resource_config_requestCreate a select_resource_config_request type
val make_select_aggregate_resource_config_response :
?next_token:string ->
?query_info:query_info ->
?results:string list ->
unit ->
select_aggregate_resource_config_responseCreate a select_aggregate_resource_config_response type
val make_select_aggregate_resource_config_request :
?next_token:string ->
?max_results:int ->
?limit:int ->
configuration_aggregator_name:string ->
expression:string ->
unit ->
select_aggregate_resource_config_requestCreate a select_aggregate_resource_config_request type
val make_put_stored_query_response :
?query_arn:string ->
unit ->
put_stored_query_responseCreate a put_stored_query_response type
val make_put_stored_query_request :
?tags:tag list ->
stored_query:stored_query ->
unit ->
put_stored_query_requestCreate a put_stored_query_request type
val make_retention_configuration :
retention_period_in_days:int ->
name:string ->
unit ->
retention_configurationCreate a retention_configuration type
val make_put_retention_configuration_response :
?retention_configuration:retention_configuration ->
unit ->
put_retention_configuration_responseCreate a put_retention_configuration_response type
val make_put_retention_configuration_request :
retention_period_in_days:int ->
unit ->
put_retention_configuration_requestCreate a put_retention_configuration_request type
val make_put_resource_config_request :
?tags:(string * string) list ->
?resource_name:string ->
configuration:string ->
resource_id:string ->
schema_version_id:string ->
resource_type:string ->
unit ->
put_resource_config_requestCreate a put_resource_config_request type
val make_remediation_exception :
?expiration_time:float ->
?message:string ->
resource_id:string ->
resource_type:string ->
config_rule_name:string ->
unit ->
remediation_exceptionCreate a remediation_exception type
val make_failed_remediation_exception_batch :
?failed_items:remediation_exception list ->
?failure_message:string ->
unit ->
failed_remediation_exception_batchCreate a failed_remediation_exception_batch type
val make_put_remediation_exceptions_response :
?failed_batches:failed_remediation_exception_batch list ->
unit ->
put_remediation_exceptions_responseCreate a put_remediation_exceptions_response type
val make_remediation_exception_resource_key :
?resource_id:string ->
?resource_type:string ->
unit ->
remediation_exception_resource_keyCreate a remediation_exception_resource_key type
val make_put_remediation_exceptions_request :
?expiration_time:float ->
?message:string ->
resource_keys:remediation_exception_resource_key list ->
config_rule_name:string ->
unit ->
put_remediation_exceptions_requestCreate a put_remediation_exceptions_request type
val make_resource_value : value:resource_value_type -> unit -> resource_valueCreate a resource_value type
val make_remediation_parameter_value :
?static_value:static_value ->
?resource_value:resource_value ->
unit ->
remediation_parameter_valueCreate a remediation_parameter_value type
val make_ssm_controls :
?error_percentage:int ->
?concurrent_execution_rate_percentage:int ->
unit ->
ssm_controlsCreate a ssm_controls type
val make_execution_controls :
?ssm_controls:ssm_controls ->
unit ->
execution_controlsCreate a execution_controls type
val make_remediation_configuration :
?created_by_service:string ->
?arn:string ->
?retry_attempt_seconds:int ->
?maximum_automatic_attempts:int ->
?execution_controls:execution_controls ->
?automatic:bool ->
?resource_type:string ->
?parameters:(string * remediation_parameter_value) list ->
?target_version:string ->
target_id:string ->
target_type:remediation_target_type ->
config_rule_name:string ->
unit ->
remediation_configurationCreate a remediation_configuration type
val make_failed_remediation_batch :
?failed_items:remediation_configuration list ->
?failure_message:string ->
unit ->
failed_remediation_batchCreate a failed_remediation_batch type
val make_put_remediation_configurations_response :
?failed_batches:failed_remediation_batch list ->
unit ->
put_remediation_configurations_responseCreate a put_remediation_configurations_response type
val make_put_remediation_configurations_request :
remediation_configurations:remediation_configuration list ->
unit ->
put_remediation_configurations_requestCreate a put_remediation_configurations_request type
val make_put_organization_conformance_pack_response :
?organization_conformance_pack_arn:string ->
unit ->
put_organization_conformance_pack_responseCreate a put_organization_conformance_pack_response type
val make_conformance_pack_input_parameter :
parameter_value:string ->
parameter_name:string ->
unit ->
conformance_pack_input_parameterCreate a conformance_pack_input_parameter type
val make_put_organization_conformance_pack_request :
?excluded_accounts:string list ->
?conformance_pack_input_parameters:conformance_pack_input_parameter list ->
?delivery_s3_key_prefix:string ->
?delivery_s3_bucket:string ->
?template_body:string ->
?template_s3_uri:string ->
organization_conformance_pack_name:string ->
unit ->
put_organization_conformance_pack_requestCreate a put_organization_conformance_pack_request type
val make_put_organization_config_rule_response :
?organization_config_rule_arn:string ->
unit ->
put_organization_config_rule_responseCreate a put_organization_config_rule_response type
val make_organization_managed_rule_metadata :
?tag_value_scope:string ->
?tag_key_scope:string ->
?resource_id_scope:string ->
?resource_types_scope:string list ->
?maximum_execution_frequency:maximum_execution_frequency ->
?input_parameters:string ->
?description:string ->
rule_identifier:string ->
unit ->
organization_managed_rule_metadataCreate a organization_managed_rule_metadata type
val make_organization_custom_rule_metadata :
?tag_value_scope:string ->
?tag_key_scope:string ->
?resource_id_scope:string ->
?resource_types_scope:string list ->
?maximum_execution_frequency:maximum_execution_frequency ->
?input_parameters:string ->
?description:string ->
organization_config_rule_trigger_types:
organization_config_rule_trigger_type list ->
lambda_function_arn:string ->
unit ->
organization_custom_rule_metadataCreate a organization_custom_rule_metadata type
val make_organization_custom_policy_rule_metadata :
?debug_log_delivery_accounts:string list ->
?tag_value_scope:string ->
?tag_key_scope:string ->
?resource_id_scope:string ->
?resource_types_scope:string list ->
?maximum_execution_frequency:maximum_execution_frequency ->
?input_parameters:string ->
?organization_config_rule_trigger_types:
organization_config_rule_trigger_type_no_s_n list ->
?description:string ->
policy_text:string ->
policy_runtime:string ->
unit ->
organization_custom_policy_rule_metadataCreate a organization_custom_policy_rule_metadata type
val make_put_organization_config_rule_request :
?organization_custom_policy_rule_metadata:
organization_custom_policy_rule_metadata ->
?excluded_accounts:string list ->
?organization_custom_rule_metadata:organization_custom_rule_metadata ->
?organization_managed_rule_metadata:organization_managed_rule_metadata ->
organization_config_rule_name:string ->
unit ->
put_organization_config_rule_requestCreate a put_organization_config_rule_request type
val make_put_external_evaluation_response :
unit ->
put_external_evaluation_responseCreate a put_external_evaluation_response type
val make_external_evaluation :
?annotation:string ->
ordering_timestamp:float ->
compliance_type:compliance_type ->
compliance_resource_id:string ->
compliance_resource_type:string ->
unit ->
external_evaluationCreate a external_evaluation type
val make_put_external_evaluation_request :
external_evaluation:external_evaluation ->
config_rule_name:string ->
unit ->
put_external_evaluation_requestCreate a put_external_evaluation_request type
val make_evaluation :
?annotation:string ->
ordering_timestamp:float ->
compliance_type:compliance_type ->
compliance_resource_id:string ->
