AWS Config

2019/07/09 - AWS Config - 5 new api methods

Changes  AWS Config now supports a new set of APIs to manage AWS Config rules across your organization in AWS Organizations. Using this capability, you can centrally create, update, and delete AWS Config rules across all accounts in your organization. This capability is particularly useful if you have a need to deploy a common set of AWS Config rules across all accounts. You can also specify accounts where AWS Config rules should not be created. In addition, you can use these APIs from the master account in AWS Organizations to enforce governance by ensuring that the underlying AWS Config rules are not modifiable by your organization member accounts.These APIs work for both managed and custom AWS Config rules. For more information, see Enabling AWS Config Rules Across all Accounts in Your Organization in the AWS Config Developer Guide.The new APIs are available in all commercial AWS Regions where AWS Config and AWS Organizations are supported. For the full list of supported Regions, see AWS Regions and Endpoints in the AWS General Reference. To learn more about AWS Config, visit the AWS Config webpage. To learn more about AWS Organizations, visit the AWS Organizations webpage.

DescribeOrganizationConfigRules (new) Link ¶

See also: AWS API Documentation

Request Syntax

client.describe_organization_config_rules(
    OrganizationConfigRuleNames=[
        'string',
    ],
    Limit=123,
    NextToken='string'
)
type OrganizationConfigRuleNames

list

param OrganizationConfigRuleNames
  • (string) --

type Limit

integer

param Limit

type NextToken

string

param NextToken

rtype

dict

returns

Response Syntax

{
    'OrganizationConfigRules': [
        {
            'OrganizationConfigRuleName': 'string',
            'OrganizationConfigRuleArn': 'string',
            'OrganizationManagedRuleMetadata': {
                'Description': 'string',
                'RuleIdentifier': 'string',
                'InputParameters': 'string',
                'MaximumExecutionFrequency': 'One_Hour'|'Three_Hours'|'Six_Hours'|'Twelve_Hours'|'TwentyFour_Hours',
                'ResourceTypesScope': [
                    'string',
                ],
                'ResourceIdScope': 'string',
                'TagKeyScope': 'string',
                'TagValueScope': 'string'
            },
            'OrganizationCustomRuleMetadata': {
                'Description': 'string',
                'LambdaFunctionArn': 'string',
                'OrganizationConfigRuleTriggerTypes': [
                    'ConfigurationItemChangeNotification'|'OversizedConfigurationItemChangeNotification'|'ScheduledNotification',
                ],
                'InputParameters': 'string',
                'MaximumExecutionFrequency': 'One_Hour'|'Three_Hours'|'Six_Hours'|'Twelve_Hours'|'TwentyFour_Hours',
                'ResourceTypesScope': [
                    'string',
                ],
                'ResourceIdScope': 'string',
                'TagKeyScope': 'string',
                'TagValueScope': 'string'
            },
            'ExcludedAccounts': [
                'string',
            ],
            'LastUpdateTime': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • OrganizationConfigRules (list) --

      • (dict) --

        • OrganizationConfigRuleName (string) --

        • OrganizationConfigRuleArn (string) --

        • OrganizationManagedRuleMetadata (dict) --

          • Description (string) --

          • RuleIdentifier (string) --

          • InputParameters (string) --

          • MaximumExecutionFrequency (string) --

          • ResourceTypesScope (list) --

            • (string) --

          • ResourceIdScope (string) --

          • TagKeyScope (string) --

          • TagValueScope (string) --

        • OrganizationCustomRuleMetadata (dict) --

          • Description (string) --

          • LambdaFunctionArn (string) --

          • OrganizationConfigRuleTriggerTypes (list) --

            • (string) --

          • InputParameters (string) --

          • MaximumExecutionFrequency (string) --

          • ResourceTypesScope (list) --

            • (string) --

          • ResourceIdScope (string) --

          • TagKeyScope (string) --

          • TagValueScope (string) --

        • ExcludedAccounts (list) --

          • (string) --

        • LastUpdateTime (datetime) --

    • NextToken (string) --

GetOrganizationConfigRuleDetailedStatus (new) Link ¶

See also: AWS API Documentation

Request Syntax

client.get_organization_config_rule_detailed_status(
    OrganizationConfigRuleName='string',
    Filters={
        'AccountId': 'string',
        'MemberAccountRuleStatus': 'CREATE_SUCCESSFUL'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_SUCCESSFUL'|'DELETE_FAILED'|'DELETE_IN_PROGRESS'
    },
    Limit=123,
    NextToken='string'
)
type OrganizationConfigRuleName

string

param OrganizationConfigRuleName

[REQUIRED]

type Filters

dict

param Filters
  • AccountId (string) --

  • MemberAccountRuleStatus (string) --

type Limit

integer

param Limit

type NextToken

string

param NextToken

rtype

dict

returns

Response Syntax

{
    'OrganizationConfigRuleDetailedStatus': [
        {
            'AccountId': 'string',
            'ConfigRuleName': 'string',
            'MemberAccountRuleStatus': 'CREATE_SUCCESSFUL'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_SUCCESSFUL'|'DELETE_FAILED'|'DELETE_IN_PROGRESS',
            'ErrorCode': 'string',
            'ErrorMessage': 'string',
            'LastUpdateTime': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • OrganizationConfigRuleDetailedStatus (list) --

