Deletes the specified conformance pack and all the Config rules, remediation actions, and all evaluation results within that conformance pack.
Config sets the conformance pack to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a conformance pack while it is in this state.
Deletes the delivery channel.
Before you can delete the delivery channel, you must stop the configuration recorder by using the StopConfigurationRecorder action.
", "DeleteEvaluationResults": "Deletes the evaluation results for the specified Config rule. You can specify one Config rule per request. After you delete the evaluation results, you can call the StartConfigRulesEvaluation API to start evaluating your Amazon Web Services resources against the rule.
", - "DeleteOrganizationConfigRule": "Deletes the specified organization config rule and all of its evaluation results from all member accounts in that organization.
Only a master account and a delegated administrator account can delete an organization config rule. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added.
Config sets the state of a rule to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a rule while it is in this state.
", - "DeleteOrganizationConformancePack": "Deletes the specified organization conformance pack and all of the config rules and remediation actions from all member accounts in that organization.
Only a master account or a delegated administrator account can delete an organization conformance pack. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added.
Config sets the state of a conformance pack to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a conformance pack while it is in this state.
", + "DeleteOrganizationConfigRule": "Deletes the specified organization Config rule and all of its evaluation results from all member accounts in that organization.
Only a master account and a delegated administrator account can delete an organization Config rule. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added.
Config sets the state of a rule to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a rule while it is in this state.
", + "DeleteOrganizationConformancePack": "Deletes the specified organization conformance pack and all of the Config rules and remediation actions from all member accounts in that organization.
Only a master account or a delegated administrator account can delete an organization conformance pack. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added.
Config sets the state of a conformance pack to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a conformance pack while it is in this state.
", "DeletePendingAggregationRequest": "Deletes pending authorization requests for a specified aggregator account in a specified region.
", "DeleteRemediationConfiguration": "Deletes the remediation configuration.
", "DeleteRemediationExceptions": "Deletes one or more remediation exceptions mentioned in the resource keys.
Config generates a remediation exception when a problem occurs executing a remediation action to a specific resource. Remediation exceptions blocks auto-remediation until the exception is cleared.
Returns a list of one or more conformance packs.
", "DescribeDeliveryChannelStatus": "Returns the current status of the specified delivery channel. If a delivery channel is not specified, this action returns the current status of all delivery channels associated with the account.
Currently, you can specify only one delivery channel per region in your account.
Returns details about the specified delivery channel. If a delivery channel is not specified, this action returns the details of all delivery channels associated with the account.
Currently, you can specify only one delivery channel per region in your account.
Provides organization config rule deployment status for an organization.
The status is not considered successful until organization config rule is successfully deployed in all the member accounts with an exception of excluded accounts.
When you specify the limit and the next token, you receive a paginated response. Limit and next token are not applicable if you specify organization config rule names. It is only applicable, when you request all the organization config rules.
Returns a list of organization config rules.
When you specify the limit and the next token, you receive a paginated response. Limit and next token are not applicable if you specify organization config rule names. It is only applicable, when you request all the organization config rules.
Provides organization Config rule deployment status for an organization.
The status is not considered successful until organization Config rule is successfully deployed in all the member accounts with an exception of excluded accounts.
When you specify the limit and the next token, you receive a paginated response. Limit and next token are not applicable if you specify organization Config rule names. It is only applicable, when you request all the organization Config rules.
Returns a list of organization Config rules.
When you specify the limit and the next token, you receive a paginated response. Limit and next token are not applicable if you specify organization Config rule names. It is only applicable, when you request all the organization Config rules.
Provides organization conformance pack deployment status for an organization.
The status is not considered successful until organization conformance pack is successfully deployed in all the member accounts with an exception of excluded accounts.
When you specify the limit and the next token, you receive a paginated response. Limit and next token are not applicable if you specify organization conformance pack names. They are only applicable, when you request all the organization conformance packs.
Returns a list of organization conformance packs.
When you specify the limit and the next token, you receive a paginated response.
Limit and next token are not applicable if you specify organization conformance packs names. They are only applicable, when you request all the organization conformance packs.
Returns a list of all pending aggregation requests.
", @@ -56,9 +56,11 @@ "GetComplianceSummaryByResourceType": "Returns the number of resources that are compliant and the number that are noncompliant. You can specify one or more resource types to get these numbers for each resource type. The maximum number returned is 100.
", "GetConformancePackComplianceDetails": "Returns compliance details of a conformance pack for all Amazon Web Services resources that are monitered by conformance pack.
", "GetConformancePackComplianceSummary": "Returns compliance details for the conformance pack based on the cumulative compliance results of all the rules in that conformance pack.
", + "GetCustomRulePolicy": "Returns the policy definition containing the logic for your Config Custom Policy rule.
", "GetDiscoveredResourceCounts": "Returns the resource types, the number of each resource type, and the total number of resources that Config is recording in this region for your Amazon Web Services account.
Example
Config is recording three resource types in the US East (Ohio) Region for your account: 25 EC2 instances, 20 IAM users, and 15 S3 buckets.
You make a call to the GetDiscoveredResourceCounts action and specify that you want all resource types.
Config returns the following:
The resource types (EC2 instances, IAM users, and S3 buckets).
The number of each resource type (25, 20, and 15).
The total number of all resources (60).
The response is paginated. By default, Config lists 100 ResourceCount objects on each page. You can customize this number with the limit parameter. The response includes a nextToken string. To get the next page of results, run the request again and specify the string for the nextToken parameter.
If you make a call to the GetDiscoveredResourceCounts action, you might not immediately receive resource counts in the following situations:
You are a new Config customer.
You just enabled resource recording.
It might take a few minutes for Config to record and count your resources. Wait a few minutes and then retry the GetDiscoveredResourceCounts action.
Returns detailed status for each member account within an organization for a given organization config rule.
", + "GetOrganizationConfigRuleDetailedStatus": "Returns detailed status for each member account within an organization for a given organization Config rule.
", "GetOrganizationConformancePackDetailedStatus": "Returns detailed status for each member account within an organization for a given organization conformance pack.
", + "GetOrganizationCustomRulePolicy": "Returns the policy definition containing the logic for your organization Config Custom Policy rule.
", "GetResourceConfigHistory": "Returns a list of ConfigurationItems for the specified resource. The list contains details about each state of the resource during the specified time interval. If you specified a retention period to retain your ConfigurationItems between a minimum of 30 days and a maximum of 7 years (2557 days), Config returns the ConfigurationItems for the specified retention period.
The response is paginated. By default, Config returns a limit of 10 configuration items per page. You can customize this number with the limit parameter. The response includes a nextToken string. To get the next page of results, run the request again and specify the string for the nextToken parameter.
Each call to the API is limited to span a duration of seven days. It is likely that the number of records returned is smaller than the specified limit. In such cases, you can make another call, using the nextToken.
Returns the details of a specific stored query.
", "ListAggregateDiscoveredResources": "Accepts a resource type and returns a list of resource identifiers that are aggregated for a specific resource type across accounts and regions. A resource identifier includes the resource type, ID, (if available) the custom resource name, source account, and source region. You can narrow the results to include only resources that have specific resource IDs, or a resource name, or source account ID, or source region.
For example, if the input consists of accountID 12345678910 and the region is us-east-1 for resource type AWS::EC2::Instance then the API returns all the EC2 instance identifiers of accountID 12345678910 and region us-east-1.
Creates a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic.
Before you can create a delivery channel, you must create a configuration recorder.
You can use this action to change the Amazon S3 bucket or an Amazon SNS topic of the existing delivery channel. To change the Amazon S3 bucket or an Amazon SNS topic, call this action and specify the changed values for the S3 bucket and the SNS topic. If you specify a different value for either the S3 bucket or the SNS topic, this action will keep the existing value for the parameter that is not changed.
You can have only one delivery channel per region in your account.
Used by an Lambda function to deliver evaluation results to Config. This action is required in every Lambda function that is invoked by an Config rule.
", "PutExternalEvaluation": "Add or updates the evaluations for process checks. This API checks if the rule is a process check when the name of the Config rule is provided.
", - "PutOrganizationConfigRule": "Adds or updates organization config rule for your entire organization evaluating whether your Amazon Web Services resources comply with your desired configurations.
Only a master account and a delegated administrator can create or update an organization config rule. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added.
This API enables organization service access through the EnableAWSServiceAccess action and creates a service linked role AWSServiceRoleForConfigMultiAccountSetup in the master or delegated administrator account of your organization. The service linked role is created only when the role does not exist in the caller account. Config verifies the existence of role with GetRole action.
To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization register-delegated-administrator for config-multiaccountsetup.amazonaws.com.
You can use this action to create both custom Config rules and Config managed rules. If you are adding a new custom Config rule, you must first create Lambda function in the master account or a delegated administrator that the rule invokes to evaluate your resources. You also need to create an IAM role in the managed-account that can be assumed by the Lambda function. When you use the PutOrganizationConfigRule action to add the rule to Config, you must specify the Amazon Resource Name (ARN) that Lambda assigns to the function. If you are adding an Config managed rule, specify the rule's identifier for the RuleIdentifier key.
The maximum number of organization config rules that Config supports is 150 and 3 delegated administrator per organization.
Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.
Specify either OrganizationCustomRuleMetadata or OrganizationManagedRuleMetadata.
Adds or updates organization Config rule for your entire organization evaluating whether your Amazon Web Services resources comply with your desired configurations.
Only a master account and a delegated administrator can create or update an organization Config rule. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added.
This API enables organization service access through the EnableAWSServiceAccess action and creates a service linked role AWSServiceRoleForConfigMultiAccountSetup in the master or delegated administrator account of your organization. The service linked role is created only when the role does not exist in the caller account. Config verifies the existence of role with GetRole action.
To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization register-delegated-administrator for config-multiaccountsetup.amazonaws.com.
You can use this action to create both custom Config rules and Config managed rules. If you are adding a new custom Config rule, you must first create Lambda function in the master account or a delegated administrator that the rule invokes to evaluate your resources. You also need to create an IAM role in the managed-account that can be assumed by the Lambda function. When you use the PutOrganizationConfigRule action to add the rule to Config, you must specify the Amazon Resource Name (ARN) that Lambda assigns to the function. If you are adding an Config managed rule, specify the rule's identifier for the RuleIdentifier key.
The maximum number of organization Config rules that Config supports is 150 and 3 delegated administrator per organization.
Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.
Specify either OrganizationCustomRuleMetadata or OrganizationManagedRuleMetadata.
Deploys conformance packs across member accounts in an Amazon Web Services Organization.
Only a master account and a delegated administrator can call this API. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added.
This API enables organization service access for config-multiaccountsetup.amazonaws.com through the EnableAWSServiceAccess action and creates a service linked role AWSServiceRoleForConfigMultiAccountSetup in the master or delegated administrator account of your organization. The service linked role is created only when the role does not exist in the caller account. To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization register-delegate-admin for config-multiaccountsetup.amazonaws.com.
Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.
You must specify either the TemplateS3Uri or the TemplateBody parameter, but not both. If you provide both Config uses the TemplateS3Uri parameter and ignores the TemplateBody parameter.
Config sets the state of a conformance pack to CREATE_IN_PROGRESS and UPDATE_IN_PROGRESS until the conformance pack is created or updated. You cannot update a conformance pack while it is in this state.
You can create 50 conformance packs with 25 Config rules in each pack and 3 delegated administrator per organization.
Adds or updates the remediation configuration with a specific Config rule with the selected target or action. The API creates the RemediationConfiguration object for the Config rule. The Config rule must already exist for you to add a remediation configuration. The target (SSM document) must exist and have permissions to use the target.
If you make backward incompatible changes to the SSM document, you must call this again to ensure the remediations can run.
This API does not support adding remediation configurations for service-linked Config Rules such as Organization Config rules, the rules deployed by conformance packs, and rules deployed by Amazon Web Services Security Hub.
A remediation exception is when a specific resource is no longer considered for auto-remediation. This API adds a new exception or updates an existing exception for a specific resource with a specific Config rule.
Config generates a remediation exception when a problem occurs executing a remediation action to a specific resource. Remediation exceptions blocks auto-remediation until the exception is cleared.
The 12-digit account ID of the source account.
", "ConfigRuleComplianceSummaryFilters$AccountId": "The 12-digit account ID of the source account.
", "ConfigurationItem$accountId": "The 12-digit Amazon Web Services account ID associated with the resource.
", + "DebugLogDeliveryAccounts$member": null, "DeleteAggregationAuthorizationRequest$AuthorizedAccountId": "The 12-digit account ID of the account authorized to aggregate data.
", "DeletePendingAggregationRequestRequest$RequesterAccountId": "The 12-digit account ID of the account requesting to aggregate data.
", "ExcludedAccounts$member": null, @@ -408,8 +411,9 @@ "refs": { "AccountAggregationSource$AllAwsRegions": "If true, aggregate existing Config regions and future regions.
", "ComplianceContributorCount$CapExceeded": "Indicates whether the maximum count is reached.
", - "ConfigRuleEvaluationStatus$FirstEvaluationStarted": "Indicates whether Config has evaluated your resources against the rule at least once.
true - Config has evaluated your Amazon Web Services resources against the rule at least once.
false - Config has not once finished evaluating your Amazon Web Services resources against the rule.
Indicates whether Config has evaluated your resources against the rule at least once.
true - Config has evaluated your Amazon Web Services resources against the rule at least once.
false - Config has not finished evaluating your Amazon Web Services resources against the rule at least once.
Specifies whether or not the recorder is currently recording.
", + "CustomPolicyDetails$EnableDebugLogDelivery": "The boolean expression for enabling debug logging for your Config Custom Policy rule. The default value is false.
Specifies whether Config includes deleted resources in the results. By default, deleted resources are not included.
", "OrganizationAggregationSource$AllAwsRegions": "If true, aggregate existing Config regions and future regions.
", "PutEvaluationsRequest$TestMode": "Use this parameter to specify a test run for PutEvaluations. You can verify whether your Lambda function will deliver evaluation results to Config. No updates occur to your existing evaluations, and evaluation results are not sent to Config.
When TestMode is true, PutEvaluations doesn't require a valid value for the ResultToken parameter, but the value cannot be null.
Status information for your Config managed rules. The status includes information such as the last time the rule ran, the last time it failed, and the related error for the last failure.
This action does not return status information about custom Config rules.
", + "base": "Status information for your Config Managed rules and Config Custom Policy rules. The status includes information such as the last time the rule ran, the last time it failed, and the related error for the last failure.
This action does not return status information about Config Custom Lambda rules.
", "refs": { "ConfigRuleEvaluationStatusList$member": null } @@ -571,7 +575,7 @@ "ConfigRuleComplianceFilters$ConfigRuleName": "The name of the Config rule.
", "ConfigRuleEvaluationStatus$ConfigRuleName": "The name of the Config rule.
", "ConfigRuleNames$member": null, - "ConformancePackRuleCompliance$ConfigRuleName": "Name of the config rule.
", + "ConformancePackRuleCompliance$ConfigRuleName": "Name of the Config rule.
", "DeleteConfigRuleRequest$ConfigRuleName": "The name of the Config rule that you want to delete.
", "DeleteRemediationConfigurationRequest$ConfigRuleName": "The name of the Config rule for which you want to delete remediation configuration.
", "DeleteRemediationExceptionsRequest$ConfigRuleName": "The name of the Config rule for which you want to delete remediation exception configuration.
", @@ -579,6 +583,7 @@ "DescribeRemediationExecutionStatusRequest$ConfigRuleName": "A list of Config rule names.
", "EvaluationResultQualifier$ConfigRuleName": "The name of the Config rule that was used in the evaluation.
", "GetAggregateComplianceDetailsByConfigRuleRequest$ConfigRuleName": "The name of the Config rule for which you want compliance information.
", + "GetCustomRulePolicyRequest$ConfigRuleName": "The name of your Config Custom Policy rule.
", "PutExternalEvaluationRequest$ConfigRuleName": "The name of the Config rule.
", "PutRemediationExceptionsRequest$ConfigRuleName": "The name of the Config rule for which you want to create remediation exception.
", "ReevaluateConfigRuleNames$member": null, @@ -930,13 +935,19 @@ "base": null, "refs": { "DescribeOrganizationConfigRuleStatusesRequest$Limit": "The maximum number of OrganizationConfigRuleStatuses returned on each page. If you do no specify a number, Config uses the default. The default is 100.
The maximum number of organization config rules returned on each page. If you do no specify a number, Config uses the default. The default is 100.
", + "DescribeOrganizationConfigRulesRequest$Limit": "The maximum number of organization Config rules returned on each page. If you do no specify a number, Config uses the default. The default is 100.
", "DescribeOrganizationConformancePackStatusesRequest$Limit": "The maximum number of OrganizationConformancePackStatuses returned on each page. If you do no specify a number, Config uses the default. The default is 100.
", "DescribeOrganizationConformancePacksRequest$Limit": "The maximum number of organization config packs returned on each page. If you do no specify a number, Config uses the default. The default is 100.
", "GetOrganizationConfigRuleDetailedStatusRequest$Limit": "The maximum number of OrganizationConfigRuleDetailedStatus returned on each page. If you do not specify a number, Config uses the default. The default is 100.
The maximum number of OrganizationConformancePackDetailedStatuses returned on each page. If you do not specify a number, Config uses the default. The default is 100.
Provides the runtime system, policy definition, and whether debug logging enabled. You can specify the following CustomPolicyDetails parameter values only for Config Custom Policy rules.
", + "refs": { + "Source$CustomPolicyDetails": "Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set to CUSTOM_POLICY.
The time that Config last failed to evaluate your Amazon Web Services resources against the rule.
", "ConfigRuleEvaluationStatus$FirstActivatedTime": "The time that you first activated the Config rule.
", "ConfigRuleEvaluationStatus$LastDeactivatedTime": "The time that you last turned off the Config rule.
", + "ConfigRuleEvaluationStatus$LastDebugLogDeliveryTime": "The time Config last attempted to deliver a debug log for your Config Custom Policy rules.
", "ConfigStreamDeliveryInfo$lastStatusChangeTime": "The time from the last status change.
", "ConfigurationAggregator$CreationTime": "The time stamp when the configuration aggregator was created.
", "ConfigurationAggregator$LastUpdatedTime": "The time of the last update.
", @@ -982,6 +994,13 @@ "RemediationExecutionStep$StopTime": "The time when the step stopped.
" } }, + "DebugLogDeliveryAccounts": { + "base": null, + "refs": { + "OrganizationCustomPolicyRuleMetadata$DebugLogDeliveryAccounts": "A list of accounts that you can enable debug logging for your organization Config Custom Policy rule. List is null when debug logging is enabled for all accounts.
", + "OrganizationCustomPolicyRuleMetadataNoPolicy$DebugLogDeliveryAccounts": "A list of accounts that you can enable debug logging for your organization Config Custom Policy rule. List is null when debug logging is enabled for all accounts.
" + } + }, "DeleteAggregationAuthorizationRequest": { "base": null, "refs": { @@ -1479,9 +1498,9 @@ "ExcludedAccounts": { "base": null, "refs": { - "OrganizationConfigRule$ExcludedAccounts": "A comma-separated list of accounts excluded from organization config rule.
", + "OrganizationConfigRule$ExcludedAccounts": "A comma-separated list of accounts excluded from organization Config rule.
", "OrganizationConformancePack$ExcludedAccounts": "A comma-separated list of accounts excluded from organization conformance pack.
