-
Notifications
You must be signed in to change notification settings - Fork 597
/
types.go
2887 lines (2246 loc) · 110 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// Code generated by smithy-go-codegen DO NOT EDIT.
package types
import (
smithydocument "github.com/aws/smithy-go/document"
"time"
)
// A collection of accounts and regions.
type AccountAggregationSource struct {
// The 12-digit account ID of the account being aggregated.
//
// This member is required.
AccountIds []string
// If true, aggregate existing Config regions and future regions.
AllAwsRegions bool
// The source regions being aggregated.
AwsRegions []string
noSmithyDocumentSerde
}
// Indicates whether an Config rule is compliant based on account ID, region,
// compliance, and rule name. A rule is compliant if all of the resources that the
// rule evaluated comply with it. It is noncompliant if any of these resources do
// not comply.
type AggregateComplianceByConfigRule struct {
// The 12-digit account ID of the source account.
AccountId *string
// The source region from where the data is aggregated.
AwsRegion *string
// Indicates whether an Amazon Web Services resource or Config rule is compliant
// and provides the number of contributors that affect the compliance.
Compliance *Compliance
// The name of the Config rule.
ConfigRuleName *string
noSmithyDocumentSerde
}
// Provides aggregate compliance of the conformance pack. Indicates whether a
// conformance pack is compliant based on the name of the conformance pack, account
// ID, and region. A conformance pack is compliant if all of the rules in a
// conformance packs are compliant. It is noncompliant if any of the rules are not
// compliant. The compliance status of a conformance pack is INSUFFICIENT_DATA only
// if all rules within a conformance pack cannot be evaluated due to insufficient
// data. If some of the rules in a conformance pack are compliant but the
// compliance status of other rules in that same conformance pack is
// INSUFFICIENT_DATA, the conformance pack shows compliant.
type AggregateComplianceByConformancePack struct {
// The 12-digit Amazon Web Services account ID of the source account.
AccountId *string
// The source Amazon Web Services Region from where the data is aggregated.
AwsRegion *string
// The compliance status of the conformance pack.
Compliance *AggregateConformancePackCompliance
// The name of the conformance pack.
ConformancePackName *string
noSmithyDocumentSerde
}
// Returns the number of compliant and noncompliant rules for one or more accounts
// and regions in an aggregator.
type AggregateComplianceCount struct {
// The number of compliant and noncompliant Config rules.
ComplianceSummary *ComplianceSummary
// The 12-digit account ID or region based on the GroupByKey value.
GroupName *string
noSmithyDocumentSerde
}
// Provides the number of compliant and noncompliant rules within a conformance
// pack. Also provides the compliance status of the conformance pack and the total
// rule count which includes compliant rules, noncompliant rules, and rules that
// cannot be evaluated due to insufficient data. A conformance pack is compliant if
// all of the rules in a conformance packs are compliant. It is noncompliant if any
// of the rules are not compliant. The compliance status of a conformance pack is
// INSUFFICIENT_DATA only if all rules within a conformance pack cannot be
// evaluated due to insufficient data. If some of the rules in a conformance pack
// are compliant but the compliance status of other rules in that same conformance
// pack is INSUFFICIENT_DATA, the conformance pack shows compliant.
type AggregateConformancePackCompliance struct {
// The compliance status of the conformance pack.
ComplianceType ConformancePackComplianceType
// The number of compliant Config Rules.
CompliantRuleCount int32
// The number of noncompliant Config Rules.
NonCompliantRuleCount int32
// Total number of compliant rules, noncompliant rules, and the rules that do not
// have any applicable resources to evaluate upon resulting in insufficient data.
TotalRuleCount int32
noSmithyDocumentSerde
}
// The number of conformance packs that are compliant and noncompliant.
type AggregateConformancePackComplianceCount struct {
// Number of compliant conformance packs.
CompliantConformancePackCount int32
// Number of noncompliant conformance packs.
NonCompliantConformancePackCount int32
noSmithyDocumentSerde
}
// Filters the conformance packs based on an account ID, region, compliance type,
// and the name of the conformance pack.
type AggregateConformancePackComplianceFilters struct {
// The 12-digit Amazon Web Services account ID of the source account.
