aws-sdk-configservice 1.105.0 → 1.106.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-configservice/client.rb +60 -9
- data/lib/aws-sdk-configservice/types.rb +71 -9
- data/lib/aws-sdk-configservice.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e8e080a108b8e4fc09782fcbd4f404c23b0795295e8d2567f717526312a45c67
|
4
|
+
data.tar.gz: 85327c6174063838d322876fede08799ff11beceed30133c87142c6dbcd753dc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bb87955f468b18f7280d01cb3ffe65c542ca7b1f3dc52cfa1653c0cf0c13e43db65d9144e82750bfe4faa6bfb0b092a2e9eb0bdc1564c1a5a877c8cd8aa18384
|
7
|
+
data.tar.gz: 33cfb51369f11b33a3323ad4ef61f7d1b6ed241c40eab8a9b5da1b9cbd965894b00c2bd1a71b2febc86b7cff6efea58ffb5179b7694ad5432ee632972867145d
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.106.0
|
@@ -1365,7 +1365,7 @@ module Aws::ConfigService
|
|
1365
1365
|
# The number of rule evaluation results that you want returned.
|
1366
1366
|
#
|
1367
1367
|
# This parameter is required if the rule limit for your account is more
|
1368
|
-
# than the default of
|
1368
|
+
# than the default of 1000 rules.
|
1369
1369
|
#
|
1370
1370
|
# For information about requesting a rule limit increase, see [Config
|
1371
1371
|
# Limits][1] in the *Amazon Web Services General Reference Guide*.
|
@@ -2045,7 +2045,7 @@ module Aws::ConfigService
|
|
2045
2045
|
# Config rule names. It is only applicable, when you request all the
|
2046
2046
|
# organization Config rules.
|
2047
2047
|
#
|
2048
|
-
# *For accounts within an
|
2048
|
+
# *For accounts within an organization*
|
2049
2049
|
#
|
2050
2050
|
# If you deploy an organizational rule or conformance pack in an
|
2051
2051
|
# organization administrator account, and then establish a delegated
|
@@ -2214,7 +2214,7 @@ module Aws::ConfigService
|
|
2214
2214
|
# conformance packs names. They are only applicable, when you request
|
2215
2215
|
# all the organization conformance packs.
|
2216
2216
|
#
|
2217
|
-
# *For accounts within an
|
2217
|
+
# *For accounts within an organization*
|
2218
2218
|
#
|
2219
2219
|
# If you deploy an organizational rule or conformance pack in an
|
2220
2220
|
# organization administrator account, and then establish a delegated
|
@@ -4991,7 +4991,9 @@ module Aws::ConfigService
|
|
4991
4991
|
# target (SSM document) must exist and have permissions to use the
|
4992
4992
|
# target.
|
4993
4993
|
#
|
4994
|
-
# <note markdown="1">
|
4994
|
+
# <note markdown="1"> **Be aware of backward incompatible changes**
|
4995
|
+
#
|
4996
|
+
# If you make backward incompatible changes to the SSM document, you
|
4995
4997
|
# must call this again to ensure the remediations can run.
|
4996
4998
|
#
|
4997
4999
|
# This API does not support adding remediation configurations for
|
@@ -5001,7 +5003,9 @@ module Aws::ConfigService
|
|
5001
5003
|
#
|
5002
5004
|
# </note>
|
5003
5005
|
#
|
5004
|
-
# <note markdown="1">
|
5006
|
+
# <note markdown="1"> **Required fields**
|
5007
|
+
#
|
5008
|
+
# For manual remediation configuration, you need to provide a value for
|
5005
5009
|
# `automationAssumeRole` or use a value in the `assumeRole`field to
|
5006
5010
|
# remediate your resources. The SSM automation document can use either
|
5007
5011
|
# as long as it maps to a valid parameter.
|
@@ -5013,6 +5017,28 @@ module Aws::ConfigService
|
|
5013
5017
|
#
|
5014
5018
|
# </note>
|
5015
5019
|
#
|
5020
|
+
# <note markdown="1"> **Auto remediation can be initiated even for compliant resources**
|
5021
|
+
#
|
5022
|
+
# If you enable auto remediation for a specific Config rule using the
|
5023
|
+
# [PutRemediationConfigurations][1] API or the Config console, it
|
5024
|
+
# initiates the remediation process for all non-compliant resources for
|
5025
|
+
# that specific rule. The auto remediation process relies on the
|
5026
|
+
# compliance data snapshot which is captured on a periodic basis. Any
|
5027
|
+
# non-compliant resource that is updated between the snapshot schedule
|
5028
|
+
# will continue to be remediated based on the last known compliance data
|
5029
|
+
# snapshot.
|
5030
