aws-sdk-configservice 1.105.0 → 1.106.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-configservice/client.rb +60 -9
- data/lib/aws-sdk-configservice/types.rb +71 -9
- data/lib/aws-sdk-configservice.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e8e080a108b8e4fc09782fcbd4f404c23b0795295e8d2567f717526312a45c67
|
4
|
+
data.tar.gz: 85327c6174063838d322876fede08799ff11beceed30133c87142c6dbcd753dc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bb87955f468b18f7280d01cb3ffe65c542ca7b1f3dc52cfa1653c0cf0c13e43db65d9144e82750bfe4faa6bfb0b092a2e9eb0bdc1564c1a5a877c8cd8aa18384
|
7
|
+
data.tar.gz: 33cfb51369f11b33a3323ad4ef61f7d1b6ed241c40eab8a9b5da1b9cbd965894b00c2bd1a71b2febc86b7cff6efea58ffb5179b7694ad5432ee632972867145d
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.106.0
|
@@ -1365,7 +1365,7 @@ module Aws::ConfigService
|
|
1365
1365
|
# The number of rule evaluation results that you want returned.
|
1366
1366
|
#
|
1367
1367
|
# This parameter is required if the rule limit for your account is more
|
1368
|
-
# than the default of
|
1368
|
+
# than the default of 1000 rules.
|
1369
1369
|
#
|
1370
1370
|
# For information about requesting a rule limit increase, see [Config
|
1371
1371
|
# Limits][1] in the *Amazon Web Services General Reference Guide*.
|
@@ -2045,7 +2045,7 @@ module Aws::ConfigService
|
|
2045
2045
|
# Config rule names. It is only applicable, when you request all the
|
2046
2046
|
# organization Config rules.
|
2047
2047
|
#
|
2048
|
-
# *For accounts within an
|
2048
|
+
# *For accounts within an organization*
|
2049
2049
|
#
|
2050
2050
|
# If you deploy an organizational rule or conformance pack in an
|
2051
2051
|
# organization administrator account, and then establish a delegated
|
@@ -2214,7 +2214,7 @@ module Aws::ConfigService
|
|
2214
2214
|
# conformance packs names. They are only applicable, when you request
|
2215
2215
|
# all the organization conformance packs.
|
2216
2216
|
#
|
2217
|
-
# *For accounts within an
|
2217
|
+
# *For accounts within an organization*
|
2218
2218
|
#
|
2219
2219
|
# If you deploy an organizational rule or conformance pack in an
|
2220
2220
|
# organization administrator account, and then establish a delegated
|
@@ -4991,7 +4991,9 @@ module Aws::ConfigService
|
|
4991
4991
|
# target (SSM document) must exist and have permissions to use the
|
4992
4992
|
# target.
|
4993
4993
|
#
|
4994
|
-
# <note markdown="1">
|
4994
|
+
# <note markdown="1"> **Be aware of backward incompatible changes**
|
4995
|
+
#
|
4996
|
+
# If you make backward incompatible changes to the SSM document, you
|
4995
4997
|
# must call this again to ensure the remediations can run.
|
4996
4998
|
#
|
4997
4999
|
# This API does not support adding remediation configurations for
|
@@ -5001,7 +5003,9 @@ module Aws::ConfigService
|
|
5001
5003
|
#
|
5002
5004
|
# </note>
|
5003
5005
|
#
|
5004
|
-
# <note markdown="1">
|
5006
|
+
# <note markdown="1"> **Required fields**
|
5007
|
+
#
|
5008
|
+
# For manual remediation configuration, you need to provide a value for
|
5005
5009
|
# `automationAssumeRole` or use a value in the `assumeRole`field to
|
5006
5010
|
# remediate your resources. The SSM automation document can use either
|
5007
5011
|
# as long as it maps to a valid parameter.
|
@@ -5013,6 +5017,28 @@ module Aws::ConfigService
|
|
5013
5017
|
#
|
5014
5018
|
# </note>
|
5015
5019
|
#
|
5020
|
+
# <note markdown="1"> **Auto remediation can be initiated even for compliant resources**
|
5021
|
+
#
|
5022
|
+
# If you enable auto remediation for a specific Config rule using the
|
5023
|
+
# [PutRemediationConfigurations][1] API or the Config console, it
|
5024
|
+
# initiates the remediation process for all non-compliant resources for
|
5025
|
+
# that specific rule. The auto remediation process relies on the
|
5026
|
+
# compliance data snapshot which is captured on a periodic basis. Any
|
5027
|
+
# non-compliant resource that is updated between the snapshot schedule
|
5028
|
+
# will continue to be remediated based on the last known compliance data
|
5029
|
+
# snapshot.
|
5030