", - "PutOrganizationConfigRuleRequest$ExcludedAccounts": "A comma-separated list of accounts that you want to exclude from an organization config rule.
", + "PutOrganizationConfigRuleRequest$ExcludedAccounts": "A comma-separated list of accounts that you want to exclude from an organization Config rule.
", "PutOrganizationConformancePackRequest$ExcludedAccounts": "A list of Amazon Web Services accounts to be excluded from an organization conformance pack while deploying a conformance pack.
" } }, @@ -1669,6 +1688,16 @@ "refs": { } }, + "GetCustomRulePolicyRequest": { + "base": null, + "refs": { + } + }, + "GetCustomRulePolicyResponse": { + "base": null, + "refs": { + } + }, "GetDiscoveredResourceCountsRequest": { "base": null, "refs": { @@ -1699,6 +1728,16 @@ "refs": { } }, + "GetOrganizationCustomRulePolicyRequest": { + "base": null, + "refs": { + } + }, + "GetOrganizationCustomRulePolicyResponse": { + "base": null, + "refs": { + } + }, "GetResourceConfigHistoryRequest": { "base": "The input for the GetResourceConfigHistory action.
", "refs": { @@ -1751,7 +1790,7 @@ } }, "InsufficientPermissionsException": { - "base": "Indicates one of the following errors:
For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions to perform the config:Put* action.
For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.
For PutOrganizationConfigRule, organization config rule cannot be created because you do not have permissions to call IAM GetRole action or create a service linked role.
For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because you do not have permissions:
To call IAM GetRole action or create a service linked role.
To read Amazon S3 bucket.
Indicates one of the following errors:
For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions to perform the config:Put* action.
For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.
For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have permissions to call IAM GetRole action or create a service linked role.
For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because you do not have permissions:
To call IAM GetRole action or create a service linked role.
To read Amazon S3 bucket.
You have reached the limit of the number of organization config rules you can create.
", + "base": "You have reached the limit of the number of organization Config rules you can create.
", "refs": { } }, @@ -1965,6 +2004,8 @@ "refs": { "ConfigRule$MaximumExecutionFrequency": "The maximum frequency with which Config runs evaluations for a rule. You can specify a value for MaximumExecutionFrequency when:
You are using an Config managed rule that is triggered at a periodic frequency.
Your custom rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.
The frequency with which Config delivers configuration snapshots.
", + "OrganizationCustomPolicyRuleMetadata$MaximumExecutionFrequency": "The maximum frequency with which Config runs evaluations for a rule. Your Config Custom Policy rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
", + "OrganizationCustomPolicyRuleMetadataNoPolicy$MaximumExecutionFrequency": "The maximum frequency with which Config runs evaluations for a rule. Your Config Custom Policy rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
", "OrganizationCustomRuleMetadata$MaximumExecutionFrequency": "The maximum frequency with which Config runs evaluations for a rule. Your custom rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.
The maximum frequency with which Config runs evaluations for a rule. You are using an Config managed rule that is triggered at a periodic frequency.
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.
The frequency at which you want Config to run evaluations for a custom rule with a periodic trigger. If you specify a value for MaximumExecutionFrequency, then MessageType must use the ScheduledNotification value.
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.
Based on the valid value you choose, Config runs evaluations once for each valid value. For example, if you choose Three_Hours, Config runs evaluations once every three hours. In this case, Three_Hours is the frequency of this rule.
Indicates deployment status for config rule in the member account. When master account calls PutOrganizationConfigRule action for the first time, config rule status is created in the member account. When master account calls PutOrganizationConfigRule action for the second time, config rule status is updated in the member account. Config rule status is deleted when the master account deletes OrganizationConfigRule and disables service access for config-multiaccountsetup.amazonaws.com.
Config sets the state of the rule to:
CREATE_SUCCESSFUL when config rule has been created in the member account.
CREATE_IN_PROGRESS when config rule is being created in the member account.
CREATE_FAILED when config rule creation has failed in the member account.
DELETE_FAILED when config rule deletion has failed in the member account.
DELETE_IN_PROGRESS when config rule is being deleted in the member account.
DELETE_SUCCESSFUL when config rule has been deleted in the member account.
UPDATE_SUCCESSFUL when config rule has been updated in the member account.
UPDATE_IN_PROGRESS when config rule is being updated in the member account.
UPDATE_FAILED when config rule deletion has failed in the member account.
Indicates deployment status for config rule in the member account. When master account calls PutOrganizationConfigRule action for the first time, config rule status is created in the member account. When master account calls PutOrganizationConfigRule action for the second time, config rule status is updated in the member account. Config rule status is deleted when the master account deletes OrganizationConfigRule and disables service access for config-multiaccountsetup.amazonaws.com.
Config sets the state of the rule to:
CREATE_SUCCESSFUL when config rule has been created in the member account.
CREATE_IN_PROGRESS when config rule is being created in the member account.
CREATE_FAILED when config rule creation has failed in the member account.
DELETE_FAILED when config rule deletion has failed in the member account.
DELETE_IN_PROGRESS when config rule is being deleted in the member account.
DELETE_SUCCESSFUL when config rule has been deleted in the member account.
UPDATE_SUCCESSFUL when config rule has been updated in the member account.
UPDATE_IN_PROGRESS when config rule is being updated in the member account.
UPDATE_FAILED when config rule deletion has failed in the member account.
Indicates deployment status for Config rule in the member account. When master account calls PutOrganizationConfigRule action for the first time, Config rule status is created in the member account. When master account calls PutOrganizationConfigRule action for the second time, Config rule status is updated in the member account. Config rule status is deleted when the master account deletes OrganizationConfigRule and disables service access for config-multiaccountsetup.amazonaws.com.
Config sets the state of the rule to:
CREATE_SUCCESSFUL when Config rule has been created in the member account.
CREATE_IN_PROGRESS when Config rule is being created in the member account.
CREATE_FAILED when Config rule creation has failed in the member account.
DELETE_FAILED when Config rule deletion has failed in the member account.
DELETE_IN_PROGRESS when Config rule is being deleted in the member account.
DELETE_SUCCESSFUL when Config rule has been deleted in the member account.
UPDATE_SUCCESSFUL when Config rule has been updated in the member account.
UPDATE_IN_PROGRESS when Config rule is being updated in the member account.
UPDATE_FAILED when Config rule deletion has failed in the member account.
Indicates deployment status for Config rule in the member account. When master account calls PutOrganizationConfigRule action for the first time, Config rule status is created in the member account. When master account calls PutOrganizationConfigRule action for the second time, Config rule status is updated in the member account. Config rule status is deleted when the master account deletes OrganizationConfigRule and disables service access for config-multiaccountsetup.amazonaws.com.
Config sets the state of the rule to:
CREATE_SUCCESSFUL when Config rule has been created in the member account.
CREATE_IN_PROGRESS when Config rule is being created in the member account.
CREATE_FAILED when Config rule creation has failed in the member account.
DELETE_FAILED when Config rule deletion has failed in the member account.
DELETE_IN_PROGRESS when Config rule is being deleted in the member account.
DELETE_SUCCESSFUL when Config rule has been deleted in the member account.
UPDATE_SUCCESSFUL when Config rule has been updated in the member account.
UPDATE_IN_PROGRESS when Config rule is being updated in the member account.
UPDATE_FAILED when Config rule deletion has failed in the member account.
Organization config rule creation or deletion status in each member account. This includes the name of the rule, the status, error code and error message when the rule creation or deletion failed.
", + "base": "Organization Config rule creation or deletion status in each member account. This includes the name of the rule, the status, error code and error message when the rule creation or deletion failed.
", "refs": { "OrganizationConfigRuleDetailedStatus$member": null } @@ -2068,7 +2109,7 @@ } }, "NoSuchConfigRuleException": { - "base": "One or more Config rules in the request are invalid. Verify that the rule names are correct and try again.
", + "base": "The Config rule in the request is not valid. Verify that the rule is an Config Custom Policy rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
", "refs": { } }, @@ -2098,7 +2139,7 @@ } }, "NoSuchOrganizationConfigRuleException": { - "base": "You specified one or more organization config rules that do not exist.
", + "base": "The Config rule in the request is not valid. Verify that the rule is an organization Config Custom Policy rule, that the rule name is correct, and that valid Amazon Resouce Names (ARNs) are used before trying again.
", "refs": { } }, @@ -2147,7 +2188,7 @@ } }, "OrganizationConfigRule": { - "base": "An organization config rule that has information about config rules that Config creates in member accounts.
", + "base": "An organization Config rule that has information about Config rules that Config creates in member accounts.
", "refs": { "OrganizationConfigRules$member": null } @@ -2161,22 +2202,23 @@ "OrganizationConfigRuleName": { "base": null, "refs": { - "DeleteOrganizationConfigRuleRequest$OrganizationConfigRuleName": "The name of organization config rule that you want to delete.
", - "GetOrganizationConfigRuleDetailedStatusRequest$OrganizationConfigRuleName": "The name of organization config rule for which you want status details for member accounts.
", - "OrganizationConfigRule$OrganizationConfigRuleName": "The name that you assign to organization config rule.
", - "OrganizationConfigRuleStatus$OrganizationConfigRuleName": "The name that you assign to organization config rule.
", - "PutOrganizationConfigRuleRequest$OrganizationConfigRuleName": "The name that you assign to an organization config rule.
" + "DeleteOrganizationConfigRuleRequest$OrganizationConfigRuleName": "The name of organization Config rule that you want to delete.
", + "GetOrganizationConfigRuleDetailedStatusRequest$OrganizationConfigRuleName": "The name of your organization Config rule for which you want status details for member accounts.
", + "GetOrganizationCustomRulePolicyRequest$OrganizationConfigRuleName": "The name of your organization Config Custom Policy rule.
", + "OrganizationConfigRule$OrganizationConfigRuleName": "The name that you assign to organization Config rule.
", + "OrganizationConfigRuleStatus$OrganizationConfigRuleName": "The name that you assign to organization Config rule.
", + "PutOrganizationConfigRuleRequest$OrganizationConfigRuleName": "The name that you assign to an organization Config rule.
" } }, "OrganizationConfigRuleNames": { "base": null, "refs": { - "DescribeOrganizationConfigRuleStatusesRequest$OrganizationConfigRuleNames": "The names of organization config rules for which you want status details. If you do not specify any names, Config returns details for all your organization Config rules.
", - "DescribeOrganizationConfigRulesRequest$OrganizationConfigRuleNames": "The names of organization config rules for which you want details. If you do not specify any names, Config returns details for all your organization config rules.
" + "DescribeOrganizationConfigRuleStatusesRequest$OrganizationConfigRuleNames": "The names of organization Config rules for which you want status details. If you do not specify any names, Config returns details for all your organization Config rules.
", + "DescribeOrganizationConfigRulesRequest$OrganizationConfigRuleNames": "The names of organization Config rules for which you want details. If you do not specify any names, Config returns details for all your organization Config rules.
" } }, "OrganizationConfigRuleStatus": { - "base": "Returns the status for an organization config rule in an organization.
", + "base": "Returns the status for an organization Config rule in an organization.
", "refs": { "OrganizationConfigRuleStatuses$member": null } @@ -2193,6 +2235,19 @@ "OrganizationConfigRuleTriggerTypes$member": null } }, + "OrganizationConfigRuleTriggerTypeNoSN": { + "base": null, + "refs": { + "OrganizationConfigRuleTriggerTypeNoSNs$member": null + } + }, + "OrganizationConfigRuleTriggerTypeNoSNs": { + "base": null, + "refs": { + "OrganizationCustomPolicyRuleMetadata$OrganizationConfigRuleTriggerTypes": "The type of notification that initiates Config to run an evaluation for a rule. For Config Custom Policy rules, Config supports change-initiated notification types:
ConfigurationItemChangeNotification - Initiates an evaluation when Config delivers a configuration item as a result of a resource change.
OversizedConfigurationItemChangeNotification - Initiates an evaluation when Config delivers an oversized configuration item. Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
The type of notification that triggers Config to run an evaluation for a rule. For Config Custom Policy rules, Config supports change triggered notification types:
ConfigurationItemChangeNotification - Triggers an evaluation when Config delivers a configuration item as a result of a resource change.
OversizedConfigurationItemChangeNotification - Triggers an evaluation when Config delivers an oversized configuration item. Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
Returns a list of OrganizationConformancePacks objects.
" } }, + "OrganizationCustomPolicyRuleMetadata": { + "base": "An object that specifies metadata for your organization's Config Custom Policy rule. The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that initiate Config to evaluate Amazon Web Services resources against a rule.
", + "refs": { + "PutOrganizationConfigRuleRequest$OrganizationCustomPolicyRuleMetadata": "An object that specifies metadata for your organization's Config Custom Policy rule. The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that initiate Config to evaluate Amazon Web Services resources against a rule.
" + } + }, + "OrganizationCustomPolicyRuleMetadataNoPolicy": { + "base": "An object that specifies metadata for your organization Config Custom Policy rule including the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that trigger Config to evaluate Amazon Web Services resources against a rule.
", + "refs": { + "OrganizationConfigRule$OrganizationCustomPolicyRuleMetadata": "An object that specifies metadata for your organization's Config Custom Policy rule. The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that initiate Config to evaluate Amazon Web Services resources against a rule.
" + } + }, "OrganizationCustomRuleMetadata": { "base": "An object that specifies organization custom rule metadata such as resource type, resource ID of Amazon Web Services resource, Lambda function ARN, and organization trigger types that trigger Config to evaluate your Amazon Web Services resources against a rule. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
", "refs": { @@ -2300,7 +2367,7 @@ "OrganizationRuleStatus": { "base": null, "refs": { - "OrganizationConfigRuleStatus$OrganizationRuleStatus": "Indicates deployment status of an organization config rule. When master account calls PutOrganizationConfigRule action for the first time, config rule status is created in all the member accounts. When master account calls PutOrganizationConfigRule action for the second time, config rule status is updated in all the member accounts. Additionally, config rule status is updated when one or more member accounts join or leave an organization. Config rule status is deleted when the master account deletes OrganizationConfigRule in all the member accounts and disables service access for config-multiaccountsetup.amazonaws.com.
Config sets the state of the rule to:
CREATE_SUCCESSFUL when an organization config rule has been successfully created in all the member accounts.
CREATE_IN_PROGRESS when an organization config rule creation is in progress.
CREATE_FAILED when an organization config rule creation failed in one or more member accounts within that organization.
DELETE_FAILED when an organization config rule deletion failed in one or more member accounts within that organization.
DELETE_IN_PROGRESS when an organization config rule deletion is in progress.
DELETE_SUCCESSFUL when an organization config rule has been successfully deleted from all the member accounts.
UPDATE_SUCCESSFUL when an organization config rule has been successfully updated in all the member accounts.
UPDATE_IN_PROGRESS when an organization config rule update is in progress.
UPDATE_FAILED when an organization config rule update failed in one or more member accounts within that organization.
Indicates deployment status of an organization Config rule. When master account calls PutOrganizationConfigRule action for the first time, Config rule status is created in all the member accounts. When master account calls PutOrganizationConfigRule action for the second time, Config rule status is updated in all the member accounts. Additionally, Config rule status is updated when one or more member accounts join or leave an organization. Config rule status is deleted when the master account deletes OrganizationConfigRule in all the member accounts and disables service access for config-multiaccountsetup.amazonaws.com.
Config sets the state of the rule to:
CREATE_SUCCESSFUL when an organization Config rule has been successfully created in all the member accounts.
CREATE_IN_PROGRESS when an organization Config rule creation is in progress.
CREATE_FAILED when an organization Config rule creation failed in one or more member accounts within that organization.
DELETE_FAILED when an organization Config rule deletion failed in one or more member accounts within that organization.
DELETE_IN_PROGRESS when an organization Config rule deletion is in progress.
DELETE_SUCCESSFUL when an organization Config rule has been successfully deleted from all the member accounts.
UPDATE_SUCCESSFUL when an organization Config rule has been successfully updated in all the member accounts.
UPDATE_IN_PROGRESS when an organization Config rule update is in progress.
UPDATE_FAILED when an organization Config rule update failed in one or more member accounts within that organization.
Indicates whether Amazon Web Services or the customer owns and manages the Config rule.
" + "Source$Owner": "Indicates whether Amazon Web Services or the customer owns and manages the Config rule.
Config Managed Rules are predefined rules owned by Amazon Web Services. For more information, see Config Managed Rules in the Config developer guide.
Config Custom Rules are rules that you can develop either with Guard (CUSTOM_POLICY) or Lambda (CUSTOM_LAMBDA). For more information, see Config Custom Rules in the Config developer guide.
The percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. You can specify a percentage of errors, for example 10%. If you do not specifiy a percentage, the default is 50%. For example, if you set the ErrorPercentage to 40% for 10 non-compliant resources, then SSM stops running the automations when the fifth error is received.
" } }, + "PolicyRuntime": { + "base": null, + "refs": { + "CustomPolicyDetails$PolicyRuntime": "The runtime system for your Config Custom Policy rule. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
", + "OrganizationCustomPolicyRuleMetadata$PolicyRuntime": "The runtime system for your organization Config Custom Policy rules. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
", + "OrganizationCustomPolicyRuleMetadataNoPolicy$PolicyRuntime": "The runtime system for your organization Config Custom Policy rules. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
" + } + }, + "PolicyText": { + "base": null, + "refs": { + "CustomPolicyDetails$PolicyText": "The policy definition containing the logic for your Config Custom Policy rule.
", + "GetCustomRulePolicyResponse$PolicyText": "The policy definition containing the logic for your Config Custom Policy rule.
", + "GetOrganizationCustomRulePolicyResponse$PolicyText": "The policy definition containing the logic for your organization Config Custom Policy rule.
", + "OrganizationCustomPolicyRuleMetadata$PolicyText": "The policy definition containing the logic for your organization Config Custom Policy rule.
" + } + }, "PutAggregationAuthorizationRequest": { "base": null, "refs": { @@ -2775,7 +2859,7 @@ } }, "ResourceInUseException": { - "base": "You see this exception in the following cases:
For DeleteConfigRule, Config is deleting this rule. Try your request again later.
For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.
For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this rule. Delete the remediation action associated with the rule before deleting the rule and try your request again later.
For PutConfigOrganizationRule, organization config rule deletion is in progress. Try your request again later.
For DeleteOrganizationConfigRule, organization config rule creation is in progress. Try your request again later.
For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and deletion is in progress. Try your request again later.
For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your request again later.
You see this exception in the following cases:
For DeleteConfigRule, Config is deleting this rule. Try your request again later.
For DeleteConfigRule, the rule is deleting your evaluation results. Try your request again later.
For DeleteConfigRule, a remediation action is associated with the rule and Config cannot delete this rule. Delete the remediation action associated with the rule before deleting the rule and try your request again later.
For PutConfigOrganizationRule, organization Config rule deletion is in progress. Try your request again later.
For DeleteOrganizationConfigRule, organization Config rule creation is in progress. Try your request again later.
For PutConformancePack and PutOrganizationConformancePack, a conformance pack creation, update, and deletion is in progress. Try your request again later.
For DeleteConformancePack, a conformance pack creation, update, and deletion is in progress. Try your request again later.
The type of the Amazon Web Services resource that was evaluated.
", + "OrganizationCustomPolicyRuleMetadataNoPolicy$ResourceTypesScope": "The type of the Amazon Web Services resource that was evaluated.
", "OrganizationCustomRuleMetadata$ResourceTypesScope": "The type of the Amazon Web Services resource that was evaluated.