|
+
#
|
5031
|
+
# This means that in some cases auto remediation can be initiated even
|
5032
|
+
# for compliant resources, since the bootstrap processor uses a database
|
5033
|
+
# that can have stale evaluation results based on the last known
|
5034
|
+
# compliance data snapshot.
|
5035
|
+
#
|
5036
|
+
# </note>
|
5037
|
+
#
|
5038
|
+
#
|
5039
|
+
#
|
5040
|
+
# [1]: https://docs.aws.amazon.com/config/latest/APIReference/emAPI_PutRemediationConfigurations.html
|
5041
|
+
#
|
5016
5042
|
# @option params [required, Array<Types::RemediationConfiguration>] :remediation_configurations
|
5017
5043
|
# A list of remediation configuration objects.
|
5018
5044
|
#
|
@@ -5091,13 +5117,17 @@ module Aws::ConfigService
|
|
5091
5117
|
# updates an existing exception for a specified resource with a
|
5092
5118
|
# specified Config rule.
|
5093
5119
|
#
|
5094
|
-
# <note markdown="1">
|
5120
|
+
# <note markdown="1"> **Exceptions block auto remediation**
|
5121
|
+
#
|
5122
|
+
# Config generates a remediation exception when a problem occurs running
|
5095
5123
|
# a remediation action for a specified resource. Remediation exceptions
|
5096
5124
|
# blocks auto-remediation until the exception is cleared.
|
5097
5125
|
#
|
5098
5126
|
# </note>
|
5099
5127
|
#
|
5100
|
-
# <note markdown="1">
|
5128
|
+
# <note markdown="1"> **Manual remediation is recommended when placing an exception**
|
5129
|
+
#
|
5130
|
+
# When placing an exception on an Amazon Web Services resource, it is
|
5101
5131
|
# recommended that remediation is set as manual remediation until the
|
5102
5132
|
# given Config rule for the specified resource evaluates the resource as
|
5103
5133
|
# `NON_COMPLIANT`. Once the resource has been evaluated as
|
@@ -5109,7 +5139,9 @@ module Aws::ConfigService
|
|
5109
5139
|
#
|
5110
5140
|
# </note>
|
5111
5141
|
#
|
5112
|
-
# <note markdown="1">
|
5142
|
+
# <note markdown="1"> **Exceptions can only be performed on non-compliant resources**
|
5143
|
+
#
|
5144
|
+
# Placing an exception can only be performed on resources that are
|
5113
5145
|
# `NON_COMPLIANT`. If you use this API for `COMPLIANT` resources or
|
5114
5146
|
# resources that are `NOT_APPLICABLE`, a remediation exception will not
|
5115
5147
|
# be generated. For more information on the conditions that initiate the
|
@@ -5118,9 +5150,28 @@ module Aws::ConfigService
|
|
5118
5150
|
#
|
5119
5151
|
# </note>
|
5120
5152
|
#
|
5153
|
+
# <note markdown="1"> **Auto remediation can be initiated even for compliant resources**
|
5154
|
+
#
|
5155
|
+
# If you enable auto remediation for a specific Config rule using the
|
5156
|
+
# [PutRemediationConfigurations][2] API or the Config console, it
|
5157
|
+
# initiates the remediation process for all non-compliant resources for
|
5158
|
+
# that specific rule. The auto remediation process relies on the
|
5159
|
+
# compliance data snapshot which is captured on a periodic basis. Any
|
5160
|
+
# non-compliant resource that is updated between the snapshot schedule
|
5161
|
+
# will continue to be remediated based on the last known compliance data
|
5162
|
+
# snapshot.
|
5163
|
+
#
|
5164
|
+
# This means that in some cases auto remediation can be initiated even
|
5165
|
+
# for compliant resources, since the bootstrap processor uses a database
|
5166
|
+
# that can have stale evaluation results based on the last known
|
5167
|
+
# compliance data snapshot.
|
5168
|
+
#
|
5169
|
+
# </note>
|
5170
|
+
#
|
5121
5171
|
#
|
5122
5172
|
#
|
5123
5173
|
# [1]: https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#aws-config-rules
|
5174
|
+
# [2]: https://docs.aws.amazon.com/config/latest/APIReference/emAPI_PutRemediationConfigurations.html
|
5124
5175
|
#
|
5125
5176
|
# @option params [required, String] :config_rule_name
|
5126
5177
|
# The name of the Config rule for which you want to create remediation
|
@@ -5822,7 +5873,7 @@ module Aws::ConfigService
|
|
5822
5873
|
params: params,
|
5823
5874
|
config: config)
|
5824
5875
|
context[:gem_name] = 'aws-sdk-configservice'
|
5825
|
-
context[:gem_version] = '1.
