2019/07/09 - AWS Config - 5 new api methods
Changes AWS Config now supports a new set of APIs to manage AWS Config rules across your organization in AWS Organizations. Using this capability, you can centrally create, update, and delete AWS Config rules across all accounts in your organization. This capability is particularly useful if you have a need to deploy a common set of AWS Config rules across all accounts. You can also specify accounts where AWS Config rules should not be created. In addition, you can use these APIs from the master account in AWS Organizations to enforce governance by ensuring that the underlying AWS Config rules are not modifiable by your organization member accounts.These APIs work for both managed and custom AWS Config rules. For more information, see Enabling AWS Config Rules Across all Accounts in Your Organization in the AWS Config Developer Guide.The new APIs are available in all commercial AWS Regions where AWS Config and AWS Organizations are supported. For the full list of supported Regions, see AWS Regions and Endpoints in the AWS General Reference. To learn more about AWS Config, visit the AWS Config webpage. To learn more about AWS Organizations, visit the AWS Organizations webpage.
See also: AWS API Documentation
Request Syntax
client.describe_organization_config_rules( OrganizationConfigRuleNames=[ 'string', ], Limit=123, NextToken='string' )
list
(string) --
integer
string
dict
Response Syntax
{ 'OrganizationConfigRules': [ { 'OrganizationConfigRuleName': 'string', 'OrganizationConfigRuleArn': 'string', 'OrganizationManagedRuleMetadata': { 'Description': 'string', 'RuleIdentifier': 'string', 'InputParameters': 'string', 'MaximumExecutionFrequency': 'One_Hour'|'Three_Hours'|'Six_Hours'|'Twelve_Hours'|'TwentyFour_Hours', 'ResourceTypesScope': [ 'string', ], 'ResourceIdScope': 'string', 'TagKeyScope': 'string', 'TagValueScope': 'string' }, 'OrganizationCustomRuleMetadata': { 'Description': 'string', 'LambdaFunctionArn': 'string', 'OrganizationConfigRuleTriggerTypes': [ 'ConfigurationItemChangeNotification'|'OversizedConfigurationItemChangeNotification'|'ScheduledNotification', ], 'InputParameters': 'string', 'MaximumExecutionFrequency': 'One_Hour'|'Three_Hours'|'Six_Hours'|'Twelve_Hours'|'TwentyFour_Hours', 'ResourceTypesScope': [ 'string', ], 'ResourceIdScope': 'string', 'TagKeyScope': 'string', 'TagValueScope': 'string' }, 'ExcludedAccounts': [ 'string', ], 'LastUpdateTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' }
Response Structure
(dict) --
OrganizationConfigRules (list) --
(dict) --
OrganizationConfigRuleName (string) --
OrganizationConfigRuleArn (string) --
OrganizationManagedRuleMetadata (dict) --
Description (string) --
RuleIdentifier (string) --
InputParameters (string) --
MaximumExecutionFrequency (string) --
ResourceTypesScope (list) --
(string) --
ResourceIdScope (string) --
TagKeyScope (string) --
TagValueScope (string) --
OrganizationCustomRuleMetadata (dict) --
Description (string) --
LambdaFunctionArn (string) --
OrganizationConfigRuleTriggerTypes (list) --
(string) --
InputParameters (string) --
MaximumExecutionFrequency (string) --
ResourceTypesScope (list) --
(string) --
ResourceIdScope (string) --
TagKeyScope (string) --
TagValueScope (string) --
ExcludedAccounts (list) --
(string) --
LastUpdateTime (datetime) --
NextToken (string) --
See also: AWS API Documentation
Request Syntax
client.get_organization_config_rule_detailed_status( OrganizationConfigRuleName='string', Filters={ 'AccountId': 'string', 'MemberAccountRuleStatus': 'CREATE_SUCCESSFUL'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_SUCCESSFUL'|'DELETE_FAILED'|'DELETE_IN_PROGRESS' }, Limit=123, NextToken='string' )