compliance_resource_type:string ->
unit ->
evaluationCreate a evaluation type
val make_put_evaluations_response :
?failed_evaluations:evaluation list ->
unit ->
put_evaluations_responseCreate a put_evaluations_response type
val make_put_evaluations_request :
?test_mode:bool ->
?evaluations:evaluation list ->
result_token:string ->
unit ->
put_evaluations_requestCreate a put_evaluations_request type
val make_config_snapshot_delivery_properties :
?delivery_frequency:maximum_execution_frequency ->
unit ->
config_snapshot_delivery_propertiesCreate a config_snapshot_delivery_properties type
val make_delivery_channel :
?config_snapshot_delivery_properties:config_snapshot_delivery_properties ->
?sns_topic_ar_n:string ->
?s3_kms_key_arn:string ->
?s3_key_prefix:string ->
?s3_bucket_name:string ->
?name:string ->
unit ->
delivery_channelCreate a delivery_channel type
val make_put_delivery_channel_request :
delivery_channel:delivery_channel ->
unit ->
put_delivery_channel_requestCreate a put_delivery_channel_request type
val make_put_conformance_pack_response :
?conformance_pack_arn:string ->
unit ->
put_conformance_pack_responseCreate a put_conformance_pack_response type
val make_put_conformance_pack_request :
?template_ssm_document_details:template_ssm_document_details ->
?conformance_pack_input_parameters:conformance_pack_input_parameter list ->
?delivery_s3_key_prefix:string ->
?delivery_s3_bucket:string ->
?template_body:string ->
?template_s3_uri:string ->
conformance_pack_name:string ->
unit ->
put_conformance_pack_requestCreate a put_conformance_pack_request type
val make_exclusion_by_resource_types :
?resource_types:resource_type list ->
unit ->
exclusion_by_resource_typesCreate a exclusion_by_resource_types type
val make_recording_strategy :
?use_only:recording_strategy_type ->
unit ->
recording_strategyCreate a recording_strategy type
val make_recording_group :
?recording_strategy:recording_strategy ->
?exclusion_by_resource_types:exclusion_by_resource_types ->
?resource_types:resource_type list ->
?include_global_resource_types:bool ->
?all_supported:bool ->
unit ->
recording_groupCreate a recording_group type
val make_recording_mode_override :
?description:string ->
recording_frequency:recording_frequency ->
resource_types:resource_type list ->
unit ->
recording_mode_overrideCreate a recording_mode_override type
val make_recording_mode :
?recording_mode_overrides:recording_mode_override list ->
recording_frequency:recording_frequency ->
unit ->
recording_modeCreate a recording_mode type
val make_configuration_recorder :
?recording_mode:recording_mode ->
?recording_group:recording_group ->
?role_ar_n:string ->
?name:string ->
unit ->
configuration_recorderCreate a configuration_recorder type
val make_put_configuration_recorder_request :
configuration_recorder:configuration_recorder ->
unit ->
put_configuration_recorder_requestCreate a put_configuration_recorder_request type
val make_account_aggregation_source :
?aws_regions:string list ->
?all_aws_regions:bool ->
account_ids:string list ->
unit ->
account_aggregation_sourceCreate a account_aggregation_source type
val make_organization_aggregation_source :
?all_aws_regions:bool ->
?aws_regions:string list ->
role_arn:string ->
unit ->
organization_aggregation_sourceCreate a organization_aggregation_source type
val make_configuration_aggregator :
?created_by:string ->
?last_updated_time:float ->
?creation_time:float ->
?organization_aggregation_source:organization_aggregation_source ->
?account_aggregation_sources:account_aggregation_source list ->
?configuration_aggregator_arn:string ->
?configuration_aggregator_name:string ->
unit ->
configuration_aggregatorCreate a configuration_aggregator type
val make_put_configuration_aggregator_response :
?configuration_aggregator:configuration_aggregator ->
unit ->
put_configuration_aggregator_responseCreate a put_configuration_aggregator_response type
val make_put_configuration_aggregator_request :
?tags:tag list ->
?organization_aggregation_source:organization_aggregation_source ->
?account_aggregation_sources:account_aggregation_source list ->
configuration_aggregator_name:string ->
unit ->
put_configuration_aggregator_requestCreate a put_configuration_aggregator_request type
val make_scope :
?compliance_resource_id:string ->
?tag_value:string ->
?tag_key:string ->
?compliance_resource_types:string list ->
unit ->
scopeCreate a scope type
val make_source_detail :
?maximum_execution_frequency:maximum_execution_frequency ->
?message_type:message_type ->
?event_source:event_source ->
unit ->
source_detailCreate a source_detail type
val make_custom_policy_details :
?enable_debug_log_delivery:bool ->
policy_text:string ->
policy_runtime:string ->
unit ->
custom_policy_detailsCreate a custom_policy_details type
val make_source :
?custom_policy_details:custom_policy_details ->
?source_details:source_detail list ->
?source_identifier:string ->
owner:owner ->
unit ->
sourceCreate a source type
val make_evaluation_mode_configuration :
?mode:evaluation_mode ->
unit ->
evaluation_mode_configurationCreate a evaluation_mode_configuration type
val make_config_rule :
?evaluation_modes:evaluation_mode_configuration list ->
?created_by:string ->
?config_rule_state:config_rule_state ->
?maximum_execution_frequency:maximum_execution_frequency ->
?input_parameters:string ->
?scope:scope ->
?description:string ->
?config_rule_id:string ->
?config_rule_arn:string ->
?config_rule_name:string ->
source:source ->
unit ->
config_ruleCreate a config_rule type
val make_put_config_rule_request :
?tags:tag list ->
config_rule:config_rule ->
unit ->
put_config_rule_requestCreate a put_config_rule_request type
val make_aggregation_authorization :
?creation_time:float ->
?authorized_aws_region:string ->
?authorized_account_id:string ->
?aggregation_authorization_arn:string ->
unit ->
aggregation_authorizationCreate a aggregation_authorization type
val make_put_aggregation_authorization_response :
?aggregation_authorization:aggregation_authorization ->
unit ->
put_aggregation_authorization_responseCreate a put_aggregation_authorization_response type
val make_put_aggregation_authorization_request :
?tags:tag list ->
authorized_aws_region:string ->
authorized_account_id:string ->
unit ->
put_aggregation_authorization_requestCreate a put_aggregation_authorization_request type
val make_list_tags_for_resource_response :
?next_token:string ->
?tags:tag list ->
unit ->
list_tags_for_resource_responseCreate a list_tags_for_resource_response type
val make_list_tags_for_resource_request :
?next_token:string ->
?limit:int ->
resource_arn:string ->
unit ->
list_tags_for_resource_requestCreate a list_tags_for_resource_request type
val make_list_stored_queries_response :
?next_token:string ->
?stored_query_metadata:stored_query_metadata list ->
unit ->
list_stored_queries_responseCreate a list_stored_queries_response type
val make_list_stored_queries_request :
?max_results:int ->
?next_token:string ->
unit ->
list_stored_queries_requestCreate a list_stored_queries_request type
val make_resource_evaluation :
?evaluation_start_timestamp:float ->
?evaluation_mode:evaluation_mode ->
?resource_evaluation_id:string ->
unit ->
resource_evaluationCreate a resource_evaluation type
val make_list_resource_evaluations_response :
?next_token:string ->
?resource_evaluations:resource_evaluation list ->
unit ->
list_resource_evaluations_responseCreate a list_resource_evaluations_response type
val make_resource_evaluation_filters :
?evaluation_context_identifier:string ->
?time_window:time_window ->
?evaluation_mode:evaluation_mode ->
unit ->
resource_evaluation_filtersCreate a resource_evaluation_filters type
val make_list_resource_evaluations_request :
?next_token:string ->
?limit:int ->
?filters:resource_evaluation_filters ->
unit ->
list_resource_evaluations_requestCreate a list_resource_evaluations_request type
val make_resource_identifier :
?resource_deletion_time:float ->