|
5876
|
+
context[:gem_version] = '1.106.0'
|
5826
5877
|
Seahorse::Client::Request.new(handlers, context)
|
5827
5878
|
end
|
5828
5879
|
|
@@ -520,6 +520,20 @@ module Aws::ConfigService
|
|
520
520
|
#
|
521
521
|
# @!attribute [rw] configuration_item_delivery_time
|
522
522
|
# The time when configuration changes for the resource were delivered.
|
523
|
+
#
|
524
|
+
# <note markdown="1"> This field is optional and is not guaranteed to be present in a
|
525
|
+
# configuration item (CI). If you are using daily recording, this
|
526
|
+
# field will be populated. However, if you are using continuous
|
527
|
+
# recording, this field will be omitted since the delivery time is
|
528
|
+
# instantaneous as the CI is available right away. For more
|
529
|
+
# information on daily recording and continuous recording, see
|
530
|
+
# [Recording Frequency][1] in the *Config Developer Guide*.
|
531
|
+
#
|
532
|
+
# </note>
|
533
|
+
#
|
534
|
+
#
|
535
|
+
#
|
536
|
+
# [1]: https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html#select-resources-recording-frequency
|
523
537
|
# @return [Time]
|
524
538
|
#
|
525
539
|
# @see http://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/BaseConfigurationItem AWS API Documentation
|
@@ -1380,6 +1394,20 @@ module Aws::ConfigService
|
|
1380
1394
|
#
|
1381
1395
|
# @!attribute [rw] configuration_item_delivery_time
|
1382
1396
|
# The time when configuration changes for the resource were delivered.
|
1397
|
+
#
|
1398
|
+
# <note markdown="1"> This field is optional and is not guaranteed to be present in a
|
1399
|
+
# configuration item (CI). If you are using daily recording, this
|
1400
|
+
# field will be populated. However, if you are using continuous
|
1401
|
+
# recording, this field will be omitted since the delivery time is
|
1402
|
+
# instantaneous as the CI is available right away. For more
|
1403
|
+
# information on daily recording and continuous recording, see
|
1404
|
+
# [Recording Frequency][1] in the *Config Developer Guide*.
|
1405
|
+
#
|
1406
|
+
# </note>
|
1407
|
+
#
|
1408
|
+
#
|
1409
|
+
#
|
1410
|
+
# [1]: https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html#select-resources-recording-frequency
|
1383
1411
|
# @return [Time]
|
1384
1412
|
#
|
1385
1413
|
# @see http://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/ConfigurationItem AWS API Documentation
|
@@ -2604,7 +2632,7 @@ module Aws::ConfigService
|
|
2604
2632
|
# The number of rule evaluation results that you want returned.
|
2605
2633
|
#
|
2606
2634
|
# This parameter is required if the rule limit for your account is
|
2607
|
-
# more than the default of
|
2635
|
+
# more than the default of 1000 rules.
|
2608
2636
|
#
|
2609
2637
|
# For information about requesting a rule limit increase, see [Config
|
2610
2638
|
# Limits][1] in the *Amazon Web Services General Reference Guide*.
|
@@ -3698,6 +3726,8 @@ module Aws::ConfigService
|
|
3698
3726
|
#
|
3699
3727
|
# * Asia Pacific (Melbourne)
|
3700
3728
|
#
|
3729
|
+
# * Canada West (Calgary)
|
3730
|
+
#
|
3701
3731
|
# * Europe (Spain)
|
3702
3732
|
#
|
3703
3733
|
# * Europe (Zurich)
|
@@ -5311,7 +5341,7 @@ module Aws::ConfigService
|
|
5311
5341
|
class MaxActiveResourcesExceededException < Aws::EmptyStructure; end
|
5312
5342
|
|
5313
5343
|
# Failed to add the Config rule because the account already contains the
|
5314
|
-
# maximum number of
|
5344
|
+
# maximum number of 1000 rules. Consider deleting any deactivated rules
|
5315
5345
|
# before you add new rules.
|
5316
5346
|
#
|
5317
5347
|
# @see http://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/MaxNumberOfConfigRulesExceededException AWS API Documentation
