ConfigService

Table of Contents

Client

class ConfigService.Client

A low-level client representing AWS Config (Config Service):

import boto3

client = boto3.client('config')

These are the available methods:

can_paginate(operation_name)

Check if an operation can be paginated.

Parameters:operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").
Returns:True if the operation can be paginated, False otherwise.
delete_delivery_channel(**kwargs)

Deletes the specified delivery channel.

The delivery channel cannot be deleted if it is the only delivery channel and the configuration recorder is still running. To delete the delivery channel, stop the running configuration recorder using the StopConfigurationRecorder action.

Request Syntax

response = client.delete_delivery_channel(
    DeliveryChannelName='string'
)
Parameters:DeliveryChannelName (string) --

[REQUIRED]

The name of the delivery channel to delete.

Returns:None
deliver_config_snapshot(**kwargs)

Schedules delivery of a configuration snapshot to the Amazon S3 bucket in the specified delivery channel. After the delivery has started, AWS Config sends following notifications using an Amazon SNS topic that you have specified.

  • Notification of starting the delivery.
  • Notification of delivery completed, if the delivery was successfully completed.
  • Notification of delivery failure, if the delivery failed to complete.

Request Syntax

response = client.deliver_config_snapshot(
    deliveryChannelName='string'
)
Parameters:deliveryChannelName (string) --

[REQUIRED]

The name of the delivery channel through which the snapshot is delivered.

Return type:dict
Returns:Response Syntax
{
    'configSnapshotId': 'string'
}

Response Structure

  • (dict) --

    The output for the DeliverConfigSnapshot action in JSON format.

    • configSnapshotId (string) --

      The ID of the snapshot that is being created.

describe_configuration_recorder_status(**kwargs)

Returns the current status of the specified configuration recorder. If a configuration recorder is not specified, this action returns the status of all configuration recorder associated with the account.

Note

Currently, you can specify only one configuration recorder per account.

Request Syntax

response = client.describe_configuration_recorder_status(
    ConfigurationRecorderNames=[
        'string',
    ]
)
Parameters:ConfigurationRecorderNames (list) --

The name(s) of the configuration recorder. If the name is not specified, the action returns the current status of all the configuration recorders associated with the account.

  • (string) --
Return type:dict
Returns:Response Syntax
{
    'ConfigurationRecordersStatus': [
        {
            'name': 'string',
            'lastStartTime': datetime(2015, 1, 1),
            'lastStopTime': datetime(2015, 1, 1),
            'recording': True|False,
            'lastStatus': 'Pending'|'Success'|'Failure',
            'lastErrorCode': 'string',
            'lastErrorMessage': 'string',
            'lastStatusChangeTime': datetime(2015, 1, 1)
        },
    ]
}

Response Structure

  • (dict) --

    The output for the DescribeConfigurationRecorderStatus action in JSON format.

    • ConfigurationRecordersStatus (list) --

      A list that contains status of the specified recorders.

      • (dict) --

        The current status of the configuration recorder.

        • name (string) --

          The name of the configuration recorder.

        • lastStartTime (datetime) --

          The time the recorder was last started.

        • lastStopTime (datetime) --

          The time the recorder was last stopped.

        • recording (boolean) --

          Specifies whether the recorder is currently recording or not.

        • lastStatus (string) --

          The last (previous) status of the recorder.

        • lastErrorCode (string) --

          The error code indicating that the recording failed.

        • lastErrorMessage (string) --

          The message indicating that the recording failed due to an error.

        • lastStatusChangeTime (datetime) --

          The time when the status was last changed.

describe_configuration_recorders(**kwargs)

Returns the name of one or more specified configuration recorders. If the recorder name is not specified, this action returns the names of all the configuration recorders associated with the account.

Note

Currently, you can specify only one configuration recorder per account.

Request Syntax

response = client.describe_configuration_recorders(
    ConfigurationRecorderNames=[
        'string',
    ]
)
Parameters:ConfigurationRecorderNames (list) --

A list of configuration recorder names.

