DescribeComplianceByConfigRule

DescribeComplianceByConfigRule

Indicates whether the specified AWS Config rules are compliant. If a rule is noncompliant, this action returns the number of AWS resources that do not comply with the rule.

A rule is compliant if all of the evaluated resources comply with it. It is noncompliant if any of these resources do not comply.

If AWS Config has no current evaluation results for the rule, it returns INSUFFICIENT_DATA. This result might indicate one of the following conditions:

• AWS Config has never invoked an evaluation for the rule. To check whether it has, use the

DescribeConfigRuleEvaluationStatus action to get the LastSuccessfulInvocationTime and LastFailedInvocationTime.

• The rule's AWS Lambda function is failing to send evaluation results to AWS Config. Verify that the role you assigned to your configuration recorder includes the config:PutEvaluations permission. If the rule is a custom rule, verify that the AWS Lambda execution role includes the config:PutEvaluations permission.

• The rule's AWS Lambda function has returned NOT_APPLICABLE for all evaluation results. This can occur if the resources were deleted or removed from the rule's scope.

Request Syntax

{ "ComplianceTypes": [ "string" ], "ConfigRuleNames": [ "string" ], "NextToken": "string"

}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 386).

The request accepts the following data in JSON format.

ComplianceTypes (p. 55)

Filters the results by compliance.

The allowed values are COMPLIANT and NON_COMPLIANT.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 3 items.

Valid Values: COMPLIANT | NON_COMPLIANT | NOT_APPLICABLE | INSUFFICIENT_DATA Required: No

ConfigRuleNames (p. 55)

Specify one or more AWS Config rule names to filter the results by rule.

Type: Array of strings

Response Syntax

Array Members: Minimum number of 0 items. Maximum number of 25 items.

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: .*\S.*

Required: No NextToken (p. 55)

The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.

Type: String Required: No

Response Syntax

{

"ComplianceByConfigRules": [ {

"Compliance": {

"ComplianceContributorCount": { "CapExceeded": boolean, "CappedCount": number },

"ComplianceType": "string"

},

"ConfigRuleName": "string"

} ],

"NextToken": "string"

}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ComplianceByConfigRules (p. 56)

Indicates whether each of the specified AWS Config rules is compliant.

Type: Array of ComplianceByConfigRule (p. 269) objects NextToken (p. 56)

The string that you use in a subsequent request to get the next page of results in a paginated response.

See Also

InvalidNextTokenException

The specified next token is invalid. Specify the nextToken string that was returned in the previous response to get the next page of results.

HTTP Status Code: 400 InvalidParameterValueException

One or more of the specified parameters are invalid. Verify that your parameters are valid and try again.

HTTP Status Code: 400 NoSuchConfigRuleException

One or more AWS Config rules in the request are invalid. Verify that the rule names are correct and try again.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

DescribeComplianceByResource

DescribeComplianceByResource

Indicates whether the specified AWS resources are compliant. If a resource is noncompliant, this action returns the number of AWS Config rules that the resource does not comply with.

A resource is compliant if it complies with all the AWS Config rules that evaluate it. It is noncompliant if it does not comply with one or more of these rules.

If AWS Config has no current evaluation results for the resource, it returns INSUFFICIENT_DATA. This result might indicate one of the following conditions about the rules that evaluate the resource:

• AWS Config has never invoked an evaluation for the rule. To check whether it has, use the

DescribeConfigRuleEvaluationStatus action to get the LastSuccessfulInvocationTime and LastFailedInvocationTime.

• The rule's AWS Lambda function is failing to send evaluation results to AWS Config. Verify that the role that you assigned to your configuration recorder includes the config:PutEvaluations permission. If the rule is a custom rule, verify that the AWS Lambda execution role includes the config:PutEvaluations permission.

• The rule's AWS Lambda function has returned NOT_APPLICABLE for all evaluation results. This can occur if the resources were deleted or removed from the rule's scope.

Request Syntax

{

"ComplianceTypes": [ "string" ], "Limit": number,

"NextToken": "string", "ResourceId": "string", "ResourceType": "string"

}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 386).

The request accepts the following data in JSON format.

ComplianceTypes (p. 58)

Filters the results by compliance.

The allowed values are COMPLIANT, NON_COMPLIANT, and INSUFFICIENT_DATA.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 3 items.

Response Syntax

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 100.

Required: No NextToken (p. 58)

The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.

Type: String Required: No ResourceId (p. 58)

The ID of the AWS resource for which you want compliance information. You can specify only one resource ID. If you specify a resource ID, you must also specify a type for ResourceType.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 768.

Required: No ResourceType (p. 58)

The types of AWS resources for which you want compliance information (for example,

AWS::EC2::Instance). For this action, you can specify that the resource type is an AWS account by specifying AWS::::Account.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Required: No

Response Syntax

{ "ComplianceByResources": [ {

"NextToken": "string"

}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

Errors

The following data is returned in JSON format by the service.

ComplianceByResources (p. 59)

Indicates whether the specified AWS resource complies with all of the AWS Config rules that evaluate it.

Type: Array of ComplianceByResource (p. 270) objects NextToken (p. 59)

The string that you use in a subsequent request to get the next page of results in a paginated response.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors (p. 388).

InvalidNextTokenException

The specified next token is invalid. Specify the nextToken string that was returned in the previous response to get the next page of results.

HTTP Status Code: 400 InvalidParameterValueException

One or more of the specified parameters are invalid. Verify that your parameters are valid and try again.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

在文檔中 AWS Config (頁 72-78)