?resource_name:string ->
?resource_id:string ->
?resource_type:resource_type ->
unit ->
resource_identifierCreate a resource_identifier type
val make_list_discovered_resources_response :
?next_token:string ->
?resource_identifiers:resource_identifier list ->
unit ->
list_discovered_resources_responseCreate a list_discovered_resources_response type
val make_list_discovered_resources_request :
?next_token:string ->
?include_deleted_resources:bool ->
?limit:int ->
?resource_name:string ->
?resource_ids:string list ->
resource_type:resource_type ->
unit ->
list_discovered_resources_requestCreate a list_discovered_resources_request type
val make_conformance_pack_compliance_score :
?last_updated_time:float ->
?conformance_pack_name:string ->
?score:string ->
unit ->
conformance_pack_compliance_scoreCreate a conformance_pack_compliance_score type
val make_list_conformance_pack_compliance_scores_response :
?next_token:string ->
conformance_pack_compliance_scores:conformance_pack_compliance_score list ->
unit ->
list_conformance_pack_compliance_scores_responseCreate a list_conformance_pack_compliance_scores_response type
val make_conformance_pack_compliance_scores_filters :
conformance_pack_names:string list ->
unit ->
conformance_pack_compliance_scores_filtersCreate a conformance_pack_compliance_scores_filters type
val make_list_conformance_pack_compliance_scores_request :
?next_token:string ->
?limit:int ->
?sort_by:sort_by ->
?sort_order:sort_order ->
?filters:conformance_pack_compliance_scores_filters ->
unit ->
list_conformance_pack_compliance_scores_requestCreate a list_conformance_pack_compliance_scores_request type
val make_list_aggregate_discovered_resources_response :
?next_token:string ->
?resource_identifiers:aggregate_resource_identifier list ->
unit ->
list_aggregate_discovered_resources_responseCreate a list_aggregate_discovered_resources_response type
val make_resource_filters :
?region:string ->
?resource_name:string ->
?resource_id:string ->
?account_id:string ->
unit ->
resource_filtersCreate a resource_filters type
val make_list_aggregate_discovered_resources_request :
?next_token:string ->
?limit:int ->
?filters:resource_filters ->
resource_type:resource_type ->
configuration_aggregator_name:string ->
unit ->
list_aggregate_discovered_resources_requestCreate a list_aggregate_discovered_resources_request type
val make_get_stored_query_response :
?stored_query:stored_query ->
unit ->
get_stored_query_responseCreate a get_stored_query_response type
val make_get_stored_query_request :
query_name:string ->
unit ->
get_stored_query_requestCreate a get_stored_query_request type
val make_evaluation_status :
?failure_reason:string ->
status:resource_evaluation_status ->
unit ->
evaluation_statusCreate a evaluation_status type
val make_get_resource_evaluation_summary_response :
?resource_details:resource_details ->
?evaluation_context:evaluation_context ->
?compliance:compliance_type ->
?evaluation_start_timestamp:float ->
?evaluation_status:evaluation_status ->
?evaluation_mode:evaluation_mode ->
?resource_evaluation_id:string ->
unit ->
get_resource_evaluation_summary_responseCreate a get_resource_evaluation_summary_response type
val make_get_resource_evaluation_summary_request :
resource_evaluation_id:string ->
unit ->
get_resource_evaluation_summary_requestCreate a get_resource_evaluation_summary_request type
val make_relationship :
?relationship_name:string ->
?resource_name:string ->
?resource_id:string ->
?resource_type:resource_type ->
unit ->
relationshipCreate a relationship type
val make_configuration_item :
?configuration_item_delivery_time:float ->
?recording_frequency:recording_frequency ->
?supplementary_configuration:(string * string) list ->
?configuration:string ->
?relationships:relationship list ->
?related_events:string list ->
?tags:(string * string) list ->
?resource_creation_time:float ->
?availability_zone:string ->
?aws_region:string ->
?resource_name:string ->
?resource_id:string ->
?resource_type:resource_type ->
?arn:string ->
?configuration_item_md5_hash:string ->
?configuration_state_id:string ->
?configuration_item_status:configuration_item_status ->
?configuration_item_capture_time:float ->
?account_id:string ->
?version:string ->
unit ->
configuration_itemCreate a configuration_item type
val make_get_resource_config_history_response :
?next_token:string ->
?configuration_items:configuration_item list ->
unit ->
get_resource_config_history_responseCreate a get_resource_config_history_response type
val make_get_resource_config_history_request :
?next_token:string ->
?limit:int ->
?chronological_order:chronological_order ->
?earlier_time:float ->
?later_time:float ->
resource_id:string ->
resource_type:resource_type ->
unit ->
get_resource_config_history_requestCreate a get_resource_config_history_request type
val make_get_organization_custom_rule_policy_response :
?policy_text:string ->
unit ->
get_organization_custom_rule_policy_responseCreate a get_organization_custom_rule_policy_response type
val make_get_organization_custom_rule_policy_request :
organization_config_rule_name:string ->
unit ->
get_organization_custom_rule_policy_requestCreate a get_organization_custom_rule_policy_request type
val make_organization_conformance_pack_detailed_status :
?last_update_time:float ->
?error_message:string ->
?error_code:string ->
status:organization_resource_detailed_status ->
conformance_pack_name:string ->
account_id:string ->
unit ->
organization_conformance_pack_detailed_statusCreate a organization_conformance_pack_detailed_status type
val make_get_organization_conformance_pack_detailed_status_response :
?next_token:string ->
?organization_conformance_pack_detailed_statuses:
organization_conformance_pack_detailed_status list ->
unit ->
get_organization_conformance_pack_detailed_status_responseval make_organization_resource_detailed_status_filters :
?status:organization_resource_detailed_status ->
?account_id:string ->
unit ->
organization_resource_detailed_status_filtersCreate a organization_resource_detailed_status_filters type
val make_get_organization_conformance_pack_detailed_status_request :
?next_token:string ->
?limit:int ->
?filters:organization_resource_detailed_status_filters ->
organization_conformance_pack_name:string ->
unit ->
get_organization_conformance_pack_detailed_status_requestval make_member_account_status :
?last_update_time:float ->
?error_message:string ->
?error_code:string ->
member_account_rule_status:member_account_rule_status ->
config_rule_name:string ->
account_id:string ->
unit ->
member_account_statusCreate a member_account_status type
val make_get_organization_config_rule_detailed_status_response :
?next_token:string ->
?organization_config_rule_detailed_status:member_account_status list ->
unit ->
get_organization_config_rule_detailed_status_responseCreate a get_organization_config_rule_detailed_status_response type
val make_get_organization_config_rule_detailed_status_request :
?next_token:string ->
?limit:int ->
?filters:status_detail_filters ->
organization_config_rule_name:string ->
unit ->
get_organization_config_rule_detailed_status_requestCreate a get_organization_config_rule_detailed_status_request type
val make_resource_count :
?count:int ->
?resource_type:resource_type ->
unit ->
resource_countCreate a resource_count type
val make_get_discovered_resource_counts_response :
?next_token:string ->
?resource_counts:resource_count list ->
?total_discovered_resources:int ->
unit ->
get_discovered_resource_counts_responseCreate a get_discovered_resource_counts_response type
val make_get_discovered_resource_counts_request :
?next_token:string ->
?limit:int ->
?resource_types:string list ->
unit ->
get_discovered_resource_counts_requestCreate a get_discovered_resource_counts_request type
val make_get_custom_rule_policy_response :
?policy_text:string ->
unit ->
get_custom_rule_policy_responseCreate a get_custom_rule_policy_response type