  • (string) --
Return type:dict
Returns:Response Syntax
{
    'ConfigurationRecorders': [
        {
            'name': 'string',
            'roleARN': 'string',
            'recordingGroup': {
                'allSupported': True|False,
                'resourceTypes': [
                    'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway',
                ]
            }
        },
    ]
}

Response Structure

  • (dict) --

    The output for the DescribeConfigurationRecorders action.

    • ConfigurationRecorders (list) --

      A list that contains the descriptions of the specified configuration recorders.

      • (dict) --

        An object that represents the recording of configuration changes of an AWS resource.

        • name (string) --

          The name of the recorder. By default, AWS Config automatically assigns the name "default" when creating the configuration recorder. You cannot change the assigned name.

        • roleARN (string) --

          Amazon Resource Name (ARN) of the IAM role used to describe the AWS resources associated with the account.

        • recordingGroup (dict) --

          The recording group specifies either to record configurations for all supported resources or to provide a list of resource types to record. The list of resource types must be a subset of supported resource types.

          • allSupported (boolean) --

            Records all supported resource types in the recording group. For a list of supported resource types, see Supported resource types . If you specify allSupported , you cannot enumerate a list of resourceTypes .

          • resourceTypes (list) --

            A comma-separated list of strings representing valid AWS resource types (e.g., AWS::EC2::Instance or AWS::CloudTrail::Trail ). resourceTypes is only valid if you have chosen not to select allSupported . For a list of valid resourceTypes values, see the resourceType Value column in the following topic: Supported AWS Resource Types .

            • (string) --
describe_delivery_channel_status(**kwargs)

Returns the current status of the specified delivery channel. If a delivery channel is not specified, this action returns the current status of all delivery channels associated with the account.

Note

Currently, you can specify only one delivery channel per account.

Request Syntax

response = client.describe_delivery_channel_status(
    DeliveryChannelNames=[
        'string',
    ]
)
Parameters:DeliveryChannelNames (list) --

A list of delivery channel names.

  • (string) --
Return type:dict
Returns:Response Syntax
{
    'DeliveryChannelsStatus': [
        {
            'name': 'string',
            'configSnapshotDeliveryInfo': {
                'lastStatus': 'Success'|'Failure'|'Not_Applicable',
                'lastErrorCode': 'string',
                'lastErrorMessage': 'string',
                'lastAttemptTime': datetime(2015, 1, 1),
                'lastSuccessfulTime': datetime(2015, 1, 1)
            },
            'configHistoryDeliveryInfo': {
                'lastStatus': 'Success'|'Failure'|'Not_Applicable',
                'lastErrorCode': 'string',
                'lastErrorMessage': 'string',
                'lastAttemptTime': datetime(2015, 1, 1),
                'lastSuccessfulTime': datetime(2015, 1, 1)
            },
            'configStreamDeliveryInfo': {
                'lastStatus': 'Success'|'Failure'|'Not_Applicable',
                'lastErrorCode': 'string',
                'lastErrorMessage': 'string',
                'lastStatusChangeTime': datetime(2015, 1, 1)
            }
        },
    ]
}

Response Structure

  • (dict) --

    The output for the DescribeDeliveryChannelStatus action.

    • DeliveryChannelsStatus (list) --

      A list that contains the status of a specified delivery channel.

      • (dict) --

        The status of a specified delivery channel.

        Valid values: Success | Failure

        • name (string) --

          The name of the delivery channel.

        • configSnapshotDeliveryInfo (dict) --

          A list containing the status of the delivery of the snapshot to the specified Amazon S3 bucket.

          • lastStatus (string) --

            Status of the last attempted delivery.

          • lastErrorCode (string) --

            The error code from the last attempted delivery.

          • lastErrorMessage (string) --

            The error message from the last attempted delivery.

          • lastAttemptTime (datetime) --

            The time of the last attempted delivery.

          • lastSuccessfulTime (datetime) --

            The time of the last successful delivery.

        • configHistoryDeliveryInfo (dict) --

          A list that contains the status of the delivery of the configuration history to the specified Amazon S3 bucket.

          • lastStatus (string) --

            Status of the last attempted delivery.