|
@@ -7096,6 +7126,8 @@ module Aws::ConfigService
|
|
7096
7126
|
#
|
7097
7127
|
# * Asia Pacific (Melbourne)
|
7098
7128
|
#
|
7129
|
+
# * Canada West (Calgary)
|
7130
|
+
#
|
7099
7131
|
# * Europe (Spain)
|
7100
7132
|
#
|
7101
7133
|
# * Europe (Zurich)
|
@@ -7108,9 +7140,9 @@ module Aws::ConfigService
|
|
7108
7140
|
#
|
7109
7141
|
# The `AWS::RDS::GlobalCluster` resource type will be recorded in all
|
7110
7142
|
# supported Config Regions where the configuration recorder is
|
7111
|
-
# enabled, even if `includeGlobalResourceTypes` is
|
7112
|
-
#
|
7113
|
-
#
|
7143
|
+
# enabled, even if `includeGlobalResourceTypes` is set`false`. The
|
7144
|
+
# `includeGlobalResourceTypes` option is a bundle which only applies
|
7145
|
+
# to IAM users, groups, roles, and customer managed policies.
|
7114
7146
|
#
|
7115
7147
|
# If you do not want to record `AWS::RDS::GlobalCluster` in all
|
7116
7148
|
# enabled Regions, use one of the following recording strategies:
|
@@ -7125,7 +7157,31 @@ module Aws::ConfigService
|
|
7125
7157
|
# For more information, see [Selecting Which Resources are
|
7126
7158
|
# Recorded][1] in the *Config developer guide*.
|
7127
7159
|
#
|
7128
|
-
#
|
7160
|
+
# **includeGlobalResourceTypes and the exclusion recording strategy**
|
7161
|
+
#
|
7162
|
+
# The `includeGlobalResourceTypes` field has no impact on the
|
7163
|
+
# `EXCLUSION_BY_RESOURCE_TYPES` recording strategy. This means that
|
7164
|
+
# the global IAM resource types (IAM users, groups, roles, and
|
7165
|
+
# customer managed policies) will not be automatically added as
|
7166
|
+
# exclusions for `exclusionByResourceTypes` when
|
7167
|
+
# `includeGlobalResourceTypes` is set to `false`.
|
7168
|
+
#
|
7169
|
+
# The `includeGlobalResourceTypes` field should only be used to
|
7170
|
+
# modify
|
7171
|
+
# the `AllSupported` field, as the default for the `AllSupported`
|
7172
|
+
# field is to record configuration changes for all supported resource
|
7173
|
+
# types excluding the global IAM resource types. To include the global
|
7174
|
+
# IAM resource types when `AllSupported` is set to `true`, make sure
|
7175
|
+
# to set `includeGlobalResourceTypes` to `true`.
|
7176
|
+
#
|
7177
|
+
# To exclude the global IAM resource types for the
|
7178
|
+
# `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, you need to
|
7179
|
+
# manually add them to the `resourceTypes` field of
|
7180
|
+
# `exclusionByResourceTypes`.
|
7181
|
+
#
|
7182
|
+
# <note markdown="1"> **Required and optional fields**
|
7183
|
+
#
|
7184
|
+
# Before you set this field to `true`, set the `allSupported` field of
|
7129
7185
|
# [RecordingGroup][2] to `true`. Optionally, you can set the `useOnly`
|
7130
7186
|
# field of [RecordingStrategy][3] to `ALL_SUPPORTED_RESOURCE_TYPES`.
|
7131
7187
|
#
|
@@ -7289,6 +7345,8 @@ module Aws::ConfigService
|
|
7289
7345
|
#
|
7290
7346
|
# * Asia Pacific (Melbourne)
|
7291
7347
|
#
|
7348
|
+
# * Canada West (Calgary)
|
7349
|
+
#
|
7292
7350
|
# * Europe (Spain)
|
7293
7351
|
#
|
7294
7352
|
# * Europe (Zurich)
|
@@ -7495,6 +7553,8 @@ module Aws::ConfigService
|
|
7495
7553
|
#
|
7496
7554
|
# * Asia Pacific (Melbourne)
|
7497
7555
|
#
|
7556
|
+
# * Canada West (Calgary)
|
7557
|
+
#
|
7498
7558
|
# * Europe (Spain)
|
7499
7559
|
#
|
7500
7560
|
# * Europe (Zurich)
|
@@ -7932,7 +7992,10 @@ module Aws::ConfigService
|
|
7932
7992
|
#
|
7933
7993
|
# @!attribute [rw] evaluation_mode
|
7934
7994
|
# Filters all resource evaluations results based on an evaluation
|
7935
|
-
# mode.
|
7995
|
+
# mode.
|
7996
|
+
#
|
7997
|
+
# Currently, `DECTECTIVE` is not supported as a valid value. Ignore
|
7998
|
+
# other documentation stating otherwise.
|
7936
7999
|
# @return [String]
|
7937
8000
|
#
|
7938
8001
|
# @!attribute [rw] time_window
|
@@ -8775,8 +8838,7 @@ module Aws::ConfigService
|
|
8775
8838
|
# The name or Amazon Resource Name (ARN) of the SSM document to use to
|
8776
8839
|
# create a conformance pack. If you use the document name, Config
|
8777
8840
|
# checks only your account and Amazon Web Services Region for the SSM
|
8778
|
-
# document.
|
8779
|
-
# account, you must provide the ARN.
|
8841
|
+
# document.
|
8780
8842
|
# @return [String]
|
8781
8843
|
#
|
8782
8844
|
# @!attribute [rw] document_version
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-configservice
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.106.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-04-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|