val make_get_custom_rule_policy_request :
?config_rule_name:string ->
unit ->
get_custom_rule_policy_requestCreate a get_custom_rule_policy_request type
val make_conformance_pack_compliance_summary :
conformance_pack_compliance_status:conformance_pack_compliance_type ->
conformance_pack_name:string ->
unit ->
conformance_pack_compliance_summaryCreate a conformance_pack_compliance_summary type
val make_get_conformance_pack_compliance_summary_response :
?next_token:string ->
?conformance_pack_compliance_summary_list:
conformance_pack_compliance_summary list ->
unit ->
get_conformance_pack_compliance_summary_responseCreate a get_conformance_pack_compliance_summary_response type
val make_get_conformance_pack_compliance_summary_request :
?next_token:string ->
?limit:int ->
conformance_pack_names:string list ->
unit ->
get_conformance_pack_compliance_summary_requestCreate a get_conformance_pack_compliance_summary_request type
val make_evaluation_result_qualifier :
?evaluation_mode:evaluation_mode ->
?resource_id:string ->
?resource_type:string ->
?config_rule_name:string ->
unit ->
evaluation_result_qualifierCreate a evaluation_result_qualifier type
val make_evaluation_result_identifier :
?resource_evaluation_id:string ->
?ordering_timestamp:float ->
?evaluation_result_qualifier:evaluation_result_qualifier ->
unit ->
evaluation_result_identifierCreate a evaluation_result_identifier type
val make_get_conformance_pack_compliance_details_response :
?next_token:string ->
?conformance_pack_rule_evaluation_results:
conformance_pack_evaluation_result list ->
conformance_pack_name:string ->
unit ->
get_conformance_pack_compliance_details_responseCreate a get_conformance_pack_compliance_details_response type
val make_conformance_pack_evaluation_filters :
?resource_ids:string list ->
?resource_type:string ->
?compliance_type:conformance_pack_compliance_type ->
?config_rule_names:string list ->
unit ->
conformance_pack_evaluation_filtersCreate a conformance_pack_evaluation_filters type
val make_get_conformance_pack_compliance_details_request :
?next_token:string ->
?limit:int ->
?filters:conformance_pack_evaluation_filters ->
conformance_pack_name:string ->
unit ->
get_conformance_pack_compliance_details_requestCreate a get_conformance_pack_compliance_details_request type
val make_compliance_contributor_count :
?cap_exceeded:bool ->
?capped_count:int ->
unit ->
compliance_contributor_countCreate a compliance_contributor_count type
val make_compliance_summary :
?compliance_summary_timestamp:float ->
?non_compliant_resource_count:compliance_contributor_count ->
?compliant_resource_count:compliance_contributor_count ->
unit ->
compliance_summaryCreate a compliance_summary type
val make_compliance_summary_by_resource_type :
?compliance_summary:compliance_summary ->
?resource_type:string ->
unit ->
compliance_summary_by_resource_typeCreate a compliance_summary_by_resource_type type
val make_get_compliance_summary_by_resource_type_response :
?compliance_summaries_by_resource_type:
compliance_summary_by_resource_type list ->
unit ->
get_compliance_summary_by_resource_type_responseCreate a get_compliance_summary_by_resource_type_response type
val make_get_compliance_summary_by_resource_type_request :
?resource_types:string list ->
unit ->
get_compliance_summary_by_resource_type_requestCreate a get_compliance_summary_by_resource_type_request type
val make_get_compliance_summary_by_config_rule_response :
?compliance_summary:compliance_summary ->
unit ->
get_compliance_summary_by_config_rule_responseCreate a get_compliance_summary_by_config_rule_response type
val make_get_compliance_details_by_resource_response :
?next_token:string ->
?evaluation_results:evaluation_result list ->
unit ->
get_compliance_details_by_resource_responseCreate a get_compliance_details_by_resource_response type
val make_get_compliance_details_by_resource_request :
?resource_evaluation_id:string ->
?next_token:string ->
?compliance_types:compliance_type list ->
?resource_id:string ->
?resource_type:string ->
unit ->
get_compliance_details_by_resource_requestCreate a get_compliance_details_by_resource_request type
val make_get_compliance_details_by_config_rule_response :
?next_token:string ->
?evaluation_results:evaluation_result list ->
unit ->
get_compliance_details_by_config_rule_responseCreate a get_compliance_details_by_config_rule_response type
val make_get_compliance_details_by_config_rule_request :
?next_token:string ->
?limit:int ->
?compliance_types:compliance_type list ->
config_rule_name:string ->
unit ->
get_compliance_details_by_config_rule_requestCreate a get_compliance_details_by_config_rule_request type
val make_get_aggregate_resource_config_response :
?configuration_item:configuration_item ->
unit ->
get_aggregate_resource_config_responseCreate a get_aggregate_resource_config_response type
val make_get_aggregate_resource_config_request :
resource_identifier:aggregate_resource_identifier ->
configuration_aggregator_name:string ->
unit ->
get_aggregate_resource_config_requestCreate a get_aggregate_resource_config_request type
val make_grouped_resource_count :
resource_count:int ->
group_name:string ->
unit ->
grouped_resource_countCreate a grouped_resource_count type
val make_get_aggregate_discovered_resource_counts_response :
?next_token:string ->
?grouped_resource_counts:grouped_resource_count list ->
?group_by_key:string ->
total_discovered_resources:int ->
unit ->
get_aggregate_discovered_resource_counts_responseCreate a get_aggregate_discovered_resource_counts_response type
val make_resource_count_filters :
?region:string ->
?account_id:string ->
?resource_type:resource_type ->
unit ->
resource_count_filtersCreate a resource_count_filters type
val make_get_aggregate_discovered_resource_counts_request :
?next_token:string ->
?limit:int ->
?group_by_key:resource_count_group_key ->
?filters:resource_count_filters ->
configuration_aggregator_name:string ->
unit ->
get_aggregate_discovered_resource_counts_requestCreate a get_aggregate_discovered_resource_counts_request type
val make_aggregate_conformance_pack_compliance_count :
?non_compliant_conformance_pack_count:int ->
?compliant_conformance_pack_count:int ->
unit ->
aggregate_conformance_pack_compliance_countCreate a aggregate_conformance_pack_compliance_count type
val make_aggregate_conformance_pack_compliance_summary :
?group_name:string ->
?compliance_summary:aggregate_conformance_pack_compliance_count ->
unit ->
aggregate_conformance_pack_compliance_summaryCreate a aggregate_conformance_pack_compliance_summary type
val make_get_aggregate_conformance_pack_compliance_summary_response :
?next_token:string ->
?group_by_key:string ->
?aggregate_conformance_pack_compliance_summaries:
aggregate_conformance_pack_compliance_summary list ->
unit ->
get_aggregate_conformance_pack_compliance_summary_responseval make_aggregate_conformance_pack_compliance_summary_filters :
?aws_region:string ->
?account_id:string ->
unit ->
aggregate_conformance_pack_compliance_summary_filtersCreate a aggregate_conformance_pack_compliance_summary_filters type
val make_get_aggregate_conformance_pack_compliance_summary_request :
?next_token:string ->
?limit:int ->
?group_by_key:aggregate_conformance_pack_compliance_summary_group_key ->
?filters:aggregate_conformance_pack_compliance_summary_filters ->
configuration_aggregator_name:string ->
unit ->
get_aggregate_conformance_pack_compliance_summary_requestval make_aggregate_compliance_count :
?compliance_summary:compliance_summary ->
?group_name:string ->
unit ->
aggregate_compliance_countCreate a aggregate_compliance_count type
val make_get_aggregate_config_rule_compliance_summary_response :
?next_token:string ->
?aggregate_compliance_counts:aggregate_compliance_count list ->
?group_by_key:string ->
unit ->
get_aggregate_config_rule_compliance_summary_responseCreate a get_aggregate_config_rule_compliance_summary_response type
val make_config_rule_compliance_summary_filters :