          • lastErrorCode (string) --

            The error code from the last attempted delivery.

          • lastErrorMessage (string) --

            The error message from the last attempted delivery.

          • lastAttemptTime (datetime) --

            The time of the last attempted delivery.

          • lastSuccessfulTime (datetime) --

            The time of the last successful delivery.

        • configStreamDeliveryInfo (dict) --

          A list containing the status of the delivery of the configuration stream notification to the specified Amazon SNS topic.

          • lastStatus (string) --

            Status of the last attempted delivery.

            Note Providing an SNS topic on a DeliveryChannel for AWS Config is optional. If the SNS delivery is turned off, the last status will be Not_Applicable .

          • lastErrorCode (string) --

            The error code from the last attempted delivery.

          • lastErrorMessage (string) --

            The error message from the last attempted delivery.

          • lastStatusChangeTime (datetime) --

            The time from the last status change.

describe_delivery_channels(**kwargs)

Returns details about the specified delivery channel. If a delivery channel is not specified, this action returns the details of all delivery channels associated with the account.

Note

Currently, you can specify only one delivery channel per account.

Request Syntax

response = client.describe_delivery_channels(
    DeliveryChannelNames=[
        'string',
    ]
)
Parameters:DeliveryChannelNames (list) --

A list of delivery channel names.

  • (string) --
Return type:dict
Returns:Response Syntax
{
    'DeliveryChannels': [
        {
            'name': 'string',
            's3BucketName': 'string',
            's3KeyPrefix': 'string',
            'snsTopicARN': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    The output for the DescribeDeliveryChannels action.

    • DeliveryChannels (list) --

      A list that contains the descriptions of the specified delivery channel.

      • (dict) --

        A logical container used for storing the configuration changes of an AWS resource.

        • name (string) --

          The name of the delivery channel. By default, AWS Config automatically assigns the name "default" when creating the delivery channel. You cannot change the assigned name.

        • s3BucketName (string) --

          The name of the Amazon S3 bucket used to store configuration history for the delivery channel.

        • s3KeyPrefix (string) --

          The prefix for the specified Amazon S3 bucket.

        • snsTopicARN (string) --

          The Amazon Resource Name (ARN) of the IAM role used for accessing the Amazon S3 bucket and the Amazon SNS topic.

generate_presigned_url(ClientMethod, Params=None, ExpiresIn=3600, HttpMethod=None)

Generate a presigned url given a client, its method, and arguments

Parameters:
  • ClientMethod (string) -- The client method to presign for
  • Params (dict) -- The parameters normally passed to ClientMethod.
  • ExpiresIn (int) -- The number of seconds the presigned url is valid for. By default it expires in an hour (3600 seconds)
  • HttpMethod (string) -- The http method to use on the generated url. By default, the http method is whatever is used in the method's model.
Returns:

The presigned url

get_paginator(operation_name)

Create a paginator for an operation.

Parameters:operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").
Raises OperationNotPageableError:
 Raised if the operation is not pageable. You can use the client.can_paginate method to check if an operation is pageable.
Return type:L{botocore.paginate.Paginator}
Returns:A paginator object.
get_resource_config_history(**kwargs)

Returns a list of configuration items for the specified resource. The list contains details about each state of the resource during the specified time interval. You can specify a limit on the number of results returned on the page. If a limit is specified, a nextToken is returned as part of the result that you can use to continue this request.

Note

Each call to the API is limited to span a duration of seven days. It is likely that the number of records returned is smaller than the specified limit . In such cases, you can make another call, using the nextToken .

Request Syntax

response = client.get_resource_config_history(
    resourceType='AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway',
    resourceId='string',
    laterTime=datetime(2015, 1, 1),
    earlierTime=datetime(2015, 1, 1),
    chronologicalOrder='Reverse'|'Forward',
    limit=123,
    nextToken='string'
)
Parameters:
  • resourceType (string) --

    [REQUIRED]

    The resource type.

  • resourceId (string) --

    [REQUIRED]

    The ID of the resource (for example., sg-xxxxxx ).