|
+
#
|
5031
|
+
# This means that in some cases auto remediation can be initiated even
|
5032
|
+
# for compliant resources, since the bootstrap processor uses a database
|
5033
|
+
# that can have stale evaluation results based on the last known
|
5034
|
+
# compliance data snapshot.
|
5035
|
+
#
|
5036
|
+
# </note>
|
5037
|
+
#
|
5038
|
+
#
|
5039
|
+
#
|
5040
|
+
# [1]: https://docs.aws.amazon.com/config/latest/APIReference/emAPI_PutRemediationConfigurations.html
|
5041
|
+
#
|
5016
5042
|
# @option params [required, Array<Types::RemediationConfiguration>] :remediation_configurations
|
5017
5043
|
# A list of remediation configuration objects.
|
5018
5044
|
#
|
@@ -5091,13 +5117,17 @@ module Aws::ConfigService
|
|
5091
5117
|
# updates an existing exception for a specified resource with a
|
5092
5118
|
# specified Config rule.
|
5093
5119
|
#
|
5094
|
-
# <note markdown="1">
|
5120
|
+
# <note markdown="1"> **Exceptions block auto remediation**
|
5121
|
+
#
|
5122
|
+
# Config generates a remediation exception when a problem occurs running
|
5095
5123
|
# a remediation action for a specified resource. Remediation exceptions
|
5096
5124
|
# blocks auto-remediation until the exception is cleared.
|
5097
5125
|
#
|
5098
5126
|
# </note>
|
5099
5127
|
#
|
5100
|
-
# <note markdown="1">
|
5128
|
+
# <note markdown="1"> **Manual remediation is recommended when placing an exception**
|
5129
|
+
#
|
5130
|
+
# When placing an exception on an Amazon Web Services resource, it is
|
5101
5131
|
# recommended that remediation is set as manual remediation until the
|
5102
5132
|
# given Config rule for the specified resource evaluates the resource as
|
5103
5133
|
# `NON_COMPLIANT`. Once the resource has been evaluated as
|
@@ -5109,7 +5139,9 @@ module Aws::ConfigService
|
|
5109
5139
|
#
|
5110
5140
|
# </note>
|
5111
5141
|
#
|
5112
|
-
# <note markdown="1">
|
5142
|
+
# <note markdown="1"> **Exceptions can only be performed on non-compliant resources**
|
5143
|
+
#
|
5144
|
+
# Placing an exception can only be performed on resources that are
|
5113
5145
|
# `NON_COMPLIANT`. If you use this API for `COMPLIANT` resources or
|
5114
5146
|
# resources that are `NOT_APPLICABLE`, a remediation exception will not
|
5115
5147
|
# be generated. For more information on the conditions that initiate the
|
@@ -5118,9 +5150,28 @@ module Aws::ConfigService
|
|
5118
5150
|
#
|
5119
5151
|
# </note>
|
5120
5152
|
#
|
5153
|
+
# <note markdown="1"> **Auto remediation can be initiated even for compliant resources**
|
5154
|
+
#
|
5155
|
+
# If you enable auto remediation for a specific Config rule using the
|
5156
|
+
# [PutRemediationConfigurations][2] API or the Config console, it
|
5157
|
+
# initiates the remediation process for all non-compliant resources for
|
5158
|
+
# that specific rule. The auto remediation process relies on the
|
5159
|
+
# compliance data snapshot which is captured on a periodic basis. Any
|
5160
|
+
# non-compliant resource that is updated between the snapshot schedule
|
5161
|
+
# will continue to be remediated based on the last known compliance data
|
5162
|
+
# snapshot.
|
5163
|
+
#
|
5164
|
+
# This means that in some cases auto remediation can be initiated even
|
5165
|
+
# for compliant resources, since the bootstrap processor uses a database
|
5166
|
+
# that can have stale evaluation results based on the last known
|
5167
|
+
# compliance data snapshot.
|
5168
|
+
#
|
5169
|
+
# </note>
|
5170
|
+
#
|
5121
5171
|
#
|
5122
5172
|
#
|
5123
5173
|
# [1]: https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#aws-config-rules
|
5174
|
+
# [2]: https://docs.aws.amazon.com/config/latest/APIReference/emAPI_PutRemediationConfigurations.html
|
5124
5175
|
#
|
5125
5176
|
# @option params [required, String] :config_rule_name
|
5126
5177
|
# The name of the Config rule for which you want to create remediation
|
@@ -5822,7 +5873,7 @@ module Aws::ConfigService
|
|
5822
5873
|
params: params,
|
5823
5874
|
config: config)
|
5824
5875
|
context[:gem_name] = 'aws-sdk-configservice'
|
5825
|
-
context[:gem_version] = '1.