", "OrganizationManagedRuleMetadata$ResourceTypesScope": "The type of the Amazon Web Services resource that was evaluated.
" } @@ -2955,7 +3041,7 @@ } }, "Source": { - "base": "Provides the Config rule owner (Amazon Web Services or customer), the rule identifier, and the events that trigger the evaluation of your Amazon Web Services resources.
", + "base": "Provides the CustomPolicyDetails, the rule owner (Amazon Web Services or customer), the rule identifier, and the events that cause the evaluation of your Amazon Web Services resources.
", "refs": { "ConfigRule$Source": "Provides the rule owner (Amazon Web Services or customer), the rule identifier, and the notifications that cause the function to evaluate your Amazon Web Services resources.
" } @@ -2969,7 +3055,7 @@ "SourceDetails": { "base": null, "refs": { - "Source$SourceDetails": "Provides the source and type of the event that causes Config to evaluate your Amazon Web Services resources.
" + "Source$SourceDetails": "Provides the source and the message types that cause Config to evaluate your Amazon Web Services resources against a rule. It also provides the frequency with which you want Config to run evaluations for the rule if the trigger type is periodic.
If the owner is set to CUSTOM_POLICY, the only acceptable values for the Config rule trigger message type are ConfigurationItemChangeNotification and OversizedConfigurationItemChangeNotification.
Status filter object to filter results based on specific member account ID or status type for an organization config rule.
", + "base": "Status filter object to filter results based on specific member account ID or status type for an organization Config rule.
", "refs": { "GetOrganizationConfigRuleDetailedStatusRequest$Filters": "A StatusDetailFilters object.
The ID of the Config rule.
", "ConfigRuleEvaluationStatus$LastErrorCode": "The error code that Config returned when the rule last failed.
", "ConfigRuleEvaluationStatus$LastErrorMessage": "The error message that Config returned when the rule last failed.
", + "ConfigRuleEvaluationStatus$LastDebugLogDeliveryStatus": "The status of the last attempted delivery of a debug log for your Config Custom Policy rules. Either Successful or Failed.
The reason Config was not able to deliver a debug log. This is for the last failed attempt to retrieve a debug log for your Config Custom Policy rules.
", "ConfigStreamDeliveryInfo$lastErrorCode": "The error code from the last attempted delivery.
", "ConfigStreamDeliveryInfo$lastErrorMessage": "The error message from the last attempted delivery.
", "ConfigurationRecorder$roleARN": "Amazon Resource Name (ARN) of the IAM role used to describe the Amazon Web Services resources associated with the account.
", @@ -3116,11 +3204,11 @@ "GetOrganizationConformancePackDetailedStatusResponse$NextToken": "The nextToken string returned on a previous page that you use to get the next page of results in a paginated response.
", "ListStoredQueriesRequest$NextToken": "The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.
", "ListStoredQueriesResponse$NextToken": "If the previous paginated request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.
An error code that is returned when config rule creation or deletion failed in the member account.
", - "MemberAccountStatus$ErrorMessage": "An error message indicating that config rule account creation or deletion has failed due to an error in the member account.
", + "MemberAccountStatus$ErrorCode": "An error code that is returned when Config rule creation or deletion failed in the member account.
", + "MemberAccountStatus$ErrorMessage": "An error message indicating that Config rule account creation or deletion has failed due to an error in the member account.
", "OrganizationAggregationSource$RoleArn": "ARN of the IAM role used to retrieve Amazon Web Services Organization details associated with the aggregator account.
", - "OrganizationConfigRuleStatus$ErrorCode": "An error code that is returned when organization config rule creation or deletion has failed.
", - "OrganizationConfigRuleStatus$ErrorMessage": "An error message indicating that organization config rule creation or deletion failed due to an error.
", + "OrganizationConfigRuleStatus$ErrorCode": "An error code that is returned when organization Config rule creation or deletion has failed.
", + "OrganizationConfigRuleStatus$ErrorMessage": "An error message indicating that organization Config rule creation or deletion failed due to an error.
", "OrganizationConformancePackDetailedStatus$ErrorCode": "An error code that is returned when conformance pack creation or deletion failed in the member account.
", "OrganizationConformancePackDetailedStatus$ErrorMessage": "An error message indicating that conformance pack account creation or deletion has failed due to an error in the member account.
", "OrganizationConformancePackStatus$ErrorCode": "An error code that is returned when organization conformance pack creation or deletion has failed in a member account.
", @@ -3150,6 +3238,8 @@ "base": null, "refs": { "ControlsList$member": null, + "OrganizationCustomPolicyRuleMetadata$TagKeyScope": "One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
", + "OrganizationCustomPolicyRuleMetadataNoPolicy$TagKeyScope": "One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
", "OrganizationCustomRuleMetadata$TagKeyScope": "One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
", "OrganizationManagedRuleMetadata$TagKeyScope": "One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
", "Scope$TagKey": "The tag key that is applied to only those Amazon Web Services resources that you want to trigger an evaluation for the rule.
" @@ -3158,8 +3248,10 @@ "StringWithCharLimit2048": { "base": null, "refs": { - "OrganizationCustomRuleMetadata$InputParameters": "A string, in JSON format, that is passed to organization config rule Lambda function.
", - "OrganizationManagedRuleMetadata$InputParameters": "A string, in JSON format, that is passed to organization config rule Lambda function.
" + "OrganizationCustomPolicyRuleMetadata$InputParameters": "A string, in JSON format, that is passed to your organization Config Custom Policy rule.
", + "OrganizationCustomPolicyRuleMetadataNoPolicy$InputParameters": "A string, in JSON format, that is passed to your organization Config Custom Policy rule.
", + "OrganizationCustomRuleMetadata$InputParameters": "A string, in JSON format, that is passed to your organization Config rule Lambda function.
", + "OrganizationManagedRuleMetadata$InputParameters": "A string, in JSON format, that is passed to your organization Config rule Lambda function.
" } }, "StringWithCharLimit256": { @@ -3189,14 +3281,16 @@ "GetAggregateDiscoveredResourceCountsResponse$GroupByKey": "The key passed into the request object. If GroupByKey is not provided, the result will be empty.
The type of the Amazon Web Services resource for which you want compliance information.
", "GroupedResourceCount$GroupName": "The name of the group that can be region, account ID, or resource type. For example, region1, region2 if the region was chosen as GroupByKey.
Amazon Resource Name (ARN) of organization config rule.
", + "OrganizationConfigRule$OrganizationConfigRuleArn": "Amazon Resource Name (ARN) of organization Config rule.
", "OrganizationConformancePack$OrganizationConformancePackArn": "Amazon Resource Name (ARN) of organization conformance pack.
", "OrganizationConformancePackDetailedStatus$ConformancePackName": "The name of conformance pack deployed in the member account.
", + "OrganizationCustomPolicyRuleMetadata$TagValueScope": "The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
", + "OrganizationCustomPolicyRuleMetadataNoPolicy$TagValueScope": "The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
", "OrganizationCustomRuleMetadata$LambdaFunctionArn": "The lambda function ARN.
", "OrganizationCustomRuleMetadata$TagValueScope": "The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
", "OrganizationManagedRuleMetadata$RuleIdentifier": "For organization config managed rules, a predefined identifier from a list. For example, IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see Using Config managed rules.
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
", - "PutOrganizationConfigRuleResponse$OrganizationConfigRuleArn": "The Amazon Resource Name (ARN) of an organization config rule.
", + "PutOrganizationConfigRuleResponse$OrganizationConfigRuleArn": "The Amazon Resource Name (ARN) of an organization Config rule.
", "PutOrganizationConformancePackResponse$OrganizationConformancePackArn": "ARN of the organization conformance pack.
", "RemediationConfiguration$TargetId": "Target ID is the name of the public document.
", "RemediationException$ResourceType": "The type of a resource.
", @@ -3205,15 +3299,17 @@ "ResourceTypes$member": null, "ResourceTypesScope$member": null, "Scope$TagValue": "The tag value applied to only those Amazon Web Services resources that you want to trigger an evaluation for the rule. If you specify a value for TagValue, you must also specify a value for TagKey.
For Config managed rules, a predefined identifier from a list. For example, IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see Using Config managed rules.
For custom rules, the identifier is the Amazon Resource Name (ARN) of the rule's Lambda function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name.
For Config Managed rules, a predefined identifier from a list. For example, IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see List of Config Managed Rules.
For Config Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's Lambda function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name.
For Config Custom Policy rules, this field will be ignored.
", "StaticParameterValues$member": null } }, "StringWithCharLimit256Min0": { "base": null, "refs": { - "OrganizationCustomRuleMetadata$Description": "The description that you provide for organization config rule.
", - "OrganizationManagedRuleMetadata$Description": "The description that you provide for organization config rule.
" + "OrganizationCustomPolicyRuleMetadata$Description": "The description that you provide for your organization Config Custom Policy rule.
", + "OrganizationCustomPolicyRuleMetadataNoPolicy$Description": "The description that you provide for your organization Config Custom Policy rule.
", + "OrganizationCustomRuleMetadata$Description": "The description that you provide for your organization Config rule.
", + "OrganizationManagedRuleMetadata$Description": "The description that you provide for your organization Config rule.
" } }, "StringWithCharLimit64": { @@ -3224,13 +3320,15 @@ "ConformancePackConfigRuleNames$member": null, "DeleteEvaluationResultsRequest$ConfigRuleName": "The name of the Config rule for which you want to delete the evaluation results.
", "GetComplianceDetailsByConfigRuleRequest$ConfigRuleName": "The name of the Config rule for which you want compliance information.
", - "MemberAccountStatus$ConfigRuleName": "The name of config rule deployed in the member account.
", + "MemberAccountStatus$ConfigRuleName": "The name of Config rule deployed in the member account.
", "OrganizationConfigRuleNames$member": null } }, "StringWithCharLimit768": { "base": null, "refs": { + "OrganizationCustomPolicyRuleMetadata$ResourceIdScope": "The ID of the Amazon Web Services resource that was evaluated.
", + "OrganizationCustomPolicyRuleMetadataNoPolicy$ResourceIdScope": "The ID of the Amazon Web Services resource that was evaluated.
", "OrganizationCustomRuleMetadata$ResourceIdScope": "The ID of the Amazon Web Services resource that was evaluated.
", "OrganizationManagedRuleMetadata$ResourceIdScope": "The ID of the Amazon Web Services resource that was evaluated.
" } @@ -3311,7 +3409,7 @@ "TemplateBody": { "base": null, "refs": { - "PutConformancePackRequest$TemplateBody": "A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
You can only use a YAML template with two resource types: config rule (AWS::Config::ConfigRule) and a remediation action (AWS::Config::RemediationConfiguration).
A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
You can only use a YAML template with two resource types: Config rule (AWS::Config::ConfigRule) and a remediation action (AWS::Config::RemediationConfiguration).
A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
" } }, diff --git a/models/apis/lambda/2015-03-31/api-2.json b/models/apis/lambda/2015-03-31/api-2.json index 36e66692810..afc614f6cd2 100644 --- a/models/apis/lambda/2015-03-31/api-2.json +++ b/models/apis/lambda/2015-03-31/api-2.json @@ -1334,7 +1334,8 @@ "FileSystemConfigs":{"shape":"FileSystemConfigList"}, "ImageConfig":{"shape":"ImageConfig"}, "CodeSigningConfigArn":{"shape":"CodeSigningConfigArn"}, - "Architectures":{"shape":"ArchitecturesList"} + "Architectures":{"shape":"ArchitecturesList"}, + "EphemeralStorage":{"shape":"EphemeralStorage"} } }, "Date":{"type":"timestamp"}, @@ -1632,6 +1633,18 @@ "value":{"shape":"EnvironmentVariableValue"}, "sensitive":true }, + "EphemeralStorage":{ + "type":"structure", + "required":["Size"], + "members":{ + "Size":{"shape":"EphemeralStorageSize"} + } + }, + "EphemeralStorageSize":{ + "type":"integer", + "max":10240, + "min":512 + }, "EventSourceMappingConfiguration":{ "type":"structure", "members":{ @@ -1776,7 +1789,8 @@ "ImageConfigResponse":{"shape":"ImageConfigResponse"}, "SigningProfileVersionArn":{"shape":"Arn"}, "SigningJobArn":{"shape":"Arn"}, - "Architectures":{"shape":"ArchitecturesList"} + "Architectures":{"shape":"ArchitecturesList"}, + "EphemeralStorage":{"shape":"EphemeralStorage"} } }, "FunctionEventInvokeConfig":{ @@ -3625,7 +3639,8 @@ "RevisionId":{"shape":"String"}, "Layers":{"shape":"LayerList"}, "FileSystemConfigs":{"shape":"FileSystemConfigList"}, - "ImageConfig":{"shape":"ImageConfig"} + "ImageConfig":{"shape":"ImageConfig"}, + "EphemeralStorage":{"shape":"EphemeralStorage"} } }, "UpdateFunctionEventInvokeConfigRequest":{ diff --git a/models/apis/lambda/2015-03-31/docs-2.json b/models/apis/lambda/2015-03-31/docs-2.json index fb921333190..27ef548ba92 100644 --- a/models/apis/lambda/2015-03-31/docs-2.json +++ b/models/apis/lambda/2015-03-31/docs-2.json @@ -547,6 +547,20 @@ "EnvironmentResponse$Variables": "Environment variable key-value pairs.
" } }, + "EphemeralStorage": { + "base": "The size of the function’s /tmp directory in MB. The default value is 512, but can be any whole number between 512 and 10240 MB.
", + "refs": { + "CreateFunctionRequest$EphemeralStorage": "The size of the function’s /tmp directory in MB. The default value is 512, but can be any whole number between 512 and 10240 MB.
", + "FunctionConfiguration$EphemeralStorage": "The size of the function’s /tmp directory in MB. The default value is 512, but can be any whole number between 512 and 10240 MB.
", + "UpdateFunctionConfigurationRequest$EphemeralStorage": "The size of the function’s /tmp directory in MB. The default value is 512, but can be any whole number between 512 and 10240 MB.
" + } + }, + "EphemeralStorageSize": { + "base": null, + "refs": { + "EphemeralStorage$Size": "The size of the function’s /tmp directory.
" + } + }, "EventSourceMappingConfiguration": { "base": "A mapping between an Amazon Web Services resource and a Lambda function. For details, see CreateEventSourceMapping.
", "refs": { diff --git a/models/apis/transcribe/2017-10-26/api-2.json b/models/apis/transcribe/2017-10-26/api-2.json index a237da498c2..72febbd2fe8 100644 --- a/models/apis/transcribe/2017-10-26/api-2.json +++ b/models/apis/transcribe/2017-10-26/api-2.json @@ -1733,17 +1733,24 @@ "type":"list", "member":{"shape":"SubtitleFormat"} }, + "SubtitleOutputStartIndex":{ + "type":"integer", + "max":1, + "min":0 + }, "Subtitles":{ "type":"structure", "members":{ - "Formats":{"shape":"SubtitleFormats"} + "Formats":{"shape":"SubtitleFormats"}, + "OutputStartIndex":{"shape":"SubtitleOutputStartIndex"} } }, "SubtitlesOutput":{ "type":"structure", "members":{ "Formats":{"shape":"SubtitleFormats"}, - "SubtitleFileUris":{"shape":"SubtitleFileUris"} + "SubtitleFileUris":{"shape":"SubtitleFileUris"}, + "OutputStartIndex":{"shape":"SubtitleOutputStartIndex"} } }, "Tag":{ diff --git a/models/apis/transcribe/2017-10-26/docs-2.json b/models/apis/transcribe/2017-10-26/docs-2.json index 71a00d62e40..7f5e2a088ac 100644 --- a/models/apis/transcribe/2017-10-26/docs-2.json +++ b/models/apis/transcribe/2017-10-26/docs-2.json @@ -79,7 +79,7 @@ "Settings$ShowSpeakerLabels": "Determines whether the transcription job uses speaker recognition to identify different speakers in the input audio. Speaker recognition labels individual speakers in the audio file. If you set the ShowSpeakerLabels field to true, you must also set the maximum number of speaker labels MaxSpeakerLabels field.
You can't set both ShowSpeakerLabels and ChannelIdentification in the same request. If you set both, your request returns a BadRequestException.
Instructs Amazon Transcribe to process each audio channel separately and then merge the transcription output of each channel into a single transcription.
Amazon Transcribe also produces a transcription of each item detected on an audio channel, including the start time and end time of the item and alternative transcriptions of the item including the confidence that Amazon Transcribe has in the transcription.
You can't set both ShowSpeakerLabels and ChannelIdentification in the same request. If you set both, your request returns a BadRequestException.
Determines whether the transcription contains alternative transcriptions. If you set the ShowAlternatives field to true, you must also set the maximum number of alternatives to return in the MaxAlternatives field.
Set this field to true to enable automatic language identification. Automatic language identification is disabled by default. You receive a BadRequestException error if you enter a value for a LanguageCode.
Set this field to true to enable automatic language identification. Automatic language identification is disabled by default. You receive a BadRequestException error if you enter a value for a LanguageCode.
You must include either LanguageCode or IdentifyLanguage in your request.
If TRUE, the rule that you specify is applied to everything except for the phrases that you specify.
A value that shows if automatic language identification was enabled for a transcription job.
", "TranscriptionJobSummary$IdentifyLanguage": "Whether automatic language identification was enabled for a transcription job.
" @@ -509,7 +509,7 @@ "MedicalTranscriptionJob$LanguageCode": "The language code for the language spoken in the source audio file. US English (en-US) is the only supported language for medical transcriptions. Any other value you enter for language code results in a BadRequestException error.
The language of the transcript in the source audio file.
", "StartMedicalTranscriptionJobRequest$LanguageCode": "The language code for the language spoken in the input media file. US English (en-US) is the valid value for medical transcription jobs. Any other value you enter for language code results in a BadRequestException error.
The language code for the language used in the input media file.
To transcribe speech in Modern Standard Arabic (ar-SA), your audio or video file must be encoded at a sample rate of 16,000 Hz or higher.
", + "StartTranscriptionJobRequest$LanguageCode": "The language code for the language used in the input media file. You must include either LanguageCode or IdentifyLanguage in your request.
To transcribe speech in Modern Standard Arabic (ar-SA), your audio or video file must be encoded at a sample rate of 16,000 Hz or higher.
", "TranscriptionJob$LanguageCode": "The language code for the input speech.
", "TranscriptionJobSummary$LanguageCode": "The language code for the input speech.
", "UpdateMedicalVocabularyRequest$LanguageCode": "The language code of the language used for the entries in the updated vocabulary. U.S. English (en-US) is the only valid language code in Amazon Transcribe Medical.
", @@ -696,7 +696,7 @@ "MediaSampleRateHertz": { "base": null, "refs": { - "CallAnalyticsJob$MediaSampleRateHertz": "The sample rate, in Hertz, of the audio.
", + "CallAnalyticsJob$MediaSampleRateHertz": "The sample rate, in Hertz, of the input audio.
", "StartTranscriptionJobRequest$MediaSampleRateHertz": "The sample rate, in Hertz, of the audio track in the input media file.
If you do not specify the media sample rate, Amazon Transcribe determines the sample rate. If you specify the sample rate, it must match the sample rate detected by Amazon Transcribe. In most cases, you should leave the MediaSampleRateHertz field blank and let Amazon Transcribe determine the sample rate.
The sample rate, in Hertz (Hz), of the audio track in the input media file.