?aws_region:string ->
?account_id:string ->
unit ->
config_rule_compliance_summary_filtersCreate a config_rule_compliance_summary_filters type
val make_get_aggregate_config_rule_compliance_summary_request :
?next_token:string ->
?limit:int ->
?group_by_key:config_rule_compliance_summary_group_key ->
?filters:config_rule_compliance_summary_filters ->
configuration_aggregator_name:string ->
unit ->
get_aggregate_config_rule_compliance_summary_requestCreate a get_aggregate_config_rule_compliance_summary_request type
val make_get_aggregate_compliance_details_by_config_rule_response :
?next_token:string ->
?aggregate_evaluation_results:aggregate_evaluation_result list ->
unit ->
get_aggregate_compliance_details_by_config_rule_responseCreate a get_aggregate_compliance_details_by_config_rule_response type
val make_get_aggregate_compliance_details_by_config_rule_request :
?next_token:string ->
?limit:int ->
?compliance_type:compliance_type ->
aws_region:string ->
account_id:string ->
config_rule_name:string ->
configuration_aggregator_name:string ->
unit ->
get_aggregate_compliance_details_by_config_rule_requestCreate a get_aggregate_compliance_details_by_config_rule_request type
val make_describe_retention_configurations_response :
?next_token:string ->
?retention_configurations:retention_configuration list ->
unit ->
describe_retention_configurations_responseCreate a describe_retention_configurations_response type
val make_describe_retention_configurations_request :
?next_token:string ->
?retention_configuration_names:string list ->
unit ->
describe_retention_configurations_requestCreate a describe_retention_configurations_request type
val make_remediation_execution_step :
?stop_time:float ->
?start_time:float ->
?error_message:string ->
?state:remediation_execution_step_state ->
?name:string ->
unit ->
remediation_execution_stepCreate a remediation_execution_step type
val make_remediation_execution_status :
?last_updated_time:float ->
?invocation_time:float ->
?step_details:remediation_execution_step list ->
?state:remediation_execution_state ->
?resource_key:resource_key ->
unit ->
remediation_execution_statusCreate a remediation_execution_status type
val make_describe_remediation_execution_status_response :
?next_token:string ->
?remediation_execution_statuses:remediation_execution_status list ->
unit ->
describe_remediation_execution_status_responseCreate a describe_remediation_execution_status_response type
val make_describe_remediation_execution_status_request :
?next_token:string ->
?limit:int ->
?resource_keys:resource_key list ->
config_rule_name:string ->
unit ->
describe_remediation_execution_status_requestCreate a describe_remediation_execution_status_request type
val make_describe_remediation_exceptions_response :
?next_token:string ->
?remediation_exceptions:remediation_exception list ->
unit ->
describe_remediation_exceptions_responseCreate a describe_remediation_exceptions_response type
val make_describe_remediation_exceptions_request :
?next_token:string ->
?limit:int ->
?resource_keys:remediation_exception_resource_key list ->
config_rule_name:string ->
unit ->
describe_remediation_exceptions_requestCreate a describe_remediation_exceptions_request type
val make_describe_remediation_configurations_response :
?remediation_configurations:remediation_configuration list ->
unit ->
describe_remediation_configurations_responseCreate a describe_remediation_configurations_response type
val make_describe_remediation_configurations_request :
config_rule_names:string list ->
unit ->
describe_remediation_configurations_requestCreate a describe_remediation_configurations_request type
val make_pending_aggregation_request :
?requester_aws_region:string ->
?requester_account_id:string ->
unit ->
pending_aggregation_requestCreate a pending_aggregation_request type
val make_describe_pending_aggregation_requests_response :
?next_token:string ->
?pending_aggregation_requests:pending_aggregation_request list ->
unit ->
describe_pending_aggregation_requests_responseCreate a describe_pending_aggregation_requests_response type
val make_describe_pending_aggregation_requests_request :
?next_token:string ->
?limit:int ->
unit ->
describe_pending_aggregation_requests_requestCreate a describe_pending_aggregation_requests_request type
val make_organization_conformance_pack_status :
?last_update_time:float ->
?error_message:string ->
?error_code:string ->
status:organization_resource_status ->
organization_conformance_pack_name:string ->
unit ->
organization_conformance_pack_statusCreate a organization_conformance_pack_status type
val make_describe_organization_conformance_pack_statuses_response :
?next_token:string ->
?organization_conformance_pack_statuses:
organization_conformance_pack_status list ->
unit ->
describe_organization_conformance_pack_statuses_responseCreate a describe_organization_conformance_pack_statuses_response type
val make_describe_organization_conformance_pack_statuses_request :
?next_token:string ->
?limit:int ->
?organization_conformance_pack_names:string list ->
unit ->
describe_organization_conformance_pack_statuses_requestCreate a describe_organization_conformance_pack_statuses_request type
val make_organization_conformance_pack :
?excluded_accounts:string list ->
?conformance_pack_input_parameters:conformance_pack_input_parameter list ->
?delivery_s3_key_prefix:string ->
?delivery_s3_bucket:string ->
last_update_time:float ->
organization_conformance_pack_arn:string ->
organization_conformance_pack_name:string ->
unit ->
organization_conformance_packCreate a organization_conformance_pack type
val make_describe_organization_conformance_packs_response :
?next_token:string ->
?organization_conformance_packs:organization_conformance_pack list ->
unit ->
describe_organization_conformance_packs_responseCreate a describe_organization_conformance_packs_response type
val make_describe_organization_conformance_packs_request :
?next_token:string ->
?limit:int ->
?organization_conformance_pack_names:string list ->
unit ->
describe_organization_conformance_packs_requestCreate a describe_organization_conformance_packs_request type
val make_organization_config_rule_status :
?last_update_time:float ->
?error_message:string ->
?error_code:string ->
organization_rule_status:organization_rule_status ->
organization_config_rule_name:string ->
unit ->
organization_config_rule_statusCreate a organization_config_rule_status type
val make_describe_organization_config_rule_statuses_response :
?next_token:string ->
?organization_config_rule_statuses:organization_config_rule_status list ->
unit ->
describe_organization_config_rule_statuses_responseCreate a describe_organization_config_rule_statuses_response type
val make_describe_organization_config_rule_statuses_request :
?next_token:string ->
?limit:int ->
?organization_config_rule_names:string list ->
unit ->
describe_organization_config_rule_statuses_requestCreate a describe_organization_config_rule_statuses_request type
val make_organization_custom_policy_rule_metadata_no_policy :
?debug_log_delivery_accounts:string list ->
?policy_runtime:string ->
?tag_value_scope:string ->
?tag_key_scope:string ->
?resource_id_scope:string ->
?resource_types_scope:string list ->
?maximum_execution_frequency:maximum_execution_frequency ->
?input_parameters:string ->
?organization_config_rule_trigger_types:
organization_config_rule_trigger_type_no_s_n list ->
?description:string ->
unit ->
organization_custom_policy_rule_metadata_no_policyCreate a organization_custom_policy_rule_metadata_no_policy type
val make_organization_config_rule :
?organization_custom_policy_rule_metadata:
organization_custom_policy_rule_metadata_no_policy ->
?last_update_time:float ->
?excluded_accounts:string list ->
?organization_custom_rule_metadata:organization_custom_rule_metadata ->
?organization_managed_rule_metadata:organization_managed_rule_metadata ->
organization_config_rule_arn:string ->