AccountId *string
// The source Amazon Web Services Region from where the data is aggregated.
AwsRegion *string
// The compliance status of the conformance pack.
ComplianceType ConformancePackComplianceType
// The name of the conformance pack.
ConformancePackName *string
noSmithyDocumentSerde
}
// Provides a summary of compliance based on either account ID or region.
type AggregateConformancePackComplianceSummary struct {
// Returns an AggregateConformancePackComplianceCount object.
ComplianceSummary *AggregateConformancePackComplianceCount
// Groups the result based on Amazon Web Services account ID or Amazon Web
// Services Region.
GroupName *string
noSmithyDocumentSerde
}
// Filters the results based on account ID and region.
type AggregateConformancePackComplianceSummaryFilters struct {
// The 12-digit Amazon Web Services account ID of the source account.
AccountId *string
// The source Amazon Web Services Region from where the data is aggregated.
AwsRegion *string
noSmithyDocumentSerde
}
// The current sync status between the source and the aggregator account.
type AggregatedSourceStatus struct {
// The region authorized to collect aggregated data.
AwsRegion *string
// The error code that Config returned when the source account aggregation last
// failed.
LastErrorCode *string
// The message indicating that the source account aggregation failed due to an
// error.
LastErrorMessage *string
// Filters the last updated status type.
// - Valid value FAILED indicates errors while moving data.
// - Valid value SUCCEEDED indicates the data was successfully moved.
// - Valid value OUTDATED indicates the data is not the most recent.
LastUpdateStatus AggregatedSourceStatusType
// The time of the last update.
LastUpdateTime *time.Time
// The source account ID or an organization.
SourceId *string
// The source account or an organization.
SourceType AggregatedSourceType
noSmithyDocumentSerde
}
// The details of an Config evaluation for an account ID and region in an
// aggregator. Provides the Amazon Web Services resource that was evaluated, the
// compliance of the resource, related time stamps, and supplementary information.
type AggregateEvaluationResult struct {
// The 12-digit account ID of the source account.
AccountId *string
// Supplementary information about how the agrregate evaluation determined the
// compliance.
Annotation *string
// The source region from where the data is aggregated.
AwsRegion *string
// The resource compliance status. For the AggregationEvaluationResult data type,
// Config supports only the COMPLIANT and NON_COMPLIANT . Config does not support
// the NOT_APPLICABLE and INSUFFICIENT_DATA value.
ComplianceType ComplianceType
// The time when the Config rule evaluated the Amazon Web Services resource.
ConfigRuleInvokedTime *time.Time
// Uniquely identifies the evaluation result.
EvaluationResultIdentifier *EvaluationResultIdentifier
// The time when Config recorded the aggregate evaluation result.
ResultRecordedTime *time.Time
noSmithyDocumentSerde
}
// The details that identify a resource that is collected by Config aggregator,
// including the resource type, ID, (if available) the custom resource name, the
// source account, and source region.
type AggregateResourceIdentifier struct {
// The ID of the Amazon Web Services resource.
//
// This member is required.
ResourceId *string
// The type of the Amazon Web Services resource.
//
// This member is required.
ResourceType ResourceType
// The 12-digit account ID of the source account.
//
// This member is required.
SourceAccountId *string
// The source region where data is aggregated.
//
// This member is required.
SourceRegion *string
// The name of the Amazon Web Services resource.
ResourceName *string
noSmithyDocumentSerde
}
// An object that represents the authorizations granted to aggregator accounts and
// regions.
type AggregationAuthorization struct {
// The Amazon Resource Name (ARN) of the aggregation object.
AggregationAuthorizationArn *string
// The 12-digit account ID of the account authorized to aggregate data.
AuthorizedAccountId *string
// The region authorized to collect aggregated data.
AuthorizedAwsRegion *string
// The time stamp when the aggregation authorization was created.
CreationTime *time.Time
noSmithyDocumentSerde
}
// The detailed configuration of a specified resource.
type BaseConfigurationItem struct {
// The 12-digit Amazon Web Services account ID associated with the resource.
AccountId *string
// The Amazon Resource Name (ARN) of the resource.
Arn *string
// The Availability Zone associated with the resource.