" } @@ -1016,18 +1016,25 @@ "SubtitleFormats": { "base": null, "refs": { - "Subtitles$Formats": "Specify the output format for your subtitle file.
", - "SubtitlesOutput$Formats": "Specify the output format for your subtitle file; if you select both SRT and VTT formats, two output files are generated.
" + "Subtitles$Formats": "Specify the output format for your subtitle file; if you select both srt and vtt formats, two output files are generated.
The format of your subtitle files. If your request specified both srt and vtt formats, both formats are shown.
Defines the starting value that is assigned to the first subtitle segment.
The default start index for Amazon Transcribe is 0, which differs from the more widely used standard of 1. If you're uncertain which value to use, we recommend choosing 1, as this may improve compatibility with other services.
Shows the output start index value for your subtitle files. If you did not specify a value in your request, the default value of 0 is used.
Generate subtitles for your batch transcription job.
", + "base": "Generate subtitles for your batch transcription job. Note that your subtitle files are placed in the same location as your transcription output.
", "refs": { "StartTranscriptionJobRequest$Subtitles": "Add subtitles to your batch transcription job.
" } }, "SubtitlesOutput": { - "base": "Choose the output format for your subtitle file and the S3 location where you want your file saved.
", + "base": "The S3 location where your subtitle files are located. Note that your subtitle files are placed in the same location as your transcription output. Refer to TranscriptFileUri to download your files.
Generate subtitles for your batch transcription job.
" } @@ -1125,7 +1132,7 @@ "base": "Describes an asynchronous transcription job that was created with the StartTranscriptionJob operation.
An object that contains the results of the transcription job.
", - "StartTranscriptionJobResponse$TranscriptionJob": "An object containing details of the asynchronous transcription job.
" + "StartTranscriptionJobResponse$TranscriptionJob": "Provides information about your asynchronous transcription job.
" } }, "TranscriptionJobName": { diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index 860f48dd708..8004871c266 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -16019,6 +16019,36 @@ } } }, + "meetings-chime" : { + "endpoints" : { + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "meetings-chime-fips.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-east-1-fips" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "deprecated" : true, + "hostname" : "meetings-chime-fips.us-gov-east-1.amazonaws.com" + }, + "us-gov-west-1" : { + "variants" : [ { + "hostname" : "meetings-chime-fips.us-gov-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-west-1-fips" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "deprecated" : true, + "hostname" : "meetings-chime-fips.us-gov-west-1.amazonaws.com" + } + } + }, "metering.marketplace" : { "defaults" : { "credentialScope" : { diff --git a/service/configservice/api.go b/service/configservice/api.go index 0153995b4dd..b54ad0d51b1 100644 --- a/service/configservice/api.go +++ b/service/configservice/api.go @@ -353,8 +353,9 @@ func (c *ConfigService) DeleteConfigRuleRequest(input *DeleteConfigRuleInput) (r // // Returned Error Types: // * NoSuchConfigRuleException -// One or more Config rules in the request are invalid. Verify that the rule -// names are correct and try again. +// The Config rule in the request is not valid. Verify that the rule is an Config +// Custom Policy rule, that the rule name is correct, and that valid Amazon +// Resouce Names (ARNs) are used before trying again. // // * ResourceInUseException // You see this exception in the following cases: @@ -369,10 +370,10 @@ func (c *ConfigService) DeleteConfigRuleRequest(input *DeleteConfigRuleInput) (r // and Config cannot delete this rule. Delete the remediation action associated // with the rule before deleting the rule and try your request again later. // -// * For PutConfigOrganizationRule, organization config rule deletion is +// * For PutConfigOrganizationRule, organization Config rule deletion is // in progress. Try your request again later. // -// * For DeleteOrganizationConfigRule, organization config rule creation +// * For DeleteOrganizationConfigRule, organization Config rule creation // is in progress. Try your request again later. // // * For PutConformancePack and PutOrganizationConformancePack, a conformance @@ -649,10 +650,10 @@ func (c *ConfigService) DeleteConformancePackRequest(input *DeleteConformancePac // and Config cannot delete this rule. Delete the remediation action associated // with the rule before deleting the rule and try your request again later. // -// * For PutConfigOrganizationRule, organization config rule deletion is +// * For PutConfigOrganizationRule, organization Config rule deletion is // in progress. Try your request again later. // -// * For DeleteOrganizationConfigRule, organization config rule creation +// * For DeleteOrganizationConfigRule, organization Config rule creation // is in progress. Try your request again later. // // * For PutConformancePack and PutOrganizationConformancePack, a conformance @@ -830,8 +831,9 @@ func (c *ConfigService) DeleteEvaluationResultsRequest(input *DeleteEvaluationRe // // Returned Error Types: // * NoSuchConfigRuleException -// One or more Config rules in the request are invalid. Verify that the rule -// names are correct and try again. +// The Config rule in the request is not valid. Verify that the rule is an Config +// Custom Policy rule, that the rule name is correct, and that valid Amazon +// Resouce Names (ARNs) are used before trying again. // // * ResourceInUseException // You see this exception in the following cases: @@ -846,10 +848,10 @@ func (c *ConfigService) DeleteEvaluationResultsRequest(input *DeleteEvaluationRe // and Config cannot delete this rule. Delete the remediation action associated // with the rule before deleting the rule and try your request again later. // -// * For PutConfigOrganizationRule, organization config rule deletion is +// * For PutConfigOrganizationRule, organization Config rule deletion is // in progress. Try your request again later. // -// * For DeleteOrganizationConfigRule, organization config rule creation +// * For DeleteOrganizationConfigRule, organization Config rule creation // is in progress. Try your request again later. // // * For PutConformancePack and PutOrganizationConformancePack, a conformance @@ -926,11 +928,11 @@ func (c *ConfigService) DeleteOrganizationConfigRuleRequest(input *DeleteOrganiz // DeleteOrganizationConfigRule API operation for AWS Config. // -// Deletes the specified organization config rule and all of its evaluation +// Deletes the specified organization Config rule and all of its evaluation // results from all member accounts in that organization. // // Only a master account and a delegated administrator account can delete an -// organization config rule. When calling this API with a delegated administrator, +// organization Config rule. When calling this API with a delegated administrator, // you must ensure Organizations ListDelegatedAdministrator permissions are // added. // @@ -946,7 +948,9 @@ func (c *ConfigService) DeleteOrganizationConfigRuleRequest(input *DeleteOrganiz // // Returned Error Types: // * NoSuchOrganizationConfigRuleException -// You specified one or more organization config rules that do not exist. +// The Config rule in the request is not valid. Verify that the rule is an organization +// Config Custom Policy rule, that the rule name is correct, and that valid +// Amazon Resouce Names (ARNs) are used before trying again. // // * ResourceInUseException // You see this exception in the following cases: @@ -961,10 +965,10 @@ func (c *ConfigService) DeleteOrganizationConfigRuleRequest(input *DeleteOrganiz // and Config cannot delete this rule. Delete the remediation action associated // with the rule before deleting the rule and try your request again later. // -// * For PutConfigOrganizationRule, organization config rule deletion is +// * For PutConfigOrganizationRule, organization Config rule deletion is // in progress. Try your request again later. // -// * For DeleteOrganizationConfigRule, organization config rule creation +// * For DeleteOrganizationConfigRule, organization Config rule creation // is in progress. Try your request again later. // // * For PutConformancePack and PutOrganizationConformancePack, a conformance @@ -1066,7 +1070,7 @@ func (c *ConfigService) DeleteOrganizationConformancePackRequest(input *DeleteOr // DeleteOrganizationConformancePack API operation for AWS Config. // -// Deletes the specified organization conformance pack and all of the config +// Deletes the specified organization conformance pack and all of the Config // rules and remediation actions from all member accounts in that organization. // // Only a master account or a delegated administrator account can delete an @@ -1106,10 +1110,10 @@ func (c *ConfigService) DeleteOrganizationConformancePackRequest(input *DeleteOr // and Config cannot delete this rule. Delete the remediation action associated // with the rule before deleting the rule and try your request again later. // -// * For PutConfigOrganizationRule, organization config rule deletion is +// * For PutConfigOrganizationRule, organization Config rule deletion is // in progress. Try your request again later. // -// * For DeleteOrganizationConfigRule, organization config rule creation +// * For DeleteOrganizationConfigRule, organization Config rule creation // is in progress. Try your request again later. // // * For PutConformancePack and PutOrganizationConformancePack, a conformance @@ -1319,7 +1323,7 @@ func (c *ConfigService) DeleteRemediationConfigurationRequest(input *DeleteRemed // * For PutConfigRule, the Lambda function cannot be invoked. Check the // function ARN, and check the function's permissions. // -// * For PutOrganizationConfigRule, organization config rule cannot be created +// * For PutOrganizationConfigRule, organization Config rule cannot be created // because you do not have permissions to call IAM GetRole action or create // a service linked role. // @@ -2355,8 +2359,9 @@ func (c *ConfigService) DescribeComplianceByConfigRuleRequest(input *DescribeCom // are valid and try again. // // * NoSuchConfigRuleException -// One or more Config rules in the request are invalid. Verify that the rule -// names are correct and try again. +// The Config rule in the request is not valid. Verify that the rule is an Config +// Custom Policy rule, that the rule name is correct, and that valid Amazon +// Resouce Names (ARNs) are used before trying again. // // * InvalidNextTokenException // The specified next token is invalid. Specify the nextToken string that was @@ -2665,8 +2670,9 @@ func (c *ConfigService) DescribeConfigRuleEvaluationStatusRequest(input *Describ // // Returned Error Types: // * NoSuchConfigRuleException -// One or more Config rules in the request are invalid. Verify that the rule -// names are correct and try again. +// The Config rule in the request is not valid. Verify that the rule is an Config +// Custom Policy rule, that the rule name is correct, and that valid Amazon +// Resouce Names (ARNs) are used before trying again. // // * InvalidParameterValueException // One or more of the specified parameters are invalid. Verify that your parameters @@ -2811,8 +2817,9 @@ func (c *ConfigService) DescribeConfigRulesRequest(input *DescribeConfigRulesInp // // Returned Error Types: // * NoSuchConfigRuleException -// One or more Config rules in the request are invalid. Verify that the rule -// names are correct and try again. +// The Config rule in the request is not valid. Verify that the rule is an Config +// Custom Policy rule, that the rule name is correct, and that valid Amazon +// Resouce Names (ARNs) are used before trying again. // // * InvalidNextTokenException // The specified next token is invalid. Specify the nextToken string that was @@ -4025,16 +4032,16 @@ func (c *ConfigService) DescribeOrganizationConfigRuleStatusesRequest(input *Des // DescribeOrganizationConfigRuleStatuses API operation for AWS Config. // -// Provides organization config rule deployment status for an organization. +// Provides organization Config rule deployment status for an organization. // -// The status is not considered successful until organization config rule is +// The status is not considered successful until organization Config rule is // successfully deployed in all the member accounts with an exception of excluded // accounts. // // When you specify the limit and the next token, you receive a paginated response. -// Limit and next token are not applicable if you specify organization config +// Limit and next token are not applicable if you specify organization Config // rule names. It is only applicable, when you request all the organization -// config rules. +// Config rules. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4045,7 +4052,9 @@ func (c *ConfigService) DescribeOrganizationConfigRuleStatusesRequest(input *Des // // Returned Error Types: // * NoSuchOrganizationConfigRuleException -// You specified one or more organization config rules that do not exist. +// The Config rule in the request is not valid. Verify that the rule is an organization +// Config Custom Policy rule, that the rule name is correct, and that valid +// Amazon Resouce Names (ARNs) are used before trying again. // // * InvalidLimitException // The specified limit is outside the allowable range. @@ -4203,12 +4212,12 @@ func (c *ConfigService) DescribeOrganizationConfigRulesRequest(input *DescribeOr // DescribeOrganizationConfigRules API operation for AWS Config. // -// Returns a list of organization config rules. +// Returns a list of organization Config rules. // // When you specify the limit and the next token, you receive a paginated response. -// Limit and next token are not applicable if you specify organization config +// Limit and next token are not applicable if you specify organization Config // rule names. It is only applicable, when you request all the organization -// config rules. +// Config rules. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4219,7 +4228,9 @@ func (c *ConfigService) DescribeOrganizationConfigRulesRequest(input *DescribeOr // // Returned Error Types: // * NoSuchOrganizationConfigRuleException -// You specified one or more organization config rules that do not exist. +// The Config rule in the request is not valid. Verify that the rule is an organization +// Config Custom Policy rule, that the rule name is correct, and that valid +// Amazon Resouce Names (ARNs) are used before trying again. // // * InvalidNextTokenException // The specified next token is invalid. Specify the nextToken string that was @@ -6172,8 +6183,9 @@ func (c *ConfigService) GetComplianceDetailsByConfigRuleRequest(input *GetCompli // returned in the previous response to get the next page of results. // // * NoSuchConfigRuleException -// One or more Config rules in the request are invalid. Verify that the rule -// names are correct and try again. +// The Config rule in the request is not valid. Verify that the rule is an Config +// Custom Policy rule, that the rule name is correct, and that valid Amazon +// Resouce Names (ARNs) are used before trying again. // // See also, https://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/GetComplianceDetailsByConfigRule func (c *ConfigService) GetComplianceDetailsByConfigRule(input *GetComplianceDetailsByConfigRuleInput) (*GetComplianceDetailsByConfigRuleOutput, error) { @@ -6844,6 +6856,88 @@ func (c *ConfigService) GetConformancePackComplianceSummaryPagesWithContext(ctx return p.Err() } +const opGetCustomRulePolicy = "GetCustomRulePolicy" + +// GetCustomRulePolicyRequest generates a "aws/request.Request" representing the +// client's request for the GetCustomRulePolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetCustomRulePolicy for more information on using the GetCustomRulePolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetCustomRulePolicyRequest method. +// req, resp := client.GetCustomRulePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/GetCustomRulePolicy +func (c *ConfigService) GetCustomRulePolicyRequest(input *GetCustomRulePolicyInput) (req *request.Request, output *GetCustomRulePolicyOutput) { + op := &request.Operation{ + Name: opGetCustomRulePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetCustomRulePolicyInput{} + } + + output = &GetCustomRulePolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetCustomRulePolicy API operation for AWS Config. +// +// Returns the policy definition containing the logic for your Config Custom +// Policy rule. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Config's +// API operation GetCustomRulePolicy for usage and error information. +// +// Returned Error Types: +// * NoSuchConfigRuleException +// The Config rule in the request is not valid. Verify that the rule is an Config +// Custom Policy rule, that the rule name is correct, and that valid Amazon +// Resouce Names (ARNs) are used before trying again. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/GetCustomRulePolicy +func (c *ConfigService) GetCustomRulePolicy(input *GetCustomRulePolicyInput) (*GetCustomRulePolicyOutput, error) { + req, out := c.GetCustomRulePolicyRequest(input) + return out, req.Send() +} + +// GetCustomRulePolicyWithContext is the same as GetCustomRulePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See GetCustomRulePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ConfigService) GetCustomRulePolicyWithContext(ctx aws.Context, input *GetCustomRulePolicyInput, opts ...request.Option) (*GetCustomRulePolicyOutput, error) { + req, out := c.GetCustomRulePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetDiscoveredResourceCounts = "GetDiscoveredResourceCounts" // GetDiscoveredResourceCountsRequest generates a "aws/request.Request" representing the @@ -7080,7 +7174,7 @@ func (c *ConfigService) GetOrganizationConfigRuleDetailedStatusRequest(input *Ge // GetOrganizationConfigRuleDetailedStatus API operation for AWS Config. // // Returns detailed status for each member account within an organization for -// a given organization config rule. +// a given organization Config rule. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7091,7 +7185,9 @@ func (c *ConfigService) GetOrganizationConfigRuleDetailedStatusRequest(input *Ge // // Returned Error Types: // * NoSuchOrganizationConfigRuleException -// You specified one or more organization config rules that do not exist. +// The Config rule in the request is not valid. Verify that the rule is an organization +// Config Custom Policy rule, that the rule name is correct, and that valid +// Amazon Resouce Names (ARNs) are used before trying again. // // * InvalidLimitException // The specified limit is outside the allowable range. @@ -7373,6 +7469,113 @@ func (c *ConfigService) GetOrganizationConformancePackDetailedStatusPagesWithCon return p.Err() } +const opGetOrganizationCustomRulePolicy = "GetOrganizationCustomRulePolicy" + +// GetOrganizationCustomRulePolicyRequest generates a "aws/request.Request" representing the +// client's request for the GetOrganizationCustomRulePolicy operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetOrganizationCustomRulePolicy for more information on using the GetOrganizationCustomRulePolicy +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetOrganizationCustomRulePolicyRequest method. +// req, resp := client.GetOrganizationCustomRulePolicyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/GetOrganizationCustomRulePolicy +func (c *ConfigService) GetOrganizationCustomRulePolicyRequest(input *GetOrganizationCustomRulePolicyInput) (req *request.Request, output *GetOrganizationCustomRulePolicyOutput) { + op := &request.Operation{ + Name: opGetOrganizationCustomRulePolicy, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetOrganizationCustomRulePolicyInput{} + } + + output = &GetOrganizationCustomRulePolicyOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetOrganizationCustomRulePolicy API operation for AWS Config. +// +// Returns the policy definition containing the logic for your organization +// Config Custom Policy rule. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Config's +// API operation GetOrganizationCustomRulePolicy for usage and error information. +// +// Returned Error Types: +// * NoSuchOrganizationConfigRuleException +// The Config rule in the request is not valid. Verify that the rule is an organization +// Config Custom Policy rule, that the rule name is correct, and that valid +// Amazon Resouce Names (ARNs) are used before trying again. +// +// * OrganizationAccessDeniedException +// For PutConfigurationAggregator API, you can see this exception for the following +// reasons: +// +// * No permission to call EnableAWSServiceAccess API +// +// * The configuration aggregator cannot be updated because your Amazon Web +// Services Organization management account or the delegated administrator +// role changed. Delete this aggregator and create a new one with the current +// Amazon Web Services Organization. +// +// * The configuration aggregator is associated with a previous Amazon Web +// Services Organization and Config cannot aggregate data with current Amazon +// Web Services Organization. Delete this aggregator and create a new one +// with the current Amazon Web Services Organization. +// +// * You are not a registered delegated administrator for Config with permissions +// to call ListDelegatedAdministrators API. Ensure that the management account +// registers delagated administrator for Config service principle name before +// the delegated administrator creates an aggregator. +// +// For all OrganizationConfigRule and OrganizationConformancePack APIs, Config +// throws an exception if APIs are called from member accounts. All APIs must +// be called from organization master account. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/GetOrganizationCustomRulePolicy +func (c *ConfigService) GetOrganizationCustomRulePolicy(input *GetOrganizationCustomRulePolicyInput) (*GetOrganizationCustomRulePolicyOutput, error) { + req, out := c.GetOrganizationCustomRulePolicyRequest(input) + return out, req.Send() +} + +// GetOrganizationCustomRulePolicyWithContext is the same as GetOrganizationCustomRulePolicy with the addition of +// the ability to pass a context and additional request options. +// +// See GetOrganizationCustomRulePolicy for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ConfigService) GetOrganizationCustomRulePolicyWithContext(ctx aws.Context, input *GetOrganizationCustomRulePolicyInput, opts ...request.Option) (*GetOrganizationCustomRulePolicyOutput, error) { + req, out := c.GetOrganizationCustomRulePolicyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetResourceConfigHistory = "GetResourceConfigHistory" // GetResourceConfigHistoryRequest generates a "aws/request.Request" representing the @@ -8469,10 +8672,10 @@ func (c *ConfigService) PutConfigRuleRequest(input *PutConfigRuleInput) (req *re // and Config cannot delete this rule. Delete the remediation action associated // with the rule before deleting the rule and try your request again later. // -// * For PutConfigOrganizationRule, organization config rule deletion is +// * For PutConfigOrganizationRule, organization Config rule deletion is // in progress. Try your request again later. // -// * For DeleteOrganizationConfigRule, organization config rule creation +// * For DeleteOrganizationConfigRule, organization Config rule creation // is in progress. Try your request again later. // // * For PutConformancePack and PutOrganizationConformancePack, a conformance @@ -8491,7 +8694,7 @@ func (c *ConfigService) PutConfigRuleRequest(input *PutConfigRuleInput) (req *re // * For PutConfigRule, the Lambda function cannot be invoked. Check the // function ARN, and check the function's permissions. // -// * For PutOrganizationConfigRule, organization config rule cannot be created +// * For PutOrganizationConfigRule, organization Config rule cannot be created // because you do not have permissions to call IAM GetRole action or create // a service linked role. // @@ -8841,7 +9044,7 @@ func (c *ConfigService) PutConformancePackRequest(input *PutConformancePackInput // * For PutConfigRule, the Lambda function cannot be invoked. Check the // function ARN, and check the function's permissions. // -// * For PutOrganizationConfigRule, organization config rule cannot be created +// * For PutOrganizationConfigRule, organization Config rule cannot be created // because you do not have permissions to call IAM GetRole action or create // a service linked role. // @@ -8865,10 +9068,10 @@ func (c *ConfigService) PutConformancePackRequest(input *PutConformancePackInput // and Config cannot delete this rule. Delete the remediation action associated // with the rule before deleting the rule and try your request again later. // -// * For PutConfigOrganizationRule, organization config rule deletion is +// * For PutConfigOrganizationRule, organization Config rule deletion is // in progress. Try your request again later. // -// * For DeleteOrganizationConfigRule, organization config rule creation +// * For DeleteOrganizationConfigRule, organization Config rule creation // is in progress. Try your request again later. // // * For PutConformancePack and PutOrganizationConformancePack, a conformance @@ -9087,8 +9290,9 @@ func (c *ConfigService) PutEvaluationsRequest(input *PutEvaluationsInput) (req * // The specified ResultToken is invalid. // // * NoSuchConfigRuleException -// One or more Config rules in the request are invalid. Verify that the rule -// names are correct and try again. +// The Config rule in the request is not valid. Verify that the rule is an Config +// Custom Policy rule, that the rule name is correct, and that valid Amazon +// Resouce Names (ARNs) are used before trying again. // // See also, https://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/PutEvaluations func (c *ConfigService) PutEvaluations(input *PutEvaluationsInput) (*PutEvaluationsOutput, error) { @@ -9169,8 +9373,9 @@ func (c *ConfigService) PutExternalEvaluationRequest(input *PutExternalEvaluatio // // Returned Error Types: // * NoSuchConfigRuleException -// One or more Config rules in the request are invalid. Verify that the rule -// names are correct and try again. +// The Config rule in the request is not valid. Verify that the rule is an Config +// Custom Policy rule, that the rule name is correct, and that valid Amazon +// Resouce Names (ARNs) are used before trying again. // // * InvalidParameterValueException // One or more of the specified parameters are invalid. Verify that your parameters @@ -9242,11 +9447,11 @@ func (c *ConfigService) PutOrganizationConfigRuleRequest(input *PutOrganizationC // PutOrganizationConfigRule API operation for AWS Config. // -// Adds or updates organization config rule for your entire organization evaluating +// Adds or updates organization Config rule for your entire organization evaluating // whether your Amazon Web Services resources comply with your desired configurations. // // Only a master account and a delegated administrator can create or update -// an organization config rule. When calling this API with a delegated administrator, +// an organization Config rule. When calling this API with a delegated administrator, // you must ensure Organizations ListDelegatedAdministrator permissions are // added. // @@ -9270,7 +9475,7 @@ func (c *ConfigService) PutOrganizationConfigRuleRequest(input *PutOrganizationC // If you are adding an Config managed rule, specify the rule's identifier for // the RuleIdentifier key. // -// The maximum number of organization config rules that Config supports is 150 +// The maximum number of organization Config rules that Config supports is 150 // and 3 delegated administrator per organization. // // Prerequisite: Ensure you call EnableAllFeatures API to enable all features @@ -9287,7 +9492,7 @@ func (c *ConfigService) PutOrganizationConfigRuleRequest(input *PutOrganizationC // // Returned Error Types: // * MaxNumberOfOrganizationConfigRulesExceededException -// You have reached the limit of the number of organization config rules you +// You have reached the limit of the number of organization Config rules you // can create. // // * ResourceInUseException @@ -9303,10 +9508,10 @@ func (c *ConfigService) PutOrganizationConfigRuleRequest(input *PutOrganizationC // and Config cannot delete this rule. Delete the remediation action associated // with the rule before deleting the rule and try your request again later. // -// * For PutConfigOrganizationRule, organization config rule deletion is +// * For PutConfigOrganizationRule, organization Config rule deletion is // in progress. Try your request again later. // -// * For DeleteOrganizationConfigRule, organization config rule creation +// * For DeleteOrganizationConfigRule, organization Config rule creation // is in progress. Try your request again later. // // * For PutConformancePack and PutOrganizationConformancePack, a conformance @@ -9372,7 +9577,7 @@ func (c *ConfigService) PutOrganizationConfigRuleRequest(input *PutOrganizationC // * For PutConfigRule, the Lambda function cannot be invoked. Check the // function ARN, and check the function's permissions. // -// * For PutOrganizationConfigRule, organization config rule cannot be created +// * For PutOrganizationConfigRule, organization Config rule cannot be created // because you do not have permissions to call IAM GetRole action or create // a service linked role. // @@ -9501,10 +9706,10 @@ func (c *ConfigService) PutOrganizationConformancePackRequest(input *PutOrganiza // and Config cannot delete this rule. Delete the remediation action associated // with the rule before deleting the rule and try your request again later. // -// * For PutConfigOrganizationRule, organization config rule deletion is +// * For PutConfigOrganizationRule, organization Config rule deletion is // in progress. Try your request again later. // -// * For DeleteOrganizationConfigRule, organization config rule creation +// * For DeleteOrganizationConfigRule, organization Config rule creation // is in progress. Try your request again later. // // * For PutConformancePack and PutOrganizationConformancePack, a conformance @@ -9559,7 +9764,7 @@ func (c *ConfigService) PutOrganizationConformancePackRequest(input *PutOrganiza // * For PutConfigRule, the Lambda function cannot be invoked. Check the // function ARN, and check the function's permissions. // -// * For PutOrganizationConfigRule, organization config rule cannot be created +// * For PutOrganizationConfigRule, organization Config rule cannot be created // because you do not have permissions to call IAM GetRole action or create // a service linked role. // @@ -9673,7 +9878,7 @@ func (c *ConfigService) PutRemediationConfigurationsRequest(input *PutRemediatio // * For PutConfigRule, the Lambda function cannot be invoked. Check the // function ARN, and check the function's permissions. // -// * For PutOrganizationConfigRule, organization config rule cannot be created +// * For PutOrganizationConfigRule, organization Config rule cannot be created // because you do not have permissions to call IAM GetRole action or create // a service linked role. // @@ -9780,7 +9985,7 @@ func (c *ConfigService) PutRemediationExceptionsRequest(input *PutRemediationExc // * For PutConfigRule, the Lambda function cannot be invoked. Check the // function ARN, and check the function's permissions. // -// * For PutOrganizationConfigRule, organization config rule cannot be created +// * For PutOrganizationConfigRule, organization Config rule cannot be created // because you do not have permissions to call IAM GetRole action or create // a service linked role. // @@ -9899,7 +10104,7 @@ func (c *ConfigService) PutResourceConfigRequest(input *PutResourceConfigInput) // * For PutConfigRule, the Lambda function cannot be invoked. Check the // function ARN, and check the function's permissions. // -// * For PutOrganizationConfigRule, organization config rule cannot be created +// * For PutOrganizationConfigRule, organization Config rule cannot be created // because you do not have permissions to call IAM GetRole action or create // a service linked role. // @@ -10521,8 +10726,9 @@ func (c *ConfigService) StartConfigRulesEvaluationRequest(input *StartConfigRule // // Returned Error Types: // * NoSuchConfigRuleException -// One or more Config rules in the request are invalid. Verify that the rule -// names are correct and try again. +// The Config rule in the request is not valid. Verify that the rule is an Config +// Custom Policy rule, that the rule name is correct, and that valid Amazon +// Resouce Names (ARNs) are used before trying again. // // * LimitExceededException // For StartConfigRulesEvaluation API, this exception is thrown if an evaluation @@ -10545,10 +10751,10 @@ func (c *ConfigService) StartConfigRulesEvaluationRequest(input *StartConfigRule // and Config cannot delete this rule. Delete the remediation action associated // with the rule before deleting the rule and try your request again later. // -// * For PutConfigOrganizationRule, organization config rule deletion is +// * For PutConfigOrganizationRule, organization Config rule deletion is // in progress. Try your request again later. // -// * For DeleteOrganizationConfigRule, organization config rule creation +// * For DeleteOrganizationConfigRule, organization Config rule creation // is in progress. Try your request again later. // // * For PutConformancePack and PutOrganizationConformancePack, a conformance @@ -10744,7 +10950,7 @@ func (c *ConfigService) StartRemediationExecutionRequest(input *StartRemediation // * For PutConfigRule, the Lambda function cannot be invoked. Check the // function ARN, and check the function's permissions. // -// * For PutOrganizationConfigRule, organization config rule cannot be created +// * For PutOrganizationConfigRule, organization Config rule cannot be created // because you do not have permissions to call IAM GetRole action or create // a service linked role. // @@ -13028,11 +13234,12 @@ func (s *ConfigRuleComplianceSummaryFilters) SetAwsRegion(v string) *ConfigRuleC return s } -// Status information for your Config managed rules. The status includes information -// such as the last time the rule ran, the last time it failed, and the related -// error for the last failure. +// Status information for your Config Managed rules and Config Custom Policy +// rules. The status includes information such as the last time the rule ran, +// the last time it failed, and the related error for the last failure. // -// This action does not return status information about custom Config rules. +// This action does not return status information about Config Custom Lambda +// rules. type ConfigRuleEvaluationStatus struct { _ struct{} `type:"structure"` @@ -13054,13 +13261,25 @@ type ConfigRuleEvaluationStatus struct { // * true - Config has evaluated your Amazon Web Services resources against // the rule at least once. // - // * false - Config has not once finished evaluating your Amazon Web Services - // resources against the rule. + // * false - Config has not finished evaluating your Amazon Web Services + // resources against the rule at least once. FirstEvaluationStarted *bool `type:"boolean"` // The time that you last turned off the Config rule. LastDeactivatedTime *time.Time `type:"timestamp"` + // The status of the last attempted delivery of a debug log for your Config + // Custom Policy rules. Either Successful or Failed. + LastDebugLogDeliveryStatus *string `type:"string"` + + // The reason Config was not able to deliver a debug log. This is for the last + // failed attempt to retrieve a debug log for your Config Custom Policy rules. + LastDebugLogDeliveryStatusReason *string `type:"string"` + + // The time Config last attempted to deliver a debug log for your Config Custom + // Policy rules. + LastDebugLogDeliveryTime *time.Time `type:"timestamp"` + // The error code that Config returned when the rule last failed. LastErrorCode *string `type:"string"` @@ -13138,6 +13357,24 @@ func (s *ConfigRuleEvaluationStatus) SetLastDeactivatedTime(v time.Time) *Config return s } +// SetLastDebugLogDeliveryStatus sets the LastDebugLogDeliveryStatus field's value. +func (s *ConfigRuleEvaluationStatus) SetLastDebugLogDeliveryStatus(v string) *ConfigRuleEvaluationStatus { + s.LastDebugLogDeliveryStatus = &v + return s +} + +// SetLastDebugLogDeliveryStatusReason sets the LastDebugLogDeliveryStatusReason field's value. +func (s *ConfigRuleEvaluationStatus) SetLastDebugLogDeliveryStatusReason(v string) *ConfigRuleEvaluationStatus { + s.LastDebugLogDeliveryStatusReason = &v + return s +} + +// SetLastDebugLogDeliveryTime sets the LastDebugLogDeliveryTime field's value. +func (s *ConfigRuleEvaluationStatus) SetLastDebugLogDeliveryTime(v time.Time) *ConfigRuleEvaluationStatus { + s.LastDebugLogDeliveryTime = &v + return s +} + // SetLastErrorCode sets the LastErrorCode field's value. func (s *ConfigRuleEvaluationStatus) SetLastErrorCode(v string) *ConfigRuleEvaluationStatus { s.LastErrorCode = &v @@ -14197,7 +14434,7 @@ type ConformancePackRuleCompliance struct { // The allowed values are COMPLIANT, NON_COMPLIANT, and INSUFFICIENT_DATA. ComplianceType *string `type:"string" enum:"ConformancePackComplianceType"` - // Name of the config rule. + // Name of the Config rule. ConfigRuleName *string `min:"1" type:"string"` // Controls for the conformance pack. A control is a process to prevent or detect @@ -14427,6 +14664,86 @@ func (s *ConformancePackTemplateValidationException) RequestID() string { return s.RespMetadata.RequestID } +// Provides the runtime system, policy definition, and whether debug logging +// enabled. You can specify the following CustomPolicyDetails parameter values +// only for Config Custom Policy rules. +type CustomPolicyDetails struct { + _ struct{} `type:"structure"` + + // The boolean expression for enabling debug logging for your Config Custom + // Policy rule. The default value is false. + EnableDebugLogDelivery *bool `type:"boolean"` + + // The runtime system for your Config Custom Policy rule. Guard is a policy-as-code + // language that allows you to write policies that are enforced by Config Custom + // Policy rules. For more information about Guard, see the Guard GitHub Repository + // (https://github.com/aws-cloudformation/cloudformation-guard). + // + // PolicyRuntime is a required field + PolicyRuntime *string `min:"1" type:"string" required:"true"` + + // The policy definition containing the logic for your Config Custom Policy + // rule. + // + // PolicyText is a required field + PolicyText *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CustomPolicyDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CustomPolicyDetails) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CustomPolicyDetails) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CustomPolicyDetails"} + if s.PolicyRuntime == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyRuntime")) + } + if s.PolicyRuntime != nil && len(*s.PolicyRuntime) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PolicyRuntime", 1)) + } + if s.PolicyText == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyText")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEnableDebugLogDelivery sets the EnableDebugLogDelivery field's value. +func (s *CustomPolicyDetails) SetEnableDebugLogDelivery(v bool) *CustomPolicyDetails { + s.EnableDebugLogDelivery = &v + return s +} + +// SetPolicyRuntime sets the PolicyRuntime field's value. +func (s *CustomPolicyDetails) SetPolicyRuntime(v string) *CustomPolicyDetails { + s.PolicyRuntime = &v + return s +} + +// SetPolicyText sets the PolicyText field's value. +func (s *CustomPolicyDetails) SetPolicyText(v string) *CustomPolicyDetails { + s.PolicyText = &v + return s +} + type DeleteAggregationAuthorizationInput struct { _ struct{} `type:"structure"` @@ -14948,7 +15265,7 @@ func (s DeleteEvaluationResultsOutput) GoString() string { type DeleteOrganizationConfigRuleInput struct { _ struct{} `type:"structure"` - // The name of organization config rule that you want to delete. + // The name of organization Config rule that you want to delete. // // OrganizationConfigRuleName is a required field OrganizationConfigRuleName *string `min:"1" type:"string" required:"true"` @@ -17396,7 +17713,7 @@ type DescribeOrganizationConfigRuleStatusesInput struct { // next page of results in a paginated response. NextToken *string `type:"string"` - // The names of organization config rules for which you want status details. + // The names of organization Config rules for which you want status details. // If you do not specify any names, Config returns details for all your organization // Config rules. OrganizationConfigRuleNames []*string `type:"list"` @@ -17482,7 +17799,7 @@ func (s *DescribeOrganizationConfigRuleStatusesOutput) SetOrganizationConfigRule type DescribeOrganizationConfigRulesInput struct { _ struct{} `type:"structure"` - // The maximum number of organization config rules returned on each page. If + // The maximum number of organization Config rules returned on each page. If // you do no specify a number, Config uses the default. The default is 100. Limit *int64 `type:"integer"` @@ -17490,9 +17807,9 @@ type DescribeOrganizationConfigRulesInput struct { // next page of results in a paginated response. NextToken *string `type:"string"` - // The names of organization config rules for which you want details. If you + // The names of organization Config rules for which you want details. If you // do not specify any names, Config returns details for all your organization - // config rules. + // Config rules. OrganizationConfigRuleNames []*string `type:"list"` } @@ -20229,29 +20546,11 @@ func (s *GetConformancePackComplianceSummaryOutput) SetNextToken(v string) *GetC return s } -type GetDiscoveredResourceCountsInput struct { +type GetCustomRulePolicyInput struct { _ struct{} `type:"structure"` - // The maximum number of ResourceCount objects returned on each page. The default - // is 100. You cannot specify a number greater than 100. If you specify 0, Config - // uses the default. - Limit *int64 `locationName:"limit" type:"integer"` - - // The nextToken string returned on a previous page that you use to get the - // next page of results in a paginated response. - NextToken *string `locationName:"nextToken" type:"string"` - - // The comma-separated list that specifies the resource types that you want - // Config to return (for example, "AWS::EC2::Instance", "AWS::IAM::User"). - // - // If a value for resourceTypes is not specified, Config