organization_config_rule_name:string ->
unit ->
organization_config_ruleCreate a organization_config_rule type
val make_describe_organization_config_rules_response :
?next_token:string ->
?organization_config_rules:organization_config_rule list ->
unit ->
describe_organization_config_rules_responseCreate a describe_organization_config_rules_response type
val make_describe_organization_config_rules_request :
?next_token:string ->
?limit:int ->
?organization_config_rule_names:string list ->
unit ->
describe_organization_config_rules_requestCreate a describe_organization_config_rules_request type
val make_config_export_delivery_info :
?next_delivery_time:float ->
?last_successful_time:float ->
?last_attempt_time:float ->
?last_error_message:string ->
?last_error_code:string ->
?last_status:delivery_status ->
unit ->
config_export_delivery_infoCreate a config_export_delivery_info type
val make_config_stream_delivery_info :
?last_status_change_time:float ->
?last_error_message:string ->
?last_error_code:string ->
?last_status:delivery_status ->
unit ->
config_stream_delivery_infoCreate a config_stream_delivery_info type
val make_delivery_channel_status :
?config_stream_delivery_info:config_stream_delivery_info ->
?config_history_delivery_info:config_export_delivery_info ->
?config_snapshot_delivery_info:config_export_delivery_info ->
?name:string ->
unit ->
delivery_channel_statusCreate a delivery_channel_status type
val make_describe_delivery_channel_status_response :
?delivery_channels_status:delivery_channel_status list ->
unit ->
describe_delivery_channel_status_responseCreate a describe_delivery_channel_status_response type
val make_describe_delivery_channel_status_request :
?delivery_channel_names:string list ->
unit ->
describe_delivery_channel_status_requestCreate a describe_delivery_channel_status_request type
val make_describe_delivery_channels_response :
?delivery_channels:delivery_channel list ->
unit ->
describe_delivery_channels_responseCreate a describe_delivery_channels_response type
val make_describe_delivery_channels_request :
?delivery_channel_names:string list ->
unit ->
describe_delivery_channels_requestCreate a describe_delivery_channels_request type
val make_conformance_pack_status_detail :
?last_update_completed_time:float ->
?conformance_pack_status_reason:string ->
last_update_requested_time:float ->
stack_arn:string ->
conformance_pack_state:conformance_pack_state ->
conformance_pack_arn:string ->
conformance_pack_id:string ->
conformance_pack_name:string ->
unit ->
conformance_pack_status_detailCreate a conformance_pack_status_detail type
val make_describe_conformance_pack_status_response :
?next_token:string ->
?conformance_pack_status_details:conformance_pack_status_detail list ->
unit ->
describe_conformance_pack_status_responseCreate a describe_conformance_pack_status_response type
val make_describe_conformance_pack_status_request :
?next_token:string ->
?limit:int ->
?conformance_pack_names:string list ->
unit ->
describe_conformance_pack_status_requestCreate a describe_conformance_pack_status_request type
val make_conformance_pack_detail :
?template_ssm_document_details:template_ssm_document_details ->
?created_by:string ->
?last_update_requested_time:float ->
?conformance_pack_input_parameters:conformance_pack_input_parameter list ->
?delivery_s3_key_prefix:string ->
?delivery_s3_bucket:string ->
conformance_pack_id:string ->
conformance_pack_arn:string ->
conformance_pack_name:string ->
unit ->
conformance_pack_detailCreate a conformance_pack_detail type
val make_describe_conformance_packs_response :
?next_token:string ->
?conformance_pack_details:conformance_pack_detail list ->
unit ->
describe_conformance_packs_responseCreate a describe_conformance_packs_response type
val make_describe_conformance_packs_request :
?next_token:string ->
?limit:int ->
?conformance_pack_names:string list ->
unit ->
describe_conformance_packs_requestCreate a describe_conformance_packs_request type
val make_conformance_pack_rule_compliance :
?controls:string list ->
?compliance_type:conformance_pack_compliance_type ->
?config_rule_name:string ->
unit ->
conformance_pack_rule_complianceCreate a conformance_pack_rule_compliance type
val make_describe_conformance_pack_compliance_response :
?next_token:string ->
conformance_pack_rule_compliance_list:conformance_pack_rule_compliance list ->
conformance_pack_name:string ->
unit ->
describe_conformance_pack_compliance_responseCreate a describe_conformance_pack_compliance_response type
val make_conformance_pack_compliance_filters :
?compliance_type:conformance_pack_compliance_type ->
?config_rule_names:string list ->
unit ->
conformance_pack_compliance_filtersCreate a conformance_pack_compliance_filters type
val make_describe_conformance_pack_compliance_request :
?next_token:string ->
?limit:int ->
?filters:conformance_pack_compliance_filters ->
conformance_pack_name:string ->
unit ->
describe_conformance_pack_compliance_requestCreate a describe_conformance_pack_compliance_request type
val make_configuration_recorder_status :
?last_status_change_time:float ->
?last_error_message:string ->
?last_error_code:string ->
?last_status:recorder_status ->
?recording:bool ->
?last_stop_time:float ->
?last_start_time:float ->
?name:string ->
unit ->
configuration_recorder_statusCreate a configuration_recorder_status type
val make_describe_configuration_recorder_status_response :
?configuration_recorders_status:configuration_recorder_status list ->
unit ->
describe_configuration_recorder_status_responseCreate a describe_configuration_recorder_status_response type
val make_describe_configuration_recorder_status_request :
?configuration_recorder_names:string list ->
unit ->
describe_configuration_recorder_status_requestCreate a describe_configuration_recorder_status_request type
val make_describe_configuration_recorders_response :
?configuration_recorders:configuration_recorder list ->
unit ->
describe_configuration_recorders_responseCreate a describe_configuration_recorders_response type
val make_describe_configuration_recorders_request :
?configuration_recorder_names:string list ->
unit ->
describe_configuration_recorders_requestCreate a describe_configuration_recorders_request type
val make_aggregated_source_status :
?last_error_message:string ->
?last_error_code:string ->
?last_update_time:float ->
?last_update_status:aggregated_source_status_type ->
?aws_region:string ->
?source_type:aggregated_source_type ->
?source_id:string ->
unit ->
aggregated_source_statusCreate a aggregated_source_status type
val make_describe_configuration_aggregator_sources_status_response :
?next_token:string ->
?aggregated_source_status_list:aggregated_source_status list ->
unit ->
describe_configuration_aggregator_sources_status_responseval make_describe_configuration_aggregator_sources_status_request :
?limit:int ->
?next_token:string ->
?update_status:aggregated_source_status_type list ->
configuration_aggregator_name:string ->
unit ->
describe_configuration_aggregator_sources_status_requestCreate a describe_configuration_aggregator_sources_status_request type
val make_describe_configuration_aggregators_response :
?next_token:string ->
?configuration_aggregators:configuration_aggregator list ->
unit ->
describe_configuration_aggregators_responseCreate a describe_configuration_aggregators_response type
val make_describe_configuration_aggregators_request :
?limit:int ->
?next_token:string ->
?configuration_aggregator_names:string list ->
unit ->
describe_configuration_aggregators_requestCreate a describe_configuration_aggregators_request type
val make_describe_config_rules_response :
?next_token:string ->
?config_rules:config_rule list ->
unit ->
describe_config_rules_responseCreate a describe_config_rules_response type
val make_describe_config_rules_filters :
?evaluation_mode:evaluation_mode ->
unit ->
describe_config_rules_filtersCreate a describe_config_rules_filters type