  • laterTime (datetime) -- The time stamp that indicates a later time. If not specified, current time is taken.
  • earlierTime (datetime) -- The time stamp that indicates an earlier time. If not specified, the action returns paginated results that contain configuration items that start from when the first configuration item was recorded.
  • chronologicalOrder (string) -- The chronological order for configuration items listed. By default the results are listed in reverse chronological order.
  • limit (integer) -- The maximum number of configuration items returned in each page. The default is 10. You cannot specify a limit greater than 100.
  • nextToken (string) -- An optional parameter used for pagination of the results.
Return type:

dict

Returns:

Response Syntax

{
    'configurationItems': [
        {
            'version': 'string',
            'accountId': 'string',
            'configurationItemCaptureTime': datetime(2015, 1, 1),
            'configurationItemStatus': 'Ok'|'Failed'|'Discovered'|'Deleted',
            'configurationStateId': 'string',
            'configurationItemMD5Hash': 'string',
            'arn': 'string',
            'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway',
            'resourceId': 'string',
            'availabilityZone': 'string',
            'resourceCreationTime': datetime(2015, 1, 1),
            'tags': {
                'string': 'string'
            },
            'relatedEvents': [
                'string',
            ],
            'relationships': [
                {
                    'resourceType': 'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway',
                    'resourceId': 'string',
                    'relationshipName': 'string'
                },
            ],
            'configuration': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    The output for the GetResourceConfigHistory action.

    • configurationItems (list) --

      A list that contains the configuration history of one or more resources.

      • (dict) --

        A list that contains detailed configurations of a specified resource.

        Note

        Currently, the list does not contain information about non-AWS components (for example, applications on your Amazon EC2 instances).

        • version (string) --

          The version number of the resource configuration.

        • accountId (string) --

          The 12 digit AWS account ID associated with the resource.

        • configurationItemCaptureTime (datetime) --

          The time when the configuration recording was initiated.

        • configurationItemStatus (string) --

          The configuration item status.

        • configurationStateId (string) --

          An identifier that indicates the ordering of the configuration items of a resource.

        • configurationItemMD5Hash (string) --

          Unique MD5 hash that represents the configuration item's state.

          You can use MD5 hash to compare the states of two or more configuration items that are associated with the same resource.

        • arn (string) --

          The Amazon Resource Name (ARN) of the resource.

        • resourceType (string) --

          The type of AWS resource.

        • resourceId (string) --

          The ID of the resource (for example., sg-xxxxxx ).

        • availabilityZone (string) --

          The Availability Zone associated with the resource.

        • resourceCreationTime (datetime) --

          The time stamp when the resource was created.

        • tags (dict) --

          A mapping of key value tags associated with the resource.

          • (string) --
            • (string) --
        • relatedEvents (list) --

          A list of CloudTrail event IDs.

          A populated field indicates that the current configuration was initiated by the events recorded in the CloudTrail log. For more information about CloudTrail, see What is AWS CloudTrail? .

          An empty field indicates that the current configuration was not initiated by any event.

          • (string) --
        • relationships (list) --

          A list of related AWS resources.

          • (dict) --

            The relationship of the related resource to the main resource.

            • resourceType (string) --

              The resource type of the related resource.

            • resourceId (string) --

              The resource ID of the related resource (for example, sg-xxxxxx ).

            • relationshipName (string) --

              The name of the related resource.

        • configuration (string) --

          The description of the resource configuration.

    • nextToken (string) --

      A token used for pagination of results.

get_waiter(waiter_name)
put_configuration_recorder(**kwargs)

Creates a new configuration recorder to record the selected resource configurations.

You can use this action to change the role roleARN and/or the recordingGroup of an existing recorder. To change the role, call the action on the existing configuration recorder and specify a role.

Note

Currently, you can specify only one configuration recorder per account.

If ConfigurationRecorder does not have the recordingGroup parameter specified, the default is to record all supported resource types.