AvailabilityZone *string
// The region where the resource resides.
AwsRegion *string
// The description of the resource configuration.
Configuration *string
// The time when the configuration recording was initiated.
ConfigurationItemCaptureTime *time.Time
// The configuration item status. The valid values are:
// - OK – The resource configuration has been updated
// - ResourceDiscovered – The resource was newly discovered
// - ResourceNotRecorded – The resource was discovered but its configuration was
// not recorded since the recorder excludes the recording of resources of this type
//
// - ResourceDeleted – The resource was deleted
// - ResourceDeletedNotRecorded – The resource was deleted but its configuration
// was not recorded since the recorder excludes the recording of resources of this
// type
// The CIs do not incur any cost.
ConfigurationItemStatus ConfigurationItemStatus
// An identifier that indicates the ordering of the configuration items of a
// resource.
ConfigurationStateId *string
// The time stamp when the resource was created.
ResourceCreationTime *time.Time
// The ID of the resource (for example., sg-xxxxxx).
ResourceId *string
// The custom name of the resource, if available.
ResourceName *string
// The type of Amazon Web Services resource.
ResourceType ResourceType
// Configuration attributes that Config returns for certain resource types to
// supplement the information returned for the configuration parameter.
SupplementaryConfiguration map[string]string
// The version number of the resource configuration.
Version *string
noSmithyDocumentSerde
}
// Indicates whether an Amazon Web Services resource or Config rule is compliant
// and provides the number of contributors that affect the compliance.
type Compliance struct {
// The number of Amazon Web Services resources or Config rules that cause a result
// of NON_COMPLIANT , up to a maximum number.
ComplianceContributorCount *ComplianceContributorCount
// Indicates whether an Amazon Web Services resource or Config rule is compliant.
// A resource is compliant if it complies with all of the Config rules that
// evaluate it. A resource is noncompliant if it does not comply with one or more
// of these rules. A rule is compliant if all of the resources that the rule
// evaluates comply with it. A rule is noncompliant if any of these resources do
// not comply. Config returns the INSUFFICIENT_DATA value when no evaluation
// results are available for the Amazon Web Services resource or Config rule. For
// the Compliance data type, Config supports only COMPLIANT , NON_COMPLIANT , and
// INSUFFICIENT_DATA values. Config does not support the NOT_APPLICABLE value for
// the Compliance data type.
ComplianceType ComplianceType
noSmithyDocumentSerde
}
// Indicates whether an Config rule is compliant. A rule is compliant if all of
// the resources that the rule evaluated comply with it. A rule is noncompliant if
// any of these resources do not comply.
type ComplianceByConfigRule struct {
// Indicates whether the Config rule is compliant.
Compliance *Compliance
// The name of the Config rule.
ConfigRuleName *string
noSmithyDocumentSerde
}
// Indicates whether an Amazon Web Services resource that is evaluated according
// to one or more Config rules is compliant. A resource is compliant if it complies
// with all of the rules that evaluate it. A resource is noncompliant if it does
// not comply with one or more of these rules.
type ComplianceByResource struct {
// Indicates whether the Amazon Web Services resource complies with all of the
// Config rules that evaluated it.
Compliance *Compliance
// The ID of the Amazon Web Services resource that was evaluated.
ResourceId *string
// The type of the Amazon Web Services resource that was evaluated.
ResourceType *string
noSmithyDocumentSerde
}
// The number of Amazon Web Services resources or Config rules responsible for the
// current compliance of the item, up to a maximum number.
type ComplianceContributorCount struct {
// Indicates whether the maximum count is reached.
CapExceeded bool
// The number of Amazon Web Services resources or Config rules responsible for the
// current compliance of the item.
CappedCount int32
noSmithyDocumentSerde
}
// The number of Config rules or Amazon Web Services resources that are compliant
// and noncompliant.
type ComplianceSummary struct {
// The time that Config created the compliance summary.
ComplianceSummaryTimestamp *time.Time
// The number of Config rules or Amazon Web Services resources that are compliant,
// up to a maximum of 25 for rules and 100 for resources.
CompliantResourceCount *ComplianceContributorCount
// The number of Config rules or Amazon Web Services resources that are
// noncompliant, up to a maximum of 25 for rules and 100 for resources.