|
5876
|
+
context[:gem_version] = '1.106.0'
|
5826
5877
|
Seahorse::Client::Request.new(handlers, context)
|
5827
5878
|
end
|
5828
5879
|
|
@@ -520,6 +520,20 @@ module Aws::ConfigService
|
|
520
520
|
#
|
521
521
|
# @!attribute [rw] configuration_item_delivery_time
|
522
522
|
# The time when configuration changes for the resource were delivered.
|
523
|
+
#
|
524
|
+
# <note markdown="1"> This field is optional and is not guaranteed to be present in a
|
525
|
+
# configuration item (CI). If you are using daily recording, this
|
526
|
+
# field will be populated. However, if you are using continuous
|
527
|
+
# recording, this field will be omitted since the delivery time is
|
528
|
+
# instantaneous as the CI is available right away. For more
|
529
|
+
# information on daily recording and continuous recording, see
|
530
|
+
# [Recording Frequency][1] in the *Config Developer Guide*.
|
531
|
+
#
|
532
|
+
# </note>
|
533
|
+
#
|
534
|
+
#
|
535
|
+
#
|
536
|
+
# [1]: https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html#select-resources-recording-frequency
|
523
537
|
# @return [Time]
|
524
538
|
#
|
525
539
|
# @see http://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/BaseConfigurationItem AWS API Documentation
|
@@ -1380,6 +1394,20 @@ module Aws::ConfigService
|
|
1380
1394
|
#
|
1381
1395
|
# @!attribute [rw] configuration_item_delivery_time
|
1382
1396
|
# The time when configuration changes for the resource were delivered.
|
1397
|
+
#
|
1398
|
+
# <note markdown="1"> This field is optional and is not guaranteed to be present in a
|
1399
|
+
# configuration item (CI). If you are using daily recording, this
|
1400
|
+
# field will be populated. However, if you are using continuous
|
1401
|
+
# recording, this field will be omitted since the delivery time is
|
1402
|
+
# instantaneous as the CI is available right away. For more
|
1403
|
+
# information on daily recording and continuous recording, see
|
1404
|
+
# [Recording Frequency][1] in the *Config Developer Guide*.
|
1405
|
+
#
|
1406
|
+
# </note>
|
1407
|
+
#
|
1408
|
+
#
|
1409
|
+
#
|
1410
|
+
# [1]: https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html#select-resources-recording-frequency
|
1383
1411
|
# @return [Time]
|
1384
1412
|
#
|
1385
1413
|
# @see http://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/ConfigurationItem AWS API Documentation
|
@@ -2604,7 +2632,7 @@ module Aws::ConfigService
|
|
2604
2632
|
# The number of rule evaluation results that you want returned.
|
2605
2633
|
#
|
2606
2634
|
# This parameter is required if the rule limit for your account is
|
2607
|
-
# more than the default of
|
2635
|
+
# more than the default of 1000 rules.
|
2608
2636
|
#
|
2609
2637
|
# For information about requesting a rule limit increase, see [Config
|
2610
2638
|
# Limits][1] in the *Amazon Web Services General Reference Guide*.
|
@@ -3698,6 +3726,8 @@ module Aws::ConfigService
|
|
3698
3726
|
#
|
3699
3727
|
# * Asia Pacific (Melbourne)
|
3700
3728
|
#
|
3729
|
+
# * Canada West (Calgary)
|
3730
|
+
#
|
3701
3731
|
# * Europe (Spain)
|
3702
3732
|
#
|
3703
3733
|
# * Europe (Zurich)
|
@@ -5311,7 +5341,7 @@ module Aws::ConfigService
|
|
5311
5341
|
class MaxActiveResourcesExceededException < Aws::EmptyStructure; end
|
5312
5342
|
|
5313
5343
|
# Failed to add the Config rule because the account already contains the
|
5314
|
-
# maximum number of
|
5344
|
+
# maximum number of 1000 rules. Consider deleting any deactivated rules
|
5315
5345
|
# before you add new rules.
|
5316
5346
|
#
|
5317
5347
|
# @see http://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/MaxNumberOfConfigRulesExceededException AWS API Documentation