Request Syntax

response = client.put_configuration_recorder(
    ConfigurationRecorder={
        'name': 'string',
        'roleARN': 'string',
        'recordingGroup': {
            'allSupported': True|False,
            'resourceTypes': [
                'AWS::EC2::CustomerGateway'|'AWS::EC2::EIP'|'AWS::EC2::Instance'|'AWS::EC2::InternetGateway'|'AWS::EC2::NetworkAcl'|'AWS::EC2::NetworkInterface'|'AWS::EC2::RouteTable'|'AWS::EC2::SecurityGroup'|'AWS::EC2::Subnet'|'AWS::CloudTrail::Trail'|'AWS::EC2::Volume'|'AWS::EC2::VPC'|'AWS::EC2::VPNConnection'|'AWS::EC2::VPNGateway',
            ]
        }
    }
)
Parameters:ConfigurationRecorder (dict) --

[REQUIRED]

The configuration recorder object that records each configuration change made to the resources.

  • name (string) --

    The name of the recorder. By default, AWS Config automatically assigns the name "default" when creating the configuration recorder. You cannot change the assigned name.

  • roleARN (string) --

    Amazon Resource Name (ARN) of the IAM role used to describe the AWS resources associated with the account.

  • recordingGroup (dict) --

    The recording group specifies either to record configurations for all supported resources or to provide a list of resource types to record. The list of resource types must be a subset of supported resource types.

    • allSupported (boolean) --

      Records all supported resource types in the recording group. For a list of supported resource types, see Supported resource types . If you specify allSupported , you cannot enumerate a list of resourceTypes .

    • resourceTypes (list) --

      A comma-separated list of strings representing valid AWS resource types (e.g., AWS::EC2::Instance or AWS::CloudTrail::Trail ). resourceTypes is only valid if you have chosen not to select allSupported . For a list of valid resourceTypes values, see the resourceType Value column in the following topic: Supported AWS Resource Types .

      • (string) --
Returns:None
put_delivery_channel(**kwargs)

Creates a new delivery channel object to deliver the configuration information to an Amazon S3 bucket, and to an Amazon SNS topic.

You can use this action to change the Amazon S3 bucket or an Amazon SNS topic of the existing delivery channel. To change the Amazon S3 bucket or an Amazon SNS topic, call this action and specify the changed values for the S3 bucket and the SNS topic. If you specify a different value for either the S3 bucket or the SNS topic, this action will keep the existing value for the parameter that is not changed.

Note

Currently, you can specify only one delivery channel per account.

Request Syntax

response = client.put_delivery_channel(
    DeliveryChannel={
        'name': 'string',
        's3BucketName': 'string',
        's3KeyPrefix': 'string',
        'snsTopicARN': 'string'
    }
)
Parameters:DeliveryChannel (dict) --

[REQUIRED]

The configuration delivery channel object that delivers the configuration information to an Amazon S3 bucket, and to an Amazon SNS topic.

  • name (string) --

    The name of the delivery channel. By default, AWS Config automatically assigns the name "default" when creating the delivery channel. You cannot change the assigned name.

  • s3BucketName (string) --

    The name of the Amazon S3 bucket used to store configuration history for the delivery channel.

  • s3KeyPrefix (string) --

    The prefix for the specified Amazon S3 bucket.

  • snsTopicARN (string) --

    The Amazon Resource Name (ARN) of the IAM role used for accessing the Amazon S3 bucket and the Amazon SNS topic.

Returns:None
start_configuration_recorder(**kwargs)

Starts recording configurations of the AWS resources you have selected to record in your AWS account.

You must have created at least one delivery channel to successfully start the configuration recorder.

Request Syntax

response = client.start_configuration_recorder(
    ConfigurationRecorderName='string'
)
Parameters:ConfigurationRecorderName (string) --

[REQUIRED]

The name of the recorder object that records each configuration change made to the resources.

Returns:None
stop_configuration_recorder(**kwargs)

Stops recording configurations of the AWS resources you have selected to record in your AWS account.

Request Syntax

response = client.stop_configuration_recorder(
    ConfigurationRecorderName='string'
)
Parameters:ConfigurationRecorderName (string) --

[REQUIRED]

The name of the recorder object that records each configuration change made to the resources.

Returns:None