NonCompliantResourceCount *ComplianceContributorCount
noSmithyDocumentSerde
}
// The number of Amazon Web Services resources of a specific type that are
// compliant or noncompliant, up to a maximum of 100 for each.
type ComplianceSummaryByResourceType struct {
// The number of Amazon Web Services resources that are compliant or noncompliant,
// up to a maximum of 100 for each.
ComplianceSummary *ComplianceSummary
// The type of Amazon Web Services resource.
ResourceType *string
noSmithyDocumentSerde
}
// Provides status of the delivery of the snapshot or the configuration history to
// the specified Amazon S3 bucket. Also provides the status of notifications about
// the Amazon S3 delivery to the specified Amazon SNS topic.
type ConfigExportDeliveryInfo struct {
// The time of the last attempted delivery.
LastAttemptTime *time.Time
// The error code from the last attempted delivery.
LastErrorCode *string
// The error message from the last attempted delivery.
LastErrorMessage *string
// Status of the last attempted delivery.
LastStatus DeliveryStatus
// The time of the last successful delivery.
LastSuccessfulTime *time.Time
// The time that the next delivery occurs.
NextDeliveryTime *time.Time
noSmithyDocumentSerde
}
// Config rules evaluate the configuration settings of your Amazon Web Services
// resources. A rule can run when Config detects a configuration change to an
// Amazon Web Services resource or at a periodic frequency that you choose (for
// example, every 24 hours). There are two types of rules: Config Managed Rules and
// Config Custom Rules. Config Managed Rules are predefined, customizable rules
// created by Config. For a list of managed rules, see List of Config Managed Rules (https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html)
// . Config Custom Rules are rules that you create from scratch. There are two ways
// to create Config custom rules: with Lambda functions ( Lambda Developer Guide (https://docs.aws.amazon.com/config/latest/developerguide/gettingstarted-concepts.html#gettingstarted-concepts-function)
// ) and with Guard ( Guard GitHub Repository (https://github.com/aws-cloudformation/cloudformation-guard)
// ), a policy-as-code language. Config custom rules created with Lambda are called
// Config Custom Lambda Rules and Config custom rules created with Guard are called
// Config Custom Policy Rules. For more information about developing and using
// Config rules, see Evaluating Resource with Config Rules (https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html)
// in the Config Developer Guide. You can use the Amazon Web Services CLI and
// Amazon Web Services SDKs if you want to create a rule that triggers evaluations
// for your resources when Config delivers the configuration snapshot. For more
// information, see ConfigSnapshotDeliveryProperties .
type ConfigRule struct {
// Provides the rule owner ( Amazon Web Services for managed rules, CUSTOM_POLICY
// for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule
// identifier, and the notifications that cause the function to evaluate your
// Amazon Web Services resources.
//
// This member is required.
Source *Source
// The Amazon Resource Name (ARN) of the Config rule.
ConfigRuleArn *string
// The ID of the Config rule.
ConfigRuleId *string
// The name that you assign to the Config rule. The name is required if you are
// adding a new rule.
ConfigRuleName *string
// Indicates whether the Config rule is active or is currently being deleted by
// Config. It can also indicate the evaluation status for the Config rule. Config
// sets the state of the rule to EVALUATING temporarily after you use the
// StartConfigRulesEvaluation request to evaluate your resources against the Config
// rule. Config sets the state of the rule to DELETING_RESULTS temporarily after
// you use the DeleteEvaluationResults request to delete the current evaluation
// results for the Config rule. Config temporarily sets the state of a rule to
// DELETING after you use the DeleteConfigRule request to delete the rule. After
// Config deletes the rule, the rule and all of its evaluations are erased and are
// no longer available.
ConfigRuleState ConfigRuleState
// Service principal name of the service that created the rule. The field is
// populated only if the service-linked rule is created by a service. The field is
// empty if you create your own rule.
CreatedBy *string
// The description that you provide for the Config rule.
Description *string
// The modes the Config rule can be evaluated in. The valid values are distinct
// objects. By default, the value is Detective evaluation mode only.
EvaluationModes []EvaluationModeConfiguration
// A string, in JSON format, that is passed to the Config rule Lambda function.