|
@@ -7096,6 +7126,8 @@ module Aws::ConfigService
|
|
7096
7126
|
#
|
7097
7127
|
# * Asia Pacific (Melbourne)
|
7098
7128
|
#
|
7129
|
+
# * Canada West (Calgary)
|
7130
|
+
#
|
7099
7131
|
# * Europe (Spain)
|
7100
7132
|
#
|
7101
7133
|
# * Europe (Zurich)
|
@@ -7108,9 +7140,9 @@ module Aws::ConfigService
|
|
7108
7140
|
#
|
7109
7141
|
# The `AWS::RDS::GlobalCluster` resource type will be recorded in all
|
7110
7142
|
# supported Config Regions where the configuration recorder is
|
7111
|
-
# enabled, even if `includeGlobalResourceTypes` is
|
7112
|
-
#
|
7113
|
-
#
|
7143
|
+
# enabled, even if `includeGlobalResourceTypes` is set`false`. The
|
7144
|
+
# `includeGlobalResourceTypes` option is a bundle which only applies
|
7145
|
+
# to IAM users, groups, roles, and customer managed policies.
|
7114
7146
|
#
|
7115
7147
|
# If you do not want to record `AWS::RDS::GlobalCluster` in all
|
7116
7148
|
# enabled Regions, use one of the following recording strategies:
|
@@ -7125,7 +7157,31 @@ module Aws::ConfigService
|
|
7125
7157
|
# For more information, see [Selecting Which Resources are
|
7126
7158
|
# Recorded][1] in the *Config developer guide*.
|
7127
7159
|
#
|
7128
|
-
#
|
7160
|
+
# **includeGlobalResourceTypes and the exclusion recording strategy**
|
7161
|
+
#
|
7162
|
+
# The `includeGlobalResourceTypes` field has no impact on the
|
7163
|
+
# `EXCLUSION_BY_RESOURCE_TYPES` recording strategy. This means that
|
7164
|
+
# the global IAM resource types (IAM users, groups, roles, and
|
7165
|
+
# customer managed policies) will not be automatically added as
|
7166
|
+
# exclusions for `exclusionByResourceTypes` when
|
7167
|
+
# `includeGlobalResourceTypes` is set to `false`.
|
7168
|
+
#
|
7169
|
+
# The `includeGlobalResourceTypes` field should only be used to
|
7170
|
+
# modify
|
7171
|
+
# the `AllSupported` field, as the default for the `AllSupported`
|
7172
|
+
# field is to record configuration changes for all supported resource
|
7173
|
+
# types excluding the global IAM resource types. To include the global
|
7174
|
+
# IAM resource types when `AllSupported` is set to `true`, make sure
|
7175
|
+
# to set `includeGlobalResourceTypes` to `true`.
|
7176
|
+
#
|
7177
|
+
# To exclude the global IAM resource types for the
|
7178
|
+
# `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, you need to
|
7179
|
+
# manually add them to the `resourceTypes` field of
|
7180
|
+
# `exclusionByResourceTypes`.
|
7181
|
+
#
|
7182
|
+
# <note markdown="1"> **Required and optional fields**
|
7183
|
+
#
|
7184
|
+
# Before you set this field to `true`, set the `allSupported` field of
|
7129
7185
|
# [RecordingGroup][2] to `true`. Optionally, you can set the `useOnly`
|
7130
7186
|
# field of [RecordingStrategy][3] to `ALL_SUPPORTED_RESOURCE_TYPES`.
|
7131
7187
|
#
|
@@ -7289,6 +7345,8 @@ module Aws::ConfigService
|
|
7289
7345
|
#
|
7290
7346
|
# * Asia Pacific (Melbourne)
|
7291
7347
|
#
|
7348
|
+
# * Canada West (Calgary)
|
7349
|
+
#
|
7292
7350
|
# * Europe (Spain)
|
7293
7351
|
#
|
7294
7352
|
# * Europe (Zurich)
|
@@ -7495,6 +7553,8 @@ module Aws::ConfigService
|
|
7495
7553
|
#
|
7496
7554
|
# * Asia Pacific (Melbourne)
|
7497
7555
|
#
|
7556
|
+
# * Canada West (Calgary)
|
7557
|
+
#
|
7498
7558
|
# * Europe (Spain)
|
7499
7559
|
#
|
7500
7560
|
# * Europe (Zurich)
|
@@ -7932,7 +7992,10 @@ module Aws::ConfigService
|
|
7932
7992
|
#
|
7933
7993
|
# @!attribute [rw] evaluation_mode
|
7934
7994
|
# Filters all resource evaluations results based on an evaluation
|
7935
|
-
# mode.
|
7995
|
+
# mode.
|
7996
|
+
#
|
7997
|
+
# Currently, `DECTECTIVE` is not supported as a valid value. Ignore
|
7998
|
+
# other documentation stating otherwise.
|
7936
7999
|
# @return [String]
|
7937
8000
|
#
|
7938
8001
|
# @!attribute [rw] time_window
|
@@ -8775,8 +8838,7 @@ module Aws::ConfigService
|
|
8775
8838
|
# The name or Amazon Resource Name (ARN) of the SSM document to use to
|
8776
8839
|
# create a conformance pack. If you use the document name, Config
|
8777
8840
|
# checks only your account and Amazon Web Services Region for the SSM
|
8778
|
-
# document.
|
8779
|
-
# account, you must provide the ARN.
|
8841
|
+
# document.
|
8780
8842
|
# @return [String]
|
8781
8843
|
#
|
8782
8844
|
# @!attribute [rw] document_version
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-configservice
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.106.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-04-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|