val make_describe_config_rules_request :
?filters:describe_config_rules_filters ->
?next_token:string ->
?config_rule_names:string list ->
unit ->
describe_config_rules_requestCreate a describe_config_rules_request type
val make_config_rule_evaluation_status :
?last_debug_log_delivery_time:float ->
?last_debug_log_delivery_status_reason:string ->
?last_debug_log_delivery_status:string ->
?first_evaluation_started:bool ->
?last_error_message:string ->
?last_error_code:string ->
?last_deactivated_time:float ->
?first_activated_time:float ->
?last_failed_evaluation_time:float ->
?last_successful_evaluation_time:float ->
?last_failed_invocation_time:float ->
?last_successful_invocation_time:float ->
?config_rule_id:string ->
?config_rule_arn:string ->
?config_rule_name:string ->
unit ->
config_rule_evaluation_statusCreate a config_rule_evaluation_status type
val make_describe_config_rule_evaluation_status_response :
?next_token:string ->
?config_rules_evaluation_status:config_rule_evaluation_status list ->
unit ->
describe_config_rule_evaluation_status_responseCreate a describe_config_rule_evaluation_status_response type
val make_describe_config_rule_evaluation_status_request :
?limit:int ->
?next_token:string ->
?config_rule_names:string list ->
unit ->
describe_config_rule_evaluation_status_requestCreate a describe_config_rule_evaluation_status_request type
val make_compliance :
?compliance_contributor_count:compliance_contributor_count ->
?compliance_type:compliance_type ->
unit ->
complianceCreate a compliance type
val make_compliance_by_resource :
?compliance:compliance ->
?resource_id:string ->
?resource_type:string ->
unit ->
compliance_by_resourceCreate a compliance_by_resource type
val make_describe_compliance_by_resource_response :
?next_token:string ->
?compliance_by_resources:compliance_by_resource list ->
unit ->
describe_compliance_by_resource_responseCreate a describe_compliance_by_resource_response type
val make_describe_compliance_by_resource_request :
?next_token:string ->
?limit:int ->
?compliance_types:compliance_type list ->
?resource_id:string ->
?resource_type:string ->
unit ->
describe_compliance_by_resource_requestCreate a describe_compliance_by_resource_request type
val make_compliance_by_config_rule :
?compliance:compliance ->
?config_rule_name:string ->
unit ->
compliance_by_config_ruleCreate a compliance_by_config_rule type
val make_describe_compliance_by_config_rule_response :
?next_token:string ->
?compliance_by_config_rules:compliance_by_config_rule list ->
unit ->
describe_compliance_by_config_rule_responseCreate a describe_compliance_by_config_rule_response type
val make_describe_compliance_by_config_rule_request :
?next_token:string ->
?compliance_types:compliance_type list ->
?config_rule_names:string list ->
unit ->
describe_compliance_by_config_rule_requestCreate a describe_compliance_by_config_rule_request type
val make_describe_aggregation_authorizations_response :
?next_token:string ->
?aggregation_authorizations:aggregation_authorization list ->
unit ->
describe_aggregation_authorizations_responseCreate a describe_aggregation_authorizations_response type
val make_describe_aggregation_authorizations_request :
?next_token:string ->
?limit:int ->
unit ->
describe_aggregation_authorizations_requestCreate a describe_aggregation_authorizations_request type
val make_aggregate_conformance_pack_compliance :
?total_rule_count:int ->
?non_compliant_rule_count:int ->
?compliant_rule_count:int ->
?compliance_type:conformance_pack_compliance_type ->
unit ->
aggregate_conformance_pack_complianceCreate a aggregate_conformance_pack_compliance type
val make_aggregate_compliance_by_conformance_pack :
?aws_region:string ->
?account_id:string ->
?compliance:aggregate_conformance_pack_compliance ->
?conformance_pack_name:string ->
unit ->
aggregate_compliance_by_conformance_packCreate a aggregate_compliance_by_conformance_pack type
val make_describe_aggregate_compliance_by_conformance_packs_response :
?next_token:string ->
?aggregate_compliance_by_conformance_packs:
aggregate_compliance_by_conformance_pack list ->
unit ->
describe_aggregate_compliance_by_conformance_packs_responseval make_aggregate_conformance_pack_compliance_filters :
?aws_region:string ->
?account_id:string ->
?compliance_type:conformance_pack_compliance_type ->
?conformance_pack_name:string ->
unit ->
aggregate_conformance_pack_compliance_filtersCreate a aggregate_conformance_pack_compliance_filters type
val make_describe_aggregate_compliance_by_conformance_packs_request :
?next_token:string ->
?limit:int ->
?filters:aggregate_conformance_pack_compliance_filters ->
configuration_aggregator_name:string ->
unit ->
describe_aggregate_compliance_by_conformance_packs_requestval make_aggregate_compliance_by_config_rule :
?aws_region:string ->
?account_id:string ->
?compliance:compliance ->
?config_rule_name:string ->
unit ->
aggregate_compliance_by_config_ruleCreate a aggregate_compliance_by_config_rule type
val make_describe_aggregate_compliance_by_config_rules_response :
?next_token:string ->
?aggregate_compliance_by_config_rules:
aggregate_compliance_by_config_rule list ->
unit ->
describe_aggregate_compliance_by_config_rules_responseCreate a describe_aggregate_compliance_by_config_rules_response type
val make_config_rule_compliance_filters :
?aws_region:string ->
?account_id:string ->
?compliance_type:compliance_type ->
?config_rule_name:string ->
unit ->
config_rule_compliance_filtersCreate a config_rule_compliance_filters type
val make_describe_aggregate_compliance_by_config_rules_request :
?next_token:string ->
?limit:int ->
?filters:config_rule_compliance_filters ->
configuration_aggregator_name:string ->
unit ->
describe_aggregate_compliance_by_config_rules_requestCreate a describe_aggregate_compliance_by_config_rules_request type
val make_deliver_config_snapshot_response :
?config_snapshot_id:string ->
unit ->
deliver_config_snapshot_responseCreate a deliver_config_snapshot_response type
val make_deliver_config_snapshot_request :
delivery_channel_name:string ->
unit ->
deliver_config_snapshot_requestCreate a deliver_config_snapshot_request type
val make_delete_stored_query_response : unit -> delete_stored_query_responseCreate a delete_stored_query_response type
val make_delete_stored_query_request :
query_name:string ->
unit ->
delete_stored_query_requestCreate a delete_stored_query_request type
val make_delete_retention_configuration_request :
retention_configuration_name:string ->
unit ->
delete_retention_configuration_requestCreate a delete_retention_configuration_request type
val make_delete_resource_config_request :
resource_id:string ->
resource_type:string ->
unit ->
delete_resource_config_requestCreate a delete_resource_config_request type
val make_failed_delete_remediation_exceptions_batch :
?failed_items:remediation_exception_resource_key list ->
?failure_message:string ->
unit ->
failed_delete_remediation_exceptions_batchCreate a failed_delete_remediation_exceptions_batch type
val make_delete_remediation_exceptions_response :
?failed_batches:failed_delete_remediation_exceptions_batch list ->
unit ->
delete_remediation_exceptions_responseCreate a delete_remediation_exceptions_response type
val make_delete_remediation_exceptions_request :
resource_keys:remediation_exception_resource_key list ->
config_rule_name:string ->
unit ->
delete_remediation_exceptions_requestCreate a delete_remediation_exceptions_request type
val make_delete_remediation_configuration_response :
unit ->
delete_remediation_configuration_responseCreate a delete_remediation_configuration_response type
val make_delete_remediation_configuration_request :
?resource_type:string ->
config_rule_name:string ->
unit ->
delete_remediation_configuration_requestCreate a delete_remediation_configuration_request type
val make_delete_pending_aggregation_request_request :
requester_aws_region:string ->
requester_account_id:string ->