InputParameters *string
// The maximum frequency with which Config runs evaluations for a rule. You can
// specify a value for MaximumExecutionFrequency when:
// - This is for an Config managed rule that is triggered at a periodic
// frequency.
// - Your custom rule is triggered when Config delivers the configuration
// snapshot. For more information, see ConfigSnapshotDeliveryProperties .
// By default, rules with a periodic trigger are evaluated every 24 hours. To
// change the frequency, specify a valid value for the MaximumExecutionFrequency
// parameter.
MaximumExecutionFrequency MaximumExecutionFrequency
// Defines which resources can trigger an evaluation for the rule. The scope can
// include one or more resource types, a combination of one resource type and one
// resource ID, or a combination of a tag key and value. Specify a scope to
// constrain the resources that can trigger an evaluation for the rule. If you do
// not specify a scope, evaluations are triggered when any resource in the
// recording group changes. The scope can be empty.
Scope *Scope
noSmithyDocumentSerde
}
// Filters the compliance results based on account ID, region, compliance type,
// and rule name.
type ConfigRuleComplianceFilters struct {
// The 12-digit account ID of the source account.
AccountId *string
// The source region where the data is aggregated.
AwsRegion *string
// The rule compliance status. For the ConfigRuleComplianceFilters data type,
// Config supports only COMPLIANT and NON_COMPLIANT . Config does not support the
// NOT_APPLICABLE and the INSUFFICIENT_DATA values.
ComplianceType ComplianceType
// The name of the Config rule.
ConfigRuleName *string
noSmithyDocumentSerde
}
// Filters the results based on the account IDs and regions.
type ConfigRuleComplianceSummaryFilters struct {
// The 12-digit account ID of the source account.
AccountId *string
// The source region where the data is aggregated.
AwsRegion *string
noSmithyDocumentSerde
}
// Status information for your Config Managed rules and Config Custom Policy
// rules. The status includes information such as the last time the rule ran, the
// last time it failed, and the related error for the last failure. This action
// does not return status information about Config Custom Lambda rules.
type ConfigRuleEvaluationStatus struct {
// The Amazon Resource Name (ARN) of the Config rule.
ConfigRuleArn *string
// The ID of the Config rule.
ConfigRuleId *string
// The name of the Config rule.
ConfigRuleName *string
// The time that you first activated the Config rule.
FirstActivatedTime *time.Time
// Indicates whether Config has evaluated your resources against the rule at least
// once.
// - true - Config has evaluated your Amazon Web Services resources against the
// rule at least once.
// - false - Config has not finished evaluating your Amazon Web Services
// resources against the rule at least once.
FirstEvaluationStarted bool
// The time that you last turned off the Config rule.
LastDeactivatedTime *time.Time
// The status of the last attempted delivery of a debug log for your Config Custom
// Policy rules. Either Successful or Failed .
LastDebugLogDeliveryStatus *string
// The reason Config was not able to deliver a debug log. This is for the last
// failed attempt to retrieve a debug log for your Config Custom Policy rules.
LastDebugLogDeliveryStatusReason *string
// The time Config last attempted to deliver a debug log for your Config Custom
// Policy rules.
LastDebugLogDeliveryTime *time.Time
// The error code that Config returned when the rule last failed.
LastErrorCode *string
// The error message that Config returned when the rule last failed.
LastErrorMessage *string
// The time that Config last failed to evaluate your Amazon Web Services resources
// against the rule.
LastFailedEvaluationTime *time.Time
// The time that Config last failed to invoke the Config rule to evaluate your
// Amazon Web Services resources.
LastFailedInvocationTime *time.Time
// The time that Config last successfully evaluated your Amazon Web Services
// resources against the rule.
LastSuccessfulEvaluationTime *time.Time
// The time that Config last successfully invoked the Config rule to evaluate your
// Amazon Web Services resources.
LastSuccessfulInvocationTime *time.Time
noSmithyDocumentSerde
}
// Provides options for how often Config delivers configuration snapshots to the
// Amazon S3 bucket in your delivery channel. The frequency for a rule that
// triggers evaluations for your resources when Config delivers the configuration
// snapshot is set by one of two values, depending on which is less frequent:
// - The value for the deliveryFrequency parameter within the delivery channel
// configuration, which sets how often Config delivers configuration snapshots.