string
[REQUIRED]
dict
AccountId (string) --
MemberAccountRuleStatus (string) --
integer
string
dict
Response Syntax
{ 'OrganizationConfigRuleDetailedStatus': [ { 'AccountId': 'string', 'ConfigRuleName': 'string', 'MemberAccountRuleStatus': 'CREATE_SUCCESSFUL'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_SUCCESSFUL'|'DELETE_FAILED'|'DELETE_IN_PROGRESS', 'ErrorCode': 'string', 'ErrorMessage': 'string', 'LastUpdateTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' }
Response Structure
(dict) --
OrganizationConfigRuleDetailedStatus (list) --
(dict) --
AccountId (string) --
ConfigRuleName (string) --
MemberAccountRuleStatus (string) --
ErrorCode (string) --
ErrorMessage (string) --
LastUpdateTime (datetime) --
NextToken (string) --
See also: AWS API Documentation
Request Syntax
client.describe_organization_config_rule_statuses( OrganizationConfigRuleNames=[ 'string', ], Limit=123, NextToken='string' )
list
(string) --
integer
string
dict
Response Syntax
{ 'OrganizationConfigRuleStatuses': [ { 'OrganizationConfigRuleName': 'string', 'OrganizationRuleStatus': 'CREATE_SUCCESSFUL'|'CREATE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_SUCCESSFUL'|'DELETE_FAILED'|'DELETE_IN_PROGRESS', 'ErrorCode': 'string', 'ErrorMessage': 'string', 'LastUpdateTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' }
Response Structure
(dict) --
OrganizationConfigRuleStatuses (list) --
(dict) --
OrganizationConfigRuleName (string) --
OrganizationRuleStatus (string) --
ErrorCode (string) --
ErrorMessage (string) --
LastUpdateTime (datetime) --
NextToken (string) --
See also: AWS API Documentation
Request Syntax
client.delete_organization_config_rule( OrganizationConfigRuleName='string' )
string
[REQUIRED]
None
See also: AWS API Documentation
Request Syntax
client.put_organization_config_rule( OrganizationConfigRuleName='string', OrganizationManagedRuleMetadata={ 'Description': 'string', 'RuleIdentifier': 'string', 'InputParameters': 'string', 'MaximumExecutionFrequency': 'One_Hour'|'Three_Hours'|'Six_Hours'|'Twelve_Hours'|'TwentyFour_Hours', 'ResourceTypesScope': [ 'string', ], 'ResourceIdScope': 'string', 'TagKeyScope': 'string', 'TagValueScope': 'string' }, OrganizationCustomRuleMetadata={ 'Description': 'string', 'LambdaFunctionArn': 'string', 'OrganizationConfigRuleTriggerTypes': [ 'ConfigurationItemChangeNotification'|'OversizedConfigurationItemChangeNotification'|'ScheduledNotification', ], 'InputParameters': 'string', 'MaximumExecutionFrequency': 'One_Hour'|'Three_Hours'|'Six_Hours'|'Twelve_Hours'|'TwentyFour_Hours', 'ResourceTypesScope': [ 'string', ], 'ResourceIdScope': 'string', 'TagKeyScope': 'string', 'TagValueScope': 'string' }, ExcludedAccounts=[ 'string', ] )
string
[REQUIRED]
dict
Description (string) --
RuleIdentifier (string) -- [REQUIRED]
InputParameters (string) --
MaximumExecutionFrequency (string) --
ResourceTypesScope (list) --
(string) --
ResourceIdScope (string) --
TagKeyScope (string) --
TagValueScope (string) --
dict
Description (string) --
LambdaFunctionArn (string) -- [REQUIRED]
OrganizationConfigRuleTriggerTypes (list) -- [REQUIRED]
(string) --
InputParameters (string) --
MaximumExecutionFrequency (string) --
ResourceTypesScope (list) --
(string) --
ResourceIdScope (string) --
TagKeyScope (string) --
TagValueScope (string) --
list
(string) --
dict
Response Syntax
{ 'OrganizationConfigRuleArn': 'string' }
Response Structure
(dict) --
OrganizationConfigRuleArn (string) --