returns all resource - // types that Config is recording in the region for your account. - // - // If the configuration recorder is turned off, Config returns an empty list - // of ResourceCount objects. If the configuration recorder is not recording - // a specific resource type (for example, S3 buckets), that resource type is - // not returned in the list of ResourceCount objects. - ResourceTypes []*string `locationName:"resourceTypes" type:"list"` + // The name of your Config Custom Policy rule. + ConfigRuleName *string `min:"1" type:"string"` } // String returns the string representation. @@ -20259,7 +20558,7 @@ type GetDiscoveredResourceCountsInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s GetDiscoveredResourceCountsInput) String() string { +func (s GetCustomRulePolicyInput) String() string { return awsutil.Prettify(s) } @@ -20268,42 +20567,136 @@ func (s GetDiscoveredResourceCountsInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s GetDiscoveredResourceCountsInput) GoString() string { +func (s GetCustomRulePolicyInput) GoString() string { return s.String() } -// SetLimit sets the Limit field's value. -func (s *GetDiscoveredResourceCountsInput) SetLimit(v int64) *GetDiscoveredResourceCountsInput { - s.Limit = &v - return s -} +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetCustomRulePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetCustomRulePolicyInput"} + if s.ConfigRuleName != nil && len(*s.ConfigRuleName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ConfigRuleName", 1)) + } -// SetNextToken sets the NextToken field's value. -func (s *GetDiscoveredResourceCountsInput) SetNextToken(v string) *GetDiscoveredResourceCountsInput { - s.NextToken = &v - return s + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetResourceTypes sets the ResourceTypes field's value. -func (s *GetDiscoveredResourceCountsInput) SetResourceTypes(v []*string) *GetDiscoveredResourceCountsInput { - s.ResourceTypes = v +// SetConfigRuleName sets the ConfigRuleName field's value. +func (s *GetCustomRulePolicyInput) SetConfigRuleName(v string) *GetCustomRulePolicyInput { + s.ConfigRuleName = &v return s } -type GetDiscoveredResourceCountsOutput struct { +type GetCustomRulePolicyOutput struct { _ struct{} `type:"structure"` - // The string that you use in a subsequent request to get the next page of results - // in a paginated response. - NextToken *string `locationName:"nextToken" type:"string"` - - // The list of ResourceCount objects. Each object is listed in descending order - // by the number of resources. - ResourceCounts []*ResourceCount `locationName:"resourceCounts" type:"list"` + // The policy definition containing the logic for your Config Custom Policy + // rule. + PolicyText *string `type:"string"` +} - // The total number of resources that Config is recording in the region for - // your account. If you specify resource types in the request, Config returns - // only the total number of resources for those resource types. +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetCustomRulePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetCustomRulePolicyOutput) GoString() string { + return s.String() +} + +// SetPolicyText sets the PolicyText field's value. +func (s *GetCustomRulePolicyOutput) SetPolicyText(v string) *GetCustomRulePolicyOutput { + s.PolicyText = &v + return s +} + +type GetDiscoveredResourceCountsInput struct { + _ struct{} `type:"structure"` + + // The maximum number of ResourceCount objects returned on each page. The default + // is 100. You cannot specify a number greater than 100. If you specify 0, Config + // uses the default. + Limit *int64 `locationName:"limit" type:"integer"` + + // The nextToken string returned on a previous page that you use to get the + // next page of results in a paginated response. + NextToken *string `locationName:"nextToken" type:"string"` + + // The comma-separated list that specifies the resource types that you want + // Config to return (for example, "AWS::EC2::Instance", "AWS::IAM::User"). + // + // If a value for resourceTypes is not specified, Config returns all resource + // types that Config is recording in the region for your account. + // + // If the configuration recorder is turned off, Config returns an empty list + // of ResourceCount objects. If the configuration recorder is not recording + // a specific resource type (for example, S3 buckets), that resource type is + // not returned in the list of ResourceCount objects. + ResourceTypes []*string `locationName:"resourceTypes" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDiscoveredResourceCountsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetDiscoveredResourceCountsInput) GoString() string { + return s.String() +} + +// SetLimit sets the Limit field's value. +func (s *GetDiscoveredResourceCountsInput) SetLimit(v int64) *GetDiscoveredResourceCountsInput { + s.Limit = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetDiscoveredResourceCountsInput) SetNextToken(v string) *GetDiscoveredResourceCountsInput { + s.NextToken = &v + return s +} + +// SetResourceTypes sets the ResourceTypes field's value. +func (s *GetDiscoveredResourceCountsInput) SetResourceTypes(v []*string) *GetDiscoveredResourceCountsInput { + s.ResourceTypes = v + return s +} + +type GetDiscoveredResourceCountsOutput struct { + _ struct{} `type:"structure"` + + // The string that you use in a subsequent request to get the next page of results + // in a paginated response. + NextToken *string `locationName:"nextToken" type:"string"` + + // The list of ResourceCount objects. Each object is listed in descending order + // by the number of resources. + ResourceCounts []*ResourceCount `locationName:"resourceCounts" type:"list"` + + // The total number of resources that Config is recording in the region for + // your account. If you specify resource types in the request, Config returns + // only the total number of resources for those resource types. // // Example // @@ -20369,8 +20762,8 @@ type GetOrganizationConfigRuleDetailedStatusInput struct { // next page of results in a paginated response. NextToken *string `type:"string"` - // The name of organization config rule for which you want status details for - // member accounts. + // The name of your organization Config rule for which you want status details + // for member accounts. // // OrganizationConfigRuleName is a required field OrganizationConfigRuleName *string `min:"1" type:"string" required:"true"` @@ -20596,6 +20989,87 @@ func (s *GetOrganizationConformancePackDetailedStatusOutput) SetOrganizationConf return s } +type GetOrganizationCustomRulePolicyInput struct { + _ struct{} `type:"structure"` + + // The name of your organization Config Custom Policy rule. + // + // OrganizationConfigRuleName is a required field + OrganizationConfigRuleName *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetOrganizationCustomRulePolicyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetOrganizationCustomRulePolicyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetOrganizationCustomRulePolicyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetOrganizationCustomRulePolicyInput"} + if s.OrganizationConfigRuleName == nil { + invalidParams.Add(request.NewErrParamRequired("OrganizationConfigRuleName")) + } + if s.OrganizationConfigRuleName != nil && len(*s.OrganizationConfigRuleName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("OrganizationConfigRuleName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetOrganizationConfigRuleName sets the OrganizationConfigRuleName field's value. +func (s *GetOrganizationCustomRulePolicyInput) SetOrganizationConfigRuleName(v string) *GetOrganizationCustomRulePolicyInput { + s.OrganizationConfigRuleName = &v + return s +} + +type GetOrganizationCustomRulePolicyOutput struct { + _ struct{} `type:"structure"` + + // The policy definition containing the logic for your organization Config Custom + // Policy rule. + PolicyText *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetOrganizationCustomRulePolicyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetOrganizationCustomRulePolicyOutput) GoString() string { + return s.String() +} + +// SetPolicyText sets the PolicyText field's value. +func (s *GetOrganizationCustomRulePolicyOutput) SetPolicyText(v string) *GetOrganizationCustomRulePolicyOutput { + s.PolicyText = &v + return s +} + // The input for the GetResourceConfigHistory action. type GetResourceConfigHistoryInput struct { _ struct{} `type:"structure"` @@ -20952,7 +21426,7 @@ func (s *InsufficientDeliveryPolicyException) RequestID() string { // * For PutConfigRule, the Lambda function cannot be invoked. Check the // function ARN, and check the function's permissions. // -// * For PutOrganizationConfigRule, organization config rule cannot be created +// * For PutOrganizationConfigRule, organization Config rule cannot be created // because you do not have permissions to call IAM GetRole action or create // a service linked role. // @@ -22793,7 +23267,7 @@ func (s *MaxNumberOfDeliveryChannelsExceededException) RequestID() string { return s.RespMetadata.RequestID } -// You have reached the limit of the number of organization config rules you +// You have reached the limit of the number of organization Config rules you // can create. type MaxNumberOfOrganizationConfigRulesExceededException struct { _ struct{} `type:"structure"` @@ -22989,7 +23463,7 @@ func (s *MaxNumberOfRetentionConfigurationsExceededException) RequestID() string return s.RespMetadata.RequestID } -// Organization config rule creation or deletion status in each member account. +// Organization Config rule creation or deletion status in each member account. // This includes the name of the rule, the status, error code and error message // when the rule creation or deletion failed. type MemberAccountStatus struct { @@ -23000,48 +23474,48 @@ type MemberAccountStatus struct { // AccountId is a required field AccountId *string `type:"string" required:"true"` - // The name of config rule deployed in the member account. + // The name of Config rule deployed in the member account. // // ConfigRuleName is a required field ConfigRuleName *string `min:"1" type:"string" required:"true"` - // An error code that is returned when config rule creation or deletion failed + // An error code that is returned when Config rule creation or deletion failed // in the member account. ErrorCode *string `type:"string"` - // An error message indicating that config rule account creation or deletion + // An error message indicating that Config rule account creation or deletion // has failed due to an error in the member account. ErrorMessage *string `type:"string"` // The timestamp of the last status update. LastUpdateTime *time.Time `type:"timestamp"` - // Indicates deployment status for config rule in the member account. When master - // account calls PutOrganizationConfigRule action for the first time, config + // Indicates deployment status for Config rule in the member account. When master + // account calls PutOrganizationConfigRule action for the first time, Config // rule status is created in the member account. When master account calls PutOrganizationConfigRule - // action for the second time, config rule status is updated in the member account. + // action for the second time, Config rule status is updated in the member account. // Config rule status is deleted when the master account deletes OrganizationConfigRule // and disables service access for config-multiaccountsetup.amazonaws.com. // // Config sets the state of the rule to: // - // * CREATE_SUCCESSFUL when config rule has been created in the member account. + // * CREATE_SUCCESSFUL when Config rule has been created in the member account. // - // * CREATE_IN_PROGRESS when config rule is being created in the member account. + // * CREATE_IN_PROGRESS when Config rule is being created in the member account. // - // * CREATE_FAILED when config rule creation has failed in the member account. + // * CREATE_FAILED when Config rule creation has failed in the member account. // - // * DELETE_FAILED when config rule deletion has failed in the member account. + // * DELETE_FAILED when Config rule deletion has failed in the member account. // - // * DELETE_IN_PROGRESS when config rule is being deleted in the member account. + // * DELETE_IN_PROGRESS when Config rule is being deleted in the member account. // - // * DELETE_SUCCESSFUL when config rule has been deleted in the member account. + // * DELETE_SUCCESSFUL when Config rule has been deleted in the member account. // - // * UPDATE_SUCCESSFUL when config rule has been updated in the member account. + // * UPDATE_SUCCESSFUL when Config rule has been updated in the member account. // - // * UPDATE_IN_PROGRESS when config rule is being updated in the member account. + // * UPDATE_IN_PROGRESS when Config rule is being updated in the member account. // - // * UPDATE_FAILED when config rule deletion has failed in the member account. + // * UPDATE_FAILED when Config rule deletion has failed in the member account. // // MemberAccountRuleStatus is a required field MemberAccountRuleStatus *string `type:"string" required:"true" enum:"MemberAccountRuleStatus"` @@ -23422,8 +23896,9 @@ func (s *NoSuchBucketException) RequestID() string { return s.RespMetadata.RequestID } -// One or more Config rules in the request are invalid. Verify that the rule -// names are correct and try again. +// The Config rule in the request is not valid. Verify that the rule is an Config +// Custom Policy rule, that the rule name is correct, and that valid Amazon +// Resouce Names (ARNs) are used before trying again. type NoSuchConfigRuleException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -23807,7 +24282,9 @@ func (s *NoSuchDeliveryChannelException) RequestID() string { return s.RespMetadata.RequestID } -// You specified one or more organization config rules that do not exist. +// The Config rule in the request is not valid. Verify that the rule is an organization +// Config Custom Policy rule, that the rule name is correct, and that valid +// Amazon Resouce Names (ARNs) are used before trying again. type NoSuchOrganizationConfigRuleException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -24352,27 +24829,35 @@ func (s *OrganizationAllFeaturesNotEnabledException) RequestID() string { return s.RespMetadata.RequestID } -// An organization config rule that has information about config rules that +// An organization Config rule that has information about Config rules that // Config creates in member accounts. type OrganizationConfigRule struct { _ struct{} `type:"structure"` - // A comma-separated list of accounts excluded from organization config rule. + // A comma-separated list of accounts excluded from organization Config rule. ExcludedAccounts []*string `type:"list"` // The timestamp of the last update. LastUpdateTime *time.Time `type:"timestamp"` - // Amazon Resource Name (ARN) of organization config rule. + // Amazon Resource Name (ARN) of organization Config rule. // // OrganizationConfigRuleArn is a required field OrganizationConfigRuleArn *string `min:"1" type:"string" required:"true"` - // The name that you assign to organization config rule. + // The name that you assign to organization Config rule. // // OrganizationConfigRuleName is a required field OrganizationConfigRuleName *string `min:"1" type:"string" required:"true"` + // An object that specifies metadata for your organization's Config Custom Policy + // rule. The metadata includes the runtime system in use, which accounts have + // debug logging enabled, and other custom rule metadata, such as resource type, + // resource ID of Amazon Web Services resource, and organization trigger types + // that initiate Config to evaluate Amazon Web Services resources against a + // rule. + OrganizationCustomPolicyRuleMetadata *OrganizationCustomPolicyRuleMetadataNoPolicy `type:"structure"` + // An OrganizationCustomRuleMetadata object. OrganizationCustomRuleMetadata *OrganizationCustomRuleMetadata `type:"structure"` @@ -24422,6 +24907,12 @@ func (s *OrganizationConfigRule) SetOrganizationConfigRuleName(v string) *Organi return s } +// SetOrganizationCustomPolicyRuleMetadata sets the OrganizationCustomPolicyRuleMetadata field's value. +func (s *OrganizationConfigRule) SetOrganizationCustomPolicyRuleMetadata(v *OrganizationCustomPolicyRuleMetadataNoPolicy) *OrganizationConfigRule { + s.OrganizationCustomPolicyRuleMetadata = v + return s +} + // SetOrganizationCustomRuleMetadata sets the OrganizationCustomRuleMetadata field's value. func (s *OrganizationConfigRule) SetOrganizationCustomRuleMetadata(v *OrganizationCustomRuleMetadata) *OrganizationConfigRule { s.OrganizationCustomRuleMetadata = v @@ -24434,59 +24925,59 @@ func (s *OrganizationConfigRule) SetOrganizationManagedRuleMetadata(v *Organizat return s } -// Returns the status for an organization config rule in an organization. +// Returns the status for an organization Config rule in an organization. type OrganizationConfigRuleStatus struct { _ struct{} `type:"structure"` - // An error code that is returned when organization config rule creation or + // An error code that is returned when organization Config rule creation or // deletion has failed. ErrorCode *string `type:"string"` - // An error message indicating that organization config rule creation or deletion + // An error message indicating that organization Config rule creation or deletion // failed due to an error. ErrorMessage *string `type:"string"` // The timestamp of the last update. LastUpdateTime *time.Time `type:"timestamp"` - // The name that you assign to organization config rule. + // The name that you assign to organization Config rule. // // OrganizationConfigRuleName is a required field OrganizationConfigRuleName *string `min:"1" type:"string" required:"true"` - // Indicates deployment status of an organization config rule. When master account - // calls PutOrganizationConfigRule action for the first time, config rule status + // Indicates deployment status of an organization Config rule. When master account + // calls PutOrganizationConfigRule action for the first time, Config rule status // is created in all the member accounts. When master account calls PutOrganizationConfigRule - // action for the second time, config rule status is updated in all the member - // accounts. Additionally, config rule status is updated when one or more member + // action for the second time, Config rule status is updated in all the member + // accounts. Additionally, Config rule status is updated when one or more member // accounts join or leave an organization. Config rule status is deleted when // the master account deletes OrganizationConfigRule in all the member accounts // and disables service access for config-multiaccountsetup.amazonaws.com. // // Config sets the state of the rule to: // - // * CREATE_SUCCESSFUL when an organization config rule has been successfully + // * CREATE_SUCCESSFUL when an organization Config rule has been successfully // created in all the member accounts. // - // * CREATE_IN_PROGRESS when an organization config rule creation is in progress. + // * CREATE_IN_PROGRESS when an organization Config rule creation is in progress. // - // * CREATE_FAILED when an organization config rule creation failed in one + // * CREATE_FAILED when an organization Config rule creation failed in one // or more member accounts within that organization. // - // * DELETE_FAILED when an organization config rule deletion failed in one + // * DELETE_FAILED when an organization Config rule deletion failed in one // or more member accounts within that organization. // - // * DELETE_IN_PROGRESS when an organization config rule deletion is in progress. + // * DELETE_IN_PROGRESS when an organization Config rule deletion is in progress. // - // * DELETE_SUCCESSFUL when an organization config rule has been successfully + // * DELETE_SUCCESSFUL when an organization Config rule has been successfully // deleted from all the member accounts. // - // * UPDATE_SUCCESSFUL when an organization config rule has been successfully + // * UPDATE_SUCCESSFUL when an organization Config rule has been successfully // updated in all the member accounts. // - // * UPDATE_IN_PROGRESS when an organization config rule update is in progress. + // * UPDATE_IN_PROGRESS when an organization Config rule update is in progress. // - // * UPDATE_FAILED when an organization config rule update failed in one + // * UPDATE_FAILED when an organization Config rule update failed in one // or more member accounts within that organization. // // OrganizationRuleStatus is a required field @@ -24935,6 +25426,328 @@ func (s *OrganizationConformancePackTemplateValidationException) RequestID() str return s.RespMetadata.RequestID } +// An object that specifies metadata for your organization's Config Custom Policy +// rule. The metadata includes the runtime system in use, which accounts have +// debug logging enabled, and other custom rule metadata, such as resource type, +// resource ID of Amazon Web Services resource, and organization trigger types +// that initiate Config to evaluate Amazon Web Services resources against a +// rule. +type OrganizationCustomPolicyRuleMetadata struct { + _ struct{} `type:"structure"` + + // A list of accounts that you can enable debug logging for your organization + // Config Custom Policy rule. List is null when debug logging is enabled for + // all