unit ->
delete_pending_aggregation_request_requestCreate a delete_pending_aggregation_request_request type
val make_delete_organization_conformance_pack_request :
organization_conformance_pack_name:string ->
unit ->
delete_organization_conformance_pack_requestCreate a delete_organization_conformance_pack_request type
val make_delete_organization_config_rule_request :
organization_config_rule_name:string ->
unit ->
delete_organization_config_rule_requestCreate a delete_organization_config_rule_request type
val make_delete_evaluation_results_response :
unit ->
delete_evaluation_results_responseCreate a delete_evaluation_results_response type
val make_delete_evaluation_results_request :
config_rule_name:string ->
unit ->
delete_evaluation_results_requestCreate a delete_evaluation_results_request type
val make_delete_delivery_channel_request :
delivery_channel_name:string ->
unit ->
delete_delivery_channel_requestCreate a delete_delivery_channel_request type
val make_delete_conformance_pack_request :
conformance_pack_name:string ->
unit ->
delete_conformance_pack_requestCreate a delete_conformance_pack_request type
val make_delete_configuration_recorder_request :
configuration_recorder_name:string ->
unit ->
delete_configuration_recorder_requestCreate a delete_configuration_recorder_request type
val make_delete_configuration_aggregator_request :
configuration_aggregator_name:string ->
unit ->
delete_configuration_aggregator_requestCreate a delete_configuration_aggregator_request type
val make_delete_config_rule_request :
config_rule_name:string ->
unit ->
delete_config_rule_requestCreate a delete_config_rule_request type
val make_delete_aggregation_authorization_request :
authorized_aws_region:string ->
authorized_account_id:string ->
unit ->
delete_aggregation_authorization_requestCreate a delete_aggregation_authorization_request type
val make_base_configuration_item :
?configuration_item_delivery_time:float ->
?recording_frequency:recording_frequency ->
?supplementary_configuration:(string * string) list ->
?configuration:string ->
?resource_creation_time:float ->
?availability_zone:string ->
?aws_region:string ->
?resource_name:string ->
?resource_id:string ->
?resource_type:resource_type ->
?arn:string ->
?configuration_state_id:string ->
?configuration_item_status:configuration_item_status ->
?configuration_item_capture_time:float ->
?account_id:string ->
?version:string ->
unit ->
base_configuration_itemCreate a base_configuration_item type
val make_batch_get_resource_config_response :
?unprocessed_resource_keys:resource_key list ->
?base_configuration_items:base_configuration_item list ->
unit ->
batch_get_resource_config_responseCreate a batch_get_resource_config_response type
val make_batch_get_resource_config_request :
resource_keys:resource_key list ->
unit ->
batch_get_resource_config_requestCreate a batch_get_resource_config_request type
val make_batch_get_aggregate_resource_config_response :
?unprocessed_resource_identifiers:aggregate_resource_identifier list ->
?base_configuration_items:base_configuration_item list ->
unit ->
batch_get_aggregate_resource_config_responseCreate a batch_get_aggregate_resource_config_response type
val make_batch_get_aggregate_resource_config_request :
resource_identifiers:aggregate_resource_identifier list ->
configuration_aggregator_name:string ->
unit ->
batch_get_aggregate_resource_config_requestCreate a batch_get_aggregate_resource_config_request type
module BatchGetAggregateResourceConfig : sig ... endmodule BatchGetResourceConfig : sig ... endmodule DeleteAggregationAuthorization : sig ... endmodule DeleteConfigRule : sig ... endmodule DeleteConfigurationAggregator : sig ... endmodule DeleteConfigurationRecorder : sig ... endmodule DeleteConformancePack : sig ... endmodule DeleteDeliveryChannel : sig ... endmodule DeleteEvaluationResults : sig ... endmodule DeleteOrganizationConfigRule : sig ... endmodule DeleteOrganizationConformancePack : sig ... endmodule DeletePendingAggregationRequest : sig ... endmodule DeleteRemediationConfiguration : sig ... endmodule DeleteRemediationExceptions : sig ... endmodule DeleteResourceConfig : sig ... endmodule DeleteRetentionConfiguration : sig ... endmodule DeleteStoredQuery : sig ... endmodule DeliverConfigSnapshot : sig ... endmodule DescribeAggregateComplianceByConfigRules : sig ... endmodule DescribeAggregateComplianceByConformancePacks : sig ... endmodule DescribeAggregationAuthorizations : sig ... endmodule DescribeComplianceByConfigRule : sig ... endmodule DescribeComplianceByResource : sig ... endmodule DescribeConfigRuleEvaluationStatus : sig ... endmodule DescribeConfigRules : sig ... endmodule DescribeConfigurationAggregators : sig ... endmodule DescribeConfigurationAggregatorSourcesStatus : sig ... endmodule DescribeConfigurationRecorders : sig ... endmodule DescribeConfigurationRecorderStatus : sig ... endmodule DescribeConformancePackCompliance : sig ... endmodule DescribeConformancePacks : sig ... endmodule DescribeConformancePackStatus : sig ... endmodule DescribeDeliveryChannels : sig ... endmodule DescribeDeliveryChannelStatus : sig ... endmodule DescribeOrganizationConfigRules : sig ... endmodule DescribeOrganizationConfigRuleStatuses : sig ... endmodule DescribeOrganizationConformancePacks : sig ... endmodule DescribeOrganizationConformancePackStatuses : sig ... endmodule DescribePendingAggregationRequests : sig ... endmodule DescribeRemediationConfigurations : sig ... endmodule DescribeRemediationExceptions : sig ... endmodule DescribeRemediationExecutionStatus : sig ... endmodule DescribeRetentionConfigurations : sig ... endmodule GetAggregateComplianceDetailsByConfigRule : sig ... endmodule GetAggregateConfigRuleComplianceSummary : sig ... endmodule GetAggregateConformancePackComplianceSummary : sig ... endmodule GetAggregateDiscoveredResourceCounts : sig ... endmodule GetAggregateResourceConfig : sig ... endmodule GetComplianceDetailsByConfigRule : sig ... endmodule GetComplianceDetailsByResource : sig ... endmodule GetComplianceSummaryByConfigRule : sig ... endmodule GetComplianceSummaryByResourceType : sig ... endmodule GetConformancePackComplianceDetails : sig ... endmodule GetConformancePackComplianceSummary : sig ... endmodule GetCustomRulePolicy : sig ... endmodule GetDiscoveredResourceCounts : sig ... endmodule GetOrganizationConfigRuleDetailedStatus : sig ... endmodule GetOrganizationConformancePackDetailedStatus : sig ... endmodule GetOrganizationCustomRulePolicy : sig ... endmodule GetResourceConfigHistory : sig ... endmodule GetResourceEvaluationSummary : sig ... endmodule GetStoredQuery : sig ... endmodule ListAggregateDiscoveredResources : sig ... endmodule ListConformancePackComplianceScores : sig ... endmodule ListDiscoveredResources : sig ... endmodule ListResourceEvaluations : sig ... endmodule ListStoredQueries : sig ... endmodule ListTagsForResource : sig ... endmodule PutAggregationAuthorization : sig ... endmodule PutConfigRule : sig ... endmodule PutConfigurationAggregator : sig ... endmodule PutConfigurationRecorder : sig ... endmodule PutConformancePack : sig ... endmodule PutDeliveryChannel : sig ... endmodule PutEvaluations : sig ... endmodule PutExternalEvaluation : sig ... endmodule PutOrganizationConfigRule : sig ... endmodule PutOrganizationConformancePack : sig ... endmodule PutRemediationConfigurations : sig ... endmodule PutRemediationExceptions : sig ... endmodule PutResourceConfig : sig ... endmodule PutRetentionConfiguration : sig ... endmodule PutStoredQuery : sig ... endmodule SelectAggregateResourceConfig : sig ... endmodule SelectResourceConfig : sig ... endmodule StartConfigRulesEvaluation : sig ... endmodule StartConfigurationRecorder : sig ... endmodule StartRemediationExecution : sig ... endmodule StartResourceEvaluation : sig ... endmodule StopConfigurationRecorder : sig ... endmodule TagResource : sig ... endmodule UntagResource : sig ... end