      • (dict) --

        • AccountId (string) --

        • ConfigRuleName (string) --

        • MemberAccountRuleStatus (string) --

        • ErrorCode (string) --

        • ErrorMessage (string) --

        • LastUpdateTime (datetime) --

    • NextToken (string) --

DescribeOrganizationConfigRuleStatuses (new) Link ¶

See also: AWS API Documentation

Request Syntax

client.describe_organization_config_rule_statuses(
    OrganizationConfigRuleNames=[
        'string',
    ],
    Limit=123,
    NextToken='string'
)
type OrganizationConfigRuleNames

list

param OrganizationConfigRuleNames
  • (string) --

type Limit

integer

param Limit

type NextToken

string

param NextToken

rtype

dict

returns

Response Syntax

{
    'OrganizationConfigRuleStatuses': [
        {
            'OrganizationConfigRuleName': 'string',
            'OrganizationRuleStatus': 'CREATE_SUCCESSFUL'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_SUCCESSFUL'|'DELETE_FAILED'|'DELETE_IN_PROGRESS',
            'ErrorCode': 'string',
            'ErrorMessage': 'string',
            'LastUpdateTime': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • OrganizationConfigRuleStatuses (list) --

      • (dict) --

        • OrganizationConfigRuleName (string) --

        • OrganizationRuleStatus (string) --

        • ErrorCode (string) --

        • ErrorMessage (string) --

        • LastUpdateTime (datetime) --

    • NextToken (string) --

DeleteOrganizationConfigRule (new) Link ¶

See also: AWS API Documentation

Request Syntax

client.delete_organization_config_rule(
    OrganizationConfigRuleName='string'
)
type OrganizationConfigRuleName

string

param OrganizationConfigRuleName

[REQUIRED]

returns

None

PutOrganizationConfigRule (new) Link ¶

See also: AWS API Documentation

Request Syntax

client.put_organization_config_rule(
    OrganizationConfigRuleName='string',
    OrganizationManagedRuleMetadata={
        'Description': 'string',
        'RuleIdentifier': 'string',
        'InputParameters': 'string',
        'MaximumExecutionFrequency': 'One_Hour'|'Three_Hours'|'Six_Hours'|'Twelve_Hours'|'TwentyFour_Hours',
        'ResourceTypesScope': [
            'string',
        ],
        'ResourceIdScope': 'string',
        'TagKeyScope': 'string',
        'TagValueScope': 'string'
    },
    OrganizationCustomRuleMetadata={
        'Description': 'string',
        'LambdaFunctionArn': 'string',
        'OrganizationConfigRuleTriggerTypes': [
            'ConfigurationItemChangeNotification'|'OversizedConfigurationItemChangeNotification'|'ScheduledNotification',
        ],
        'InputParameters': 'string',
        'MaximumExecutionFrequency': 'One_Hour'|'Three_Hours'|'Six_Hours'|'Twelve_Hours'|'TwentyFour_Hours',
        'ResourceTypesScope': [
            'string',
        ],
        'ResourceIdScope': 'string',
        'TagKeyScope': 'string',
        'TagValueScope': 'string'
    },
    ExcludedAccounts=[
        'string',
    ]
)
type OrganizationConfigRuleName

string

param OrganizationConfigRuleName

[REQUIRED]

type OrganizationManagedRuleMetadata

dict

param OrganizationManagedRuleMetadata
  • Description (string) --

  • RuleIdentifier (string) -- [REQUIRED]

  • InputParameters (string) --

  • MaximumExecutionFrequency (string) --

  • ResourceTypesScope (list) --

    • (string) --

  • ResourceIdScope (string) --

  • TagKeyScope (string) --

  • TagValueScope (string) --

type OrganizationCustomRuleMetadata

dict

param OrganizationCustomRuleMetadata
  • Description (string) --

  • LambdaFunctionArn (string) -- [REQUIRED]

  • OrganizationConfigRuleTriggerTypes (list) -- [REQUIRED]

    • (string) --

  • InputParameters (string) --

  • MaximumExecutionFrequency (string) --

  • ResourceTypesScope (list) --

    • (string) --

  • ResourceIdScope (string) --

  • TagKeyScope (string) --

  • TagValueScope (string) --

type ExcludedAccounts

list

param ExcludedAccounts
  • (string) --

rtype

dict

returns

Response Syntax

{
    'OrganizationConfigRuleArn': 'string'
}

Response Structure

  • (dict) --

    • OrganizationConfigRuleArn (string) --