accounts. + DebugLogDeliveryAccounts []*string `type:"list"` + + // The description that you provide for your organization Config Custom Policy + // rule. + Description *string `type:"string"` + + // A string, in JSON format, that is passed to your organization Config Custom + // Policy rule. + InputParameters *string `min:"1" type:"string"` + + // The maximum frequency with which Config runs evaluations for a rule. Your + // Config Custom Policy rule is triggered when Config delivers the configuration + // snapshot. For more information, see ConfigSnapshotDeliveryProperties. + MaximumExecutionFrequency *string `type:"string" enum:"MaximumExecutionFrequency"` + + // The type of notification that initiates Config to run an evaluation for a + // rule. For Config Custom Policy rules, Config supports change-initiated notification + // types: + // + // * ConfigurationItemChangeNotification - Initiates an evaluation when Config + // delivers a configuration item as a result of a resource change. + // + // * OversizedConfigurationItemChangeNotification - Initiates an evaluation + // when Config delivers an oversized configuration item. Config may generate + // this notification type when a resource changes and the notification exceeds + // the maximum size allowed by Amazon SNS. + OrganizationConfigRuleTriggerTypes []*string `type:"list" enum:"OrganizationConfigRuleTriggerTypeNoSN"` + + // The runtime system for your organization Config Custom Policy rules. Guard + // is a policy-as-code language that allows you to write policies that are enforced + // by Config Custom Policy rules. For more information about Guard, see the + // Guard GitHub Repository (https://github.com/aws-cloudformation/cloudformation-guard). + // + // PolicyRuntime is a required field + PolicyRuntime *string `min:"1" type:"string" required:"true"` + + // The policy definition containing the logic for your organization Config Custom + // Policy rule. + // + // PolicyText is a required field + PolicyText *string `type:"string" required:"true"` + + // The ID of the Amazon Web Services resource that was evaluated. + ResourceIdScope *string `min:"1" type:"string"` + + // The type of the Amazon Web Services resource that was evaluated. + ResourceTypesScope []*string `type:"list"` + + // One part of a key-value pair that make up a tag. A key is a general label + // that acts like a category for more specific tag values. + TagKeyScope *string `min:"1" type:"string"` + + // The optional part of a key-value pair that make up a tag. A value acts as + // a descriptor within a tag category (key). + TagValueScope *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OrganizationCustomPolicyRuleMetadata) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OrganizationCustomPolicyRuleMetadata) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *OrganizationCustomPolicyRuleMetadata) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "OrganizationCustomPolicyRuleMetadata"} + if s.InputParameters != nil && len(*s.InputParameters) < 1 { + invalidParams.Add(request.NewErrParamMinLen("InputParameters", 1)) + } + if s.PolicyRuntime == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyRuntime")) + } + if s.PolicyRuntime != nil && len(*s.PolicyRuntime) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PolicyRuntime", 1)) + } + if s.PolicyText == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyText")) + } + if s.ResourceIdScope != nil && len(*s.ResourceIdScope) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceIdScope", 1)) + } + if s.TagKeyScope != nil && len(*s.TagKeyScope) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TagKeyScope", 1)) + } + if s.TagValueScope != nil && len(*s.TagValueScope) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TagValueScope", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDebugLogDeliveryAccounts sets the DebugLogDeliveryAccounts field's value. +func (s *OrganizationCustomPolicyRuleMetadata) SetDebugLogDeliveryAccounts(v []*string) *OrganizationCustomPolicyRuleMetadata { + s.DebugLogDeliveryAccounts = v + return s +} + +// SetDescription sets the Description field's value. +func (s *OrganizationCustomPolicyRuleMetadata) SetDescription(v string) *OrganizationCustomPolicyRuleMetadata { + s.Description = &v + return s +} + +// SetInputParameters sets the InputParameters field's value. +func (s *OrganizationCustomPolicyRuleMetadata) SetInputParameters(v string) *OrganizationCustomPolicyRuleMetadata { + s.InputParameters = &v + return s +} + +// SetMaximumExecutionFrequency sets the MaximumExecutionFrequency field's value. +func (s *OrganizationCustomPolicyRuleMetadata) SetMaximumExecutionFrequency(v string) *OrganizationCustomPolicyRuleMetadata { + s.MaximumExecutionFrequency = &v + return s +} + +// SetOrganizationConfigRuleTriggerTypes sets the OrganizationConfigRuleTriggerTypes field's value. +func (s *OrganizationCustomPolicyRuleMetadata) SetOrganizationConfigRuleTriggerTypes(v []*string) *OrganizationCustomPolicyRuleMetadata { + s.OrganizationConfigRuleTriggerTypes = v + return s +} + +// SetPolicyRuntime sets the PolicyRuntime field's value. +func (s *OrganizationCustomPolicyRuleMetadata) SetPolicyRuntime(v string) *OrganizationCustomPolicyRuleMetadata { + s.PolicyRuntime = &v + return s +} + +// SetPolicyText sets the PolicyText field's value. +func (s *OrganizationCustomPolicyRuleMetadata) SetPolicyText(v string) *OrganizationCustomPolicyRuleMetadata { + s.PolicyText = &v + return s +} + +// SetResourceIdScope sets the ResourceIdScope field's value. +func (s *OrganizationCustomPolicyRuleMetadata) SetResourceIdScope(v string) *OrganizationCustomPolicyRuleMetadata { + s.ResourceIdScope = &v + return s +} + +// SetResourceTypesScope sets the ResourceTypesScope field's value. +func (s *OrganizationCustomPolicyRuleMetadata) SetResourceTypesScope(v []*string) *OrganizationCustomPolicyRuleMetadata { + s.ResourceTypesScope = v + return s +} + +// SetTagKeyScope sets the TagKeyScope field's value. +func (s *OrganizationCustomPolicyRuleMetadata) SetTagKeyScope(v string) *OrganizationCustomPolicyRuleMetadata { + s.TagKeyScope = &v + return s +} + +// SetTagValueScope sets the TagValueScope field's value. +func (s *OrganizationCustomPolicyRuleMetadata) SetTagValueScope(v string) *OrganizationCustomPolicyRuleMetadata { + s.TagValueScope = &v + return s +} + +// An object that specifies metadata for your organization Config Custom Policy +// rule including the runtime system in use, which accounts have debug logging +// enabled, and other custom rule metadata such as resource type, resource ID +// of Amazon Web Services resource, and organization trigger types that trigger +// Config to evaluate Amazon Web Services resources against a rule. +type OrganizationCustomPolicyRuleMetadataNoPolicy struct { + _ struct{} `type:"structure"` + + // A list of accounts that you can enable debug logging for your organization + // Config Custom Policy rule. List is null when debug logging is enabled for + // all accounts. + DebugLogDeliveryAccounts []*string `type:"list"` + + // The description that you provide for your organization Config Custom Policy + // rule. + Description *string `type:"string"` + + // A string, in JSON format, that is passed to your organization Config Custom + // Policy rule. + InputParameters *string `min:"1" type:"string"` + + // The maximum frequency with which Config runs evaluations for a rule. Your + // Config Custom Policy rule is triggered when Config delivers the configuration + // snapshot. For more information, see ConfigSnapshotDeliveryProperties. + MaximumExecutionFrequency *string `type:"string" enum:"MaximumExecutionFrequency"` + + // The type of notification that triggers Config to run an evaluation for a + // rule. For Config Custom Policy rules, Config supports change triggered notification + // types: + // + // * ConfigurationItemChangeNotification - Triggers an evaluation when Config + // delivers a configuration item as a result of a resource change. + // + // * OversizedConfigurationItemChangeNotification - Triggers an evaluation + // when Config delivers an oversized configuration item. Config may generate + // this notification type when a resource changes and the notification exceeds + // the maximum size allowed by Amazon SNS. + OrganizationConfigRuleTriggerTypes []*string `type:"list" enum:"OrganizationConfigRuleTriggerTypeNoSN"` + + // The runtime system for your organization Config Custom Policy rules. Guard + // is a policy-as-code language that allows you to write policies that are enforced + // by Config Custom Policy rules. For more information about Guard, see the + // Guard GitHub Repository (https://github.com/aws-cloudformation/cloudformation-guard). + PolicyRuntime *string `min:"1" type:"string"` + + // The ID of the Amazon Web Services resource that was evaluated. + ResourceIdScope *string `min:"1" type:"string"` + + // The type of the Amazon Web Services resource that was evaluated. + ResourceTypesScope []*string `type:"list"` + + // One part of a key-value pair that make up a tag. A key is a general label + // that acts like a category for more specific tag values. + TagKeyScope *string `min:"1" type:"string"` + + // The optional part of a key-value pair that make up a tag. A value acts as + // a descriptor within a tag category (key). + TagValueScope *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OrganizationCustomPolicyRuleMetadataNoPolicy) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OrganizationCustomPolicyRuleMetadataNoPolicy) GoString() string { + return s.String() +} + +// SetDebugLogDeliveryAccounts sets the DebugLogDeliveryAccounts field's value. +func (s *OrganizationCustomPolicyRuleMetadataNoPolicy) SetDebugLogDeliveryAccounts(v []*string) *OrganizationCustomPolicyRuleMetadataNoPolicy { + s.DebugLogDeliveryAccounts = v + return s +} + +// SetDescription sets the Description field's value. +func (s *OrganizationCustomPolicyRuleMetadataNoPolicy) SetDescription(v string) *OrganizationCustomPolicyRuleMetadataNoPolicy { + s.Description = &v + return s +} + +// SetInputParameters sets the InputParameters field's value. +func (s *OrganizationCustomPolicyRuleMetadataNoPolicy) SetInputParameters(v string) *OrganizationCustomPolicyRuleMetadataNoPolicy { + s.InputParameters = &v + return s +} + +// SetMaximumExecutionFrequency sets the MaximumExecutionFrequency field's value. +func (s *OrganizationCustomPolicyRuleMetadataNoPolicy) SetMaximumExecutionFrequency(v string) *OrganizationCustomPolicyRuleMetadataNoPolicy { + s.MaximumExecutionFrequency = &v + return s +} + +// SetOrganizationConfigRuleTriggerTypes sets the OrganizationConfigRuleTriggerTypes field's value. +func (s *OrganizationCustomPolicyRuleMetadataNoPolicy) SetOrganizationConfigRuleTriggerTypes(v []*string) *OrganizationCustomPolicyRuleMetadataNoPolicy { + s.OrganizationConfigRuleTriggerTypes = v + return s +} + +// SetPolicyRuntime sets the PolicyRuntime field's value. +func (s *OrganizationCustomPolicyRuleMetadataNoPolicy) SetPolicyRuntime(v string) *OrganizationCustomPolicyRuleMetadataNoPolicy { + s.PolicyRuntime = &v + return s +} + +// SetResourceIdScope sets the ResourceIdScope field's value. +func (s *OrganizationCustomPolicyRuleMetadataNoPolicy) SetResourceIdScope(v string) *OrganizationCustomPolicyRuleMetadataNoPolicy { + s.ResourceIdScope = &v + return s +} + +// SetResourceTypesScope sets the ResourceTypesScope field's value. +func (s *OrganizationCustomPolicyRuleMetadataNoPolicy) SetResourceTypesScope(v []*string) *OrganizationCustomPolicyRuleMetadataNoPolicy { + s.ResourceTypesScope = v + return s +} + +// SetTagKeyScope sets the TagKeyScope field's value. +func (s *OrganizationCustomPolicyRuleMetadataNoPolicy) SetTagKeyScope(v string) *OrganizationCustomPolicyRuleMetadataNoPolicy { + s.TagKeyScope = &v + return s +} + +// SetTagValueScope sets the TagValueScope field's value. +func (s *OrganizationCustomPolicyRuleMetadataNoPolicy) SetTagValueScope(v string) *OrganizationCustomPolicyRuleMetadataNoPolicy { + s.TagValueScope = &v + return s +} + // An object that specifies organization custom rule metadata such as resource // type, resource ID of Amazon Web Services resource, Lambda function ARN, and // organization trigger types that trigger Config to evaluate your Amazon Web @@ -24943,11 +25756,11 @@ func (s *OrganizationConformancePackTemplateValidationException) RequestID() str type OrganizationCustomRuleMetadata struct { _ struct{} `type:"structure"` - // The description that you provide for organization config rule. + // The description that you provide for your organization Config rule. Description *string `type:"string"` - // A string, in JSON format, that is passed to organization config rule Lambda - // function. + // A string, in JSON format, that is passed to your organization Config rule + // Lambda function. InputParameters *string `min:"1" type:"string"` // The lambda function ARN. @@ -25106,11 +25919,11 @@ func (s *OrganizationCustomRuleMetadata) SetTagValueScope(v string) *Organizatio type OrganizationManagedRuleMetadata struct { _ struct{} `type:"structure"` - // The description that you provide for organization config rule. + // The description that you provide for your organization Config rule. Description *string `type:"string"` - // A string, in JSON format, that is passed to organization config rule Lambda - // function. + // A string, in JSON format, that is passed to your organization Config rule + // Lambda function. InputParameters *string `min:"1" type:"string"` // The maximum frequency with which Config runs evaluations for a rule. You @@ -25857,7 +26670,7 @@ type PutConformancePackInput struct { // the template body with a minimum length of 1 byte and a maximum length of // 51,200 bytes. // - // You can only use a YAML template with two resource types: config rule (AWS::Config::ConfigRule) + // You can only use a YAML template with two resource types: Config rule (AWS::Config::ConfigRule) // and a remediation action (AWS::Config::RemediationConfiguration). TemplateBody *string `min:"1" type:"string"` @@ -26269,14 +27082,22 @@ type PutOrganizationConfigRuleInput struct { _ struct{} `type:"structure"` // A comma-separated list of accounts that you want to exclude from an organization - // config rule. + // Config rule. ExcludedAccounts []*string `type:"list"` - // The name that you assign to an organization config rule. + // The name that you assign to an organization Config rule. // // OrganizationConfigRuleName is a required field OrganizationConfigRuleName *string `min:"1" type:"string" required:"true"` + // An object that specifies metadata for your organization's Config Custom Policy + // rule. The metadata includes the runtime system in use, which accounts have + // debug logging enabled, and other custom rule metadata, such as resource type, + // resource ID of Amazon Web Services resource, and organization trigger types + // that initiate Config to evaluate Amazon Web Services resources against a + // rule. + OrganizationCustomPolicyRuleMetadata *OrganizationCustomPolicyRuleMetadata `type:"structure"` + // An OrganizationCustomRuleMetadata object. OrganizationCustomRuleMetadata *OrganizationCustomRuleMetadata `type:"structure"` @@ -26311,6 +27132,11 @@ func (s *PutOrganizationConfigRuleInput) Validate() error { if s.OrganizationConfigRuleName != nil && len(*s.OrganizationConfigRuleName) < 1 { invalidParams.Add(request.NewErrParamMinLen("OrganizationConfigRuleName", 1)) } + if s.OrganizationCustomPolicyRuleMetadata != nil { + if err := s.OrganizationCustomPolicyRuleMetadata.Validate(); err != nil { + invalidParams.AddNested("OrganizationCustomPolicyRuleMetadata", err.(request.ErrInvalidParams)) + } + } if s.OrganizationCustomRuleMetadata != nil { if err := s.OrganizationCustomRuleMetadata.Validate(); err != nil { invalidParams.AddNested("OrganizationCustomRuleMetadata", err.(request.ErrInvalidParams)) @@ -26340,6 +27166,12 @@ func (s *PutOrganizationConfigRuleInput) SetOrganizationConfigRuleName(v string) return s } +// SetOrganizationCustomPolicyRuleMetadata sets the OrganizationCustomPolicyRuleMetadata field's value. +func (s *PutOrganizationConfigRuleInput) SetOrganizationCustomPolicyRuleMetadata(v *OrganizationCustomPolicyRuleMetadata) *PutOrganizationConfigRuleInput { + s.OrganizationCustomPolicyRuleMetadata = v + return s +} + // SetOrganizationCustomRuleMetadata sets the OrganizationCustomRuleMetadata field's value. func (s *PutOrganizationConfigRuleInput) SetOrganizationCustomRuleMetadata(v *OrganizationCustomRuleMetadata) *PutOrganizationConfigRuleInput { s.OrganizationCustomRuleMetadata = v @@ -26355,7 +27187,7 @@ func (s *PutOrganizationConfigRuleInput) SetOrganizationManagedRuleMetadata(v *O type PutOrganizationConfigRuleOutput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of an organization config rule. + // The Amazon Resource Name (ARN) of an organization Config rule. OrganizationConfigRuleArn *string `min:"1" type:"string"` } @@ -28211,10 +29043,10 @@ func (s *ResourceIdentifier) SetResourceType(v string) *ResourceIdentifier { // and Config cannot delete this rule. Delete the remediation action associated // with the rule before deleting the rule and try your request again later. // -// * For PutConfigOrganizationRule, organization config rule deletion is +// * For PutConfigOrganizationRule, organization Config rule deletion is // in progress. Try your request again later. // -// * For DeleteOrganizationConfigRule, organization config rule creation +// * For DeleteOrganizationConfigRule, organization Config rule creation // is in progress. Try your request again later. // // * For PutConformancePack and PutOrganizationConformancePack, a conformance @@ -28928,31 +29760,50 @@ func (s *SelectResourceConfigOutput) SetResults(v []*string) *SelectResourceConf return s } -// Provides the Config rule owner (Amazon Web Services or customer), the rule -// identifier, and the events that trigger the evaluation of your Amazon Web -// Services resources. +// Provides the CustomPolicyDetails, the rule owner (Amazon Web Services or +// customer), the rule identifier, and the events that cause the evaluation +// of your Amazon Web Services resources. type Source struct { _ struct{} `type:"structure"` + // Provides the runtime system, policy definition, and whether debug logging + // is enabled. Required when owner is set to CUSTOM_POLICY. + CustomPolicyDetails *CustomPolicyDetails `type:"structure"` + // Indicates whether Amazon Web Services or the customer owns and manages the // Config rule. // + // Config Managed Rules are predefined rules owned by Amazon Web Services. For + // more information, see Config Managed Rules (https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) + // in the Config developer guide. + // + // Config Custom Rules are rules that you can develop either with Guard (CUSTOM_POLICY) + // or Lambda (CUSTOM_LAMBDA). For more information, see Config Custom Rules + // (https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html) + // in the Config developer guide. + // // Owner is a required field Owner *string `type:"string" required:"true" enum:"Owner"` - // Provides the source and type of the event that causes Config to evaluate - // your Amazon Web Services resources. + // Provides the source and the message types that cause Config to evaluate your + // Amazon Web Services resources against a rule. It also provides the frequency + // with which you want Config to run evaluations for the rule if the trigger + // type is periodic. + // + // If the owner is set to CUSTOM_POLICY, the only acceptable values for the + // Config rule trigger message type are ConfigurationItemChangeNotification + // and OversizedConfigurationItemChangeNotification. SourceDetails []*SourceDetail `type:"list"` - // For Config managed rules, a predefined identifier from a list. For example, - // IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see Using - // Config managed rules (https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html). + // For Config Managed rules, a predefined identifier from a list. For example, + // IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see List + // of Config Managed Rules (https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html). // - // For custom rules, the identifier is the Amazon Resource Name (ARN) of the - // rule's Lambda function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name. + // For Config Custom Lambda rules, the identifier is the Amazon Resource Name + // (ARN) of the rule's Lambda function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name. // - // SourceIdentifier is a required field - SourceIdentifier *string `min:"1" type:"string" required:"true"` + // For Config Custom Policy rules, this field will be ignored. + SourceIdentifier *string `min:"1" type:"string"` } // String returns the string representation. @@ -28979,12 +29830,14 @@ func (s *Source) Validate() error { if s.Owner == nil { invalidParams.Add(request.NewErrParamRequired("Owner")) } - if s.SourceIdentifier == nil { - invalidParams.Add(request.NewErrParamRequired("SourceIdentifier")) - } if s.SourceIdentifier != nil && len(*s.SourceIdentifier) < 1 { invalidParams.Add(request.NewErrParamMinLen("SourceIdentifier", 1)) } + if s.CustomPolicyDetails != nil { + if err := s.CustomPolicyDetails.Validate(); err != nil { + invalidParams.AddNested("CustomPolicyDetails", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -28992,6 +29845,12 @@ func (s *Source) Validate() error { return nil } +// SetCustomPolicyDetails sets the CustomPolicyDetails field's value. +func (s *Source) SetCustomPolicyDetails(v *CustomPolicyDetails) *Source { + s.CustomPolicyDetails = v + return s +} + // SetOwner sets the Owner field's value. func (s *Source) SetOwner(v string) *Source { s.Owner = &v @@ -29466,39 +30325,39 @@ func (s *StaticValue) SetValues(v []*string) *StaticValue { } // Status filter object to filter results based on specific member account ID -// or status type for an organization config rule. +// or status type for an organization Config rule. type StatusDetailFilters struct { _ struct{} `type:"structure"` // The 12-digit account ID of the member account within an organization. AccountId *string `type:"string"` - // Indicates deployment status for config rule in the member account. When master - // account calls PutOrganizationConfigRule action for the first time, config + // Indicates deployment status for Config rule in the member account. When master + // account calls PutOrganizationConfigRule action for the first time, Config // rule status is created in the member account. When master account calls PutOrganizationConfigRule - // action for the second time, config rule status is updated in the member account. + // action for the second time, Config rule status is updated in the member account. // Config rule status is deleted when the master account deletes OrganizationConfigRule // and disables service access for config-multiaccountsetup.amazonaws.com. // // Config sets the state of the rule to: // - // * CREATE_SUCCESSFUL when config rule has been created in the member account. + // * CREATE_SUCCESSFUL when Config rule has been created in the member account. // - // * CREATE_IN_PROGRESS when config rule is being created in the member account. + // * CREATE_IN_PROGRESS when Config rule is being created in the member account. // - // * CREATE_FAILED when config rule creation has failed in the member account. + // * CREATE_FAILED when Config rule creation has failed in the member account. // - // * DELETE_FAILED when config rule deletion has failed in the member account. + // * DELETE_FAILED when Config rule deletion has failed in the member account. // - // * DELETE_IN_PROGRESS when config rule is being deleted in the member account. + // * DELETE_IN_PROGRESS when Config rule is being deleted in the member account. // - // * DELETE_SUCCESSFUL when config rule has been deleted in the member account. + // * DELETE_SUCCESSFUL when Config rule has been deleted in the member account. // - // * UPDATE_SUCCESSFUL when config rule has been updated in the member account. + // * UPDATE_SUCCESSFUL when Config rule has been updated in the member account. // - // * UPDATE_IN_PROGRESS when config rule is being updated in the member account. + // * UPDATE_IN_PROGRESS when Config rule is being updated in the member account. // - // * UPDATE_FAILED when config rule deletion has failed in the member account. + // * UPDATE_FAILED when Config rule deletion has failed in the member account. MemberAccountRuleStatus *string `type:"string" enum:"MemberAccountRuleStatus"` } @@ -30510,6 +31369,22 @@ func OrganizationConfigRuleTriggerType_Values() []string { } } +const ( + // OrganizationConfigRuleTriggerTypeNoSNConfigurationItemChangeNotification is a OrganizationConfigRuleTriggerTypeNoSN enum value + OrganizationConfigRuleTriggerTypeNoSNConfigurationItemChangeNotification = "ConfigurationItemChangeNotification" + + // OrganizationConfigRuleTriggerTypeNoSNOversizedConfigurationItemChangeNotification is a OrganizationConfigRuleTriggerTypeNoSN enum value + OrganizationConfigRuleTriggerTypeNoSNOversizedConfigurationItemChangeNotification = "OversizedConfigurationItemChangeNotification" +) + +// OrganizationConfigRuleTriggerTypeNoSN_Values returns all elements of the OrganizationConfigRuleTriggerTypeNoSN enum +func OrganizationConfigRuleTriggerTypeNoSN_Values() []string { + return []string{ + OrganizationConfigRuleTriggerTypeNoSNConfigurationItemChangeNotification, + OrganizationConfigRuleTriggerTypeNoSNOversizedConfigurationItemChangeNotification, + } +} + const ( // OrganizationResourceDetailedStatusCreateSuccessful is a OrganizationResourceDetailedStatus enum value OrganizationResourceDetailedStatusCreateSuccessful = "CREATE_SUCCESSFUL" @@ -30648,6 +31523,9 @@ const ( // OwnerAws is a Owner enum value OwnerAws = "AWS" + + // OwnerCustomPolicy is a Owner enum value + OwnerCustomPolicy = "CUSTOM_POLICY" ) // Owner_Values returns all elements of the Owner enum @@ -30655,6 +31533,7 @@ func Owner_Values() []string { return []string{ OwnerCustomLambda, OwnerAws, + OwnerCustomPolicy, } } @@ -31105,6 +31984,9 @@ const ( // ResourceTypeAwsEcrPublicRepository is a ResourceType enum value ResourceTypeAwsEcrPublicRepository = "AWS::ECR::PublicRepository" + + // ResourceTypeAwsGuardDutyDetector is a ResourceType enum value + ResourceTypeAwsGuardDutyDetector = "AWS::GuardDuty::Detector" ) // ResourceType_Values returns all elements of the ResourceType enum @@ -31227,6 +32109,7 @@ func ResourceType_Values() []string { ResourceTypeAwsCodeDeployDeploymentGroup, ResourceTypeAwsEc2LaunchTemplate, ResourceTypeAwsEcrPublicRepository, + ResourceTypeAwsGuardDutyDetector, } } diff --git a/service/configservice/configserviceiface/interface.go b/service/configservice/configserviceiface/interface.go index 3352bbe67da..b35fe0cc167 100644 --- a/service/configservice/configserviceiface/interface.go +++ b/service/configservice/configserviceiface/interface.go @@ -360,6 +360,10 @@ type ConfigServiceAPI interface { GetConformancePackComplianceSummaryPages(*configservice.GetConformancePackComplianceSummaryInput, func(*configservice.GetConformancePackComplianceSummaryOutput, bool) bool) error GetConformancePackComplianceSummaryPagesWithContext(aws.Context, *configservice.GetConformancePackComplianceSummaryInput, func(*configservice.GetConformancePackComplianceSummaryOutput, bool) bool, ...request.Option) error + GetCustomRulePolicy(*configservice.GetCustomRulePolicyInput) (*configservice.GetCustomRulePolicyOutput, error) + GetCustomRulePolicyWithContext(aws.Context, *configservice.GetCustomRulePolicyInput, ...request.Option) (*configservice.GetCustomRulePolicyOutput, error) + GetCustomRulePolicyRequest(*configservice.GetCustomRulePolicyInput) (*request.Request, *configservice.GetCustomRulePolicyOutput) + GetDiscoveredResourceCounts(*configservice.GetDiscoveredResourceCountsInput) (*configservice.GetDiscoveredResourceCountsOutput, error) GetDiscoveredResourceCountsWithContext(aws.Context, *configservice.GetDiscoveredResourceCountsInput, ...request.Option) (*configservice.GetDiscoveredResourceCountsOutput, error) GetDiscoveredResourceCountsRequest(*configservice.GetDiscoveredResourceCountsInput) (*request.Request, *configservice.GetDiscoveredResourceCountsOutput) @@ -381,6 +385,10 @@ type ConfigServiceAPI interface { GetOrganizationConformancePackDetailedStatusPages(*configservice.GetOrganizationConformancePackDetailedStatusInput, func(*configservice.GetOrganizationConformancePackDetailedStatusOutput, bool) bool) error GetOrganizationConformancePackDetailedStatusPagesWithContext(aws.Context, *configservice.GetOrganizationConformancePackDetailedStatusInput, func(*configservice.GetOrganizationConformancePackDetailedStatusOutput, bool) bool, ...request.Option) error + GetOrganizationCustomRulePolicy(*configservice.GetOrganizationCustomRulePolicyInput) (*configservice.GetOrganizationCustomRulePolicyOutput, error) + GetOrganizationCustomRulePolicyWithContext(aws.Context, *configservice.GetOrganizationCustomRulePolicyInput, ...request.Option) (*configservice.GetOrganizationCustomRulePolicyOutput, error) + GetOrganizationCustomRulePolicyRequest(*configservice.GetOrganizationCustomRulePolicyInput) (*request.Request, *configservice.GetOrganizationCustomRulePolicyOutput) + GetResourceConfigHistory(*configservice.GetResourceConfigHistoryInput) (*configservice.GetResourceConfigHistoryOutput, error) GetResourceConfigHistoryWithContext(aws.Context, *configservice.GetResourceConfigHistoryInput, ...request.Option) (*configservice.GetResourceConfigHistoryOutput, error) GetResourceConfigHistoryRequest(*configservice.GetResourceConfigHistoryInput) (*request.Request, *configservice.GetResourceConfigHistoryOutput) diff --git a/service/configservice/errors.go b/service/configservice/errors.go index 38768f7ea2c..7d3db4b5187 100644 --- a/service/configservice/errors.go +++ b/service/configservice/errors.go @@ -31,7 +31,7 @@ const ( // * For PutConfigRule, the Lambda function cannot be invoked. Check the // function ARN, and check the function's permissions. // - // * For PutOrganizationConfigRule, organization config rule cannot be created + // * For PutOrganizationConfigRule, organization Config rule cannot be created // because you do not have permissions to call IAM GetRole action or create // a service linked role. // @@ -177,7 +177,7 @@ const ( // ErrCodeMaxNumberOfOrganizationConfigRulesExceededException for service response error code // "MaxNumberOfOrganizationConfigRulesExceededException". // - // You have reached the limit of the number of organization config rules you + // You have reached the limit of the number of organization Config rules you // can create. ErrCodeMaxNumberOfOrganizationConfigRulesExceededException = "MaxNumberOfOrganizationConfigRulesExceededException" @@ -230,8 +230,9 @@ const ( // ErrCodeNoSuchConfigRuleException for service response error code // "NoSuchConfigRuleException". // - // One or more Config rules in the request are invalid. Verify that the rule - // names are correct and try again. + // The Config rule in the request is not valid. Verify that the rule is an Config + // Custom Policy rule, that the rule name is correct, and that valid Amazon + // Resouce Names (ARNs) are used before trying again. ErrCodeNoSuchConfigRuleException = "NoSuchConfigRuleException" // ErrCodeNoSuchConfigRuleInConformancePackException for service response error code @@ -267,7 +268,9 @@ const ( // ErrCodeNoSuchOrganizationConfigRuleException for service response error code // "NoSuchOrganizationConfigRuleException". // - // You specified one or more organization config rules that do not exist. + // The Config rule in the request is not valid. Verify that the rule is an organization + // Config Custom Policy rule, that the rule name is correct, and that valid + // Amazon Resouce Names (ARNs) are used before trying again. ErrCodeNoSuchOrganizationConfigRuleException = "NoSuchOrganizationConfigRuleException" // ErrCodeNoSuchOrganizationConformancePackException for service response error code @@ -374,10 +377,10 @@ const ( // and Config cannot delete this rule. Delete the remediation action associated // with the rule before deleting the rule and try your request again later. // - // * For PutConfigOrganizationRule, organization config rule deletion is + // * For PutConfigOrganizationRule, organization Config rule deletion is // in progress. Try your request again later. // - // * For DeleteOrganizationConfigRule, organization config rule creation + // * For DeleteOrganizationConfigRule, organization Config rule creation // is in progress. Try your request again later. // // * For PutConformancePack and PutOrganizationConformancePack, a conformance diff --git a/service/lambda/api.go b/service/lambda/api.go index fa1af8e7ea1..922cb8f73f2 100644 --- a/service/lambda/api.go +++ b/service/lambda/api.go @@ -7862,6 +7862,10 @@ type CreateFunctionInput struct { // Environment variables that are accessible from function code during execution. Environment *Environment `type:"structure"` + // The size of the function’s /tmp directory in MB. The default value is 512, + // but can be any whole number between 512 and 10240 MB. + EphemeralStorage *EphemeralStorage `type:"structure"` + // Connection settings for an Amazon EFS file system. FileSystemConfigs []*FileSystemConfig `type:"list"` @@ -7990,6 +7994,11 @@ func (s *CreateFunctionInput) Validate() error { invalidParams.AddNested("Code", err.(request.ErrInvalidParams)) } } + if s.EphemeralStorage != nil { + if err := s.EphemeralStorage.Validate(); err != nil { + invalidParams.AddNested("EphemeralStorage", err.(request.ErrInvalidParams)) + } + } if s.FileSystemConfigs != nil { for i, v := range s.FileSystemConfigs { if v == nil { @@ -8043,6 +8052,12 @@ func (s *CreateFunctionInput) SetEnvironment(v *Environment) *CreateFunctionInpu return s } +// SetEphemeralStorage sets the EphemeralStorage field's value. +func (s *CreateFunctionInput) SetEphemeralStorage(v *EphemeralStorage) *CreateFunctionInput { + s.EphemeralStorage = v + return s +} + // SetFileSystemConfigs sets the FileSystemConfigs field's value. func (s *CreateFunctionInput) SetFileSystemConfigs(v []*FileSystemConfig) *CreateFunctionInput { s.FileSystemConfigs = v @@ -9634,6 +9649,57 @@ func (s *EnvironmentResponse) SetVariables(v map[string]*string) *EnvironmentRes return s } +// The size of the function’s /tmp directory in MB. The default value is 512, +// but can be any whole number between 512 and 10240 MB. +type EphemeralStorage struct { + _ struct{} `type:"structure"` + + // The size of the function’s /tmp directory. + // + // Size is a required field + Size *int64 `min:"512" type:"integer" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EphemeralStorage) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EphemeralStorage) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EphemeralStorage) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EphemeralStorage"} + if s.Size == nil { + invalidParams.Add(request.NewErrParamRequired("Size")) + } + if s.Size != nil && *s.Size < 512 { + invalidParams.Add(request.NewErrParamMinValue("Size", 512)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSize sets the Size field's value. +func (s *EphemeralStorage) SetSize(v int64) *EphemeralStorage { + s.Size = &v + return s +} + // A mapping between an Amazon Web Services resource and a Lambda function. // For details, see CreateEventSourceMapping. type EventSourceMappingConfiguration struct { @@ -10208,6 +10274,10 @@ type FunctionConfiguration struct { // The function's environment variables (https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html). Environment *EnvironmentResponse `type:"structure"` + // The size of the function’s /tmp directory in MB. The default value is 512, + // but can be any whole number between 512 and 10240 MB. + EphemeralStorage *EphemeralStorage `type:"structure"` + // Connection settings for an Amazon EFS file system (https://docs.aws.amazon.com/lambda/latest/dg/configuration-filesystem.html). FileSystemConfigs []*FileSystemConfig `type:"list"` @@ -10348,6 +10418,12 @@ func (s *FunctionConfiguration) SetEnvironment(v *EnvironmentResponse) *Function return s } +// SetEphemeralStorage sets the EphemeralStorage field's value. +func (s *FunctionConfiguration) SetEphemeralStorage(v *EphemeralStorage) *FunctionConfiguration { + s.EphemeralStorage = v + return s +} + // SetFileSystemConfigs sets the FileSystemConfigs field's value. func (s *FunctionConfiguration) SetFileSystemConfigs(v []*FileSystemConfig) *FunctionConfiguration { s.FileSystemConfigs = v @@ -18058,6 +18134,10 @@ type UpdateFunctionConfigurationInput struct { // Environment variables that are accessible from function code during execution. Environment *Environment `type:"structure"` + // The size of the function’s /tmp directory in MB. The default value is 512, + // but can be any whole number between 512 and 10240 MB. + EphemeralStorage *EphemeralStorage `type:"structure"` + // Connection settings for an Amazon EFS file system. FileSystemConfigs []*FileSystemConfig `type:"list"` @@ -18164,6 +18244,11 @@ func (s *UpdateFunctionConfigurationInput) Validate() error { if s.Timeout != nil && *s.Timeout < 1 { invalidParams.Add(request.NewErrParamMinValue("Timeout", 1)) } + if s.EphemeralStorage != nil { + if err := s.EphemeralStorage.Validate(); err != nil { + invalidParams.AddNested("EphemeralStorage", err.(request.ErrInvalidParams)) + } + } if s.FileSystemConfigs != nil { for i, v := range s.FileSystemConfigs { if v == nil { @@ -18199,6 +18284,12 @@ func (s *UpdateFunctionConfigurationInput) SetEnvironment(v *Environment) *Updat return s } +// SetEphemeralStorage sets the EphemeralStorage field's value. +func (s *UpdateFunctionConfigurationInput) SetEphemeralStorage(v *EphemeralStorage) *UpdateFunctionConfigurationInput { + s.EphemeralStorage = v + return s +} + // SetFileSystemConfigs sets the FileSystemConfigs field's value. func (s *UpdateFunctionConfigurationInput) SetFileSystemConfigs(v []*FileSystemConfig) *UpdateFunctionConfigurationInput { s.FileSystemConfigs = v diff --git a/service/transcribeservice/api.go b/service/transcribeservice/api.go index af5e132414e..273fcbaf356 100644 --- a/service/transcribeservice/api.go +++ b/service/transcribeservice/api.go @@ -4426,7 +4426,7 @@ type CallAnalyticsJob struct { // following media formats are supported: MP3, MP4, WAV, FLAC, OGG, and WebM. MediaFormat *string `type:"string" enum:"MediaFormat"` - // The sample rate, in Hertz, of the audio. + // The sample rate, in Hertz, of the input audio. MediaSampleRateHertz *int64 `min:"8000" type:"integer"` // Provides information about the settings used to run a transcription job. @@ -10627,6 +10627,8 @@ type StartTranscriptionJobInput struct { // Set this field to true to enable automatic language identification. Automatic // language identification is disabled by default. You receive a BadRequestException // error if you enter a value for a LanguageCode. + // + // You must include either LanguageCode or IdentifyLanguage in your request. IdentifyLanguage *bool `type:"boolean"` // Provides information about how a transcription job is executed. Use this @@ -10639,7 +10641,8 @@ type StartTranscriptionJobInput struct { // pairs, that provide an added layer of security for your data. KMSEncryptionContext map[string]*string `min:"1" type:"map"` - // The language code for the language used in the input media file. + // The language code for the language used in the input media file. You must + // include either LanguageCode or IdentifyLanguage in your request. // // To transcribe speech in Modern Standard Arabic (ar-SA), your audio or video // file must be encoded at a sample rate of 16,000 Hz or higher. @@ -10977,7 +10980,7 @@ func (s *StartTranscriptionJobInput) SetTranscriptionJobName(v string) *StartTra type StartTranscriptionJobOutput struct { _ struct{} `type:"structure"` - // An object containing details of the asynchronous transcription job. + // Provides information about your asynchronous transcription job. TranscriptionJob *TranscriptionJob `type:"structure"` } @@ -11005,12 +11008,21 @@ func (s *StartTranscriptionJobOutput) SetTranscriptionJob(v *TranscriptionJob) * return s } -// Generate subtitles for your batch transcription job. +// Generate subtitles for your batch transcription job. Note that your subtitle +// files are placed in the same location as your transcription output. type Subtitles struct { _ struct{} `type:"structure"` - // Specify the output format for your subtitle file. + // Specify the output format for your subtitle file; if you select both srt + // and vtt formats, two output files are generated. Formats []*string `type:"list" enum:"SubtitleFormat"` + + // Defines the starting value that is assigned to the first subtitle segment. + // + // The default start index for Amazon Transcribe is 0, which differs from the + // more widely used standard of 1. If you're uncertain which value to use, we + // recommend choosing 1, as this may improve compatibility with other services. + OutputStartIndex *int64 `type:"integer"` } // String returns the string representation. @@ -11037,15 +11049,26 @@ func (s *Subtitles) SetFormats(v []*string) *Subtitles { return s } -// Choose the output format for your subtitle file and the S3 location where -// you want your file saved. +// SetOutputStartIndex sets the OutputStartIndex field's value. +func (s *Subtitles) SetOutputStartIndex(v int64) *Subtitles { + s.OutputStartIndex = &v + return s +} + +// The S3 location where your subtitle files are located. Note that your subtitle +// files are placed in the same location as your transcription output. Refer +// to TranscriptFileUri to download your files. type SubtitlesOutput_ struct { _ struct{} `type:"structure"` - // Specify the output format for your subtitle file; if you select both SRT - // and VTT formats, two output files are generated. + // The format of your subtitle files. If your request specified both srt and + // vtt formats, both formats are shown. Formats []*string `type:"list" enum:"SubtitleFormat"` + // Shows the output start index value for your subtitle files. If you did not + // specify a value in your request, the default value of 0 is used. + OutputStartIndex *int64 `type:"integer"` + // Contains the output location for your subtitle file. This location must be // an S3 bucket. SubtitleFileUris []*string `type:"list"` @@ -11075,6 +11098,12 @@ func (s *SubtitlesOutput_) SetFormats(v []*string) *SubtitlesOutput_ { return s } +// SetOutputStartIndex sets the OutputStartIndex field's value. +func (s *SubtitlesOutput_) SetOutputStartIndex(v int64) *SubtitlesOutput_ { + s.OutputStartIndex = &v + return s +} + // SetSubtitleFileUris sets the SubtitleFileUris field's value. func (s *SubtitlesOutput_) SetSubtitleFileUris(v []*string) *SubtitlesOutput_ { s.SubtitleFileUris = v