// This value also sets how often Config invokes evaluations for Config rules.
// - The value for the MaximumExecutionFrequency parameter, which sets the
// maximum frequency with which Config invokes evaluations for the rule. For more
// information, see ConfigRule .
//
// If the deliveryFrequency value is less frequent than the
// MaximumExecutionFrequency value for a rule, Config invokes the rule only as
// often as the deliveryFrequency value.
// - For example, you want your rule to run evaluations when Config delivers the
// configuration snapshot.
// - You specify the MaximumExecutionFrequency value for Six_Hours .
// - You then specify the delivery channel deliveryFrequency value for
// TwentyFour_Hours .
// - Because the value for deliveryFrequency is less frequent than
// MaximumExecutionFrequency , Config invokes evaluations for the rule every 24
// hours.
//
// You should set the MaximumExecutionFrequency value to be at least as frequent
// as the deliveryFrequency value. You can view the deliveryFrequency value by
// using the DescribeDeliveryChannnels action. To update the deliveryFrequency
// with which Config delivers your configuration snapshots, use the
// PutDeliveryChannel action.
type ConfigSnapshotDeliveryProperties struct {
// The frequency with which Config delivers configuration snapshots.
DeliveryFrequency MaximumExecutionFrequency
noSmithyDocumentSerde
}
// A list that contains the status of the delivery of the configuration stream
// notification to the Amazon SNS topic.
type ConfigStreamDeliveryInfo struct {
// The error code from the last attempted delivery.
LastErrorCode *string
// The error message from the last attempted delivery.
LastErrorMessage *string
// Status of the last attempted delivery. Note Providing an SNS topic on a
// DeliveryChannel (https://docs.aws.amazon.com/config/latest/APIReference/API_DeliveryChannel.html)
// for Config is optional. If the SNS delivery is turned off, the last status will
// be Not_Applicable.
LastStatus DeliveryStatus
// The time from the last status change.
LastStatusChangeTime *time.Time
noSmithyDocumentSerde
}
// The details about the configuration aggregator, including information about
// source accounts, regions, and metadata of the aggregator.
type ConfigurationAggregator struct {
// Provides a list of source accounts and regions to be aggregated.
AccountAggregationSources []AccountAggregationSource
// The Amazon Resource Name (ARN) of the aggregator.
ConfigurationAggregatorArn *string
// The name of the aggregator.
ConfigurationAggregatorName *string
// Amazon Web Services service that created the configuration aggregator.
CreatedBy *string
// The time stamp when the configuration aggregator was created.
CreationTime *time.Time
// The time of the last update.
LastUpdatedTime *time.Time
// Provides an organization and list of regions to be aggregated.
OrganizationAggregationSource *OrganizationAggregationSource
noSmithyDocumentSerde
}
// A list that contains detailed configurations of a specified resource.
type ConfigurationItem struct {
// The 12-digit Amazon Web Services account ID associated with the resource.
AccountId *string
// Amazon Resource Name (ARN) associated with the resource.
Arn *string
// The Availability Zone associated with the resource.
AvailabilityZone *string
// The region where the resource resides.
AwsRegion *string
// The description of the resource configuration.
Configuration *string
// The time when the configuration recording was initiated.
ConfigurationItemCaptureTime *time.Time
// Unique MD5 hash that represents the configuration item's state. You can use MD5
// hash to compare the states of two or more configuration items that are
// associated with the same resource.
ConfigurationItemMD5Hash *string
// The configuration item status. The valid values are:
// - OK – The resource configuration has been updated
// - ResourceDiscovered – The resource was newly discovered
// - ResourceNotRecorded – The resource was discovered but its configuration was
// not recorded since the recorder excludes the recording of resources of this type
//
// - ResourceDeleted – The resource was deleted
// - ResourceDeletedNotRecorded – The resource was deleted but its configuration
// was not recorded since the recorder excludes the recording of resources of this
// type
// The CIs do not incur any cost.
ConfigurationItemStatus ConfigurationItemStatus
// An identifier that indicates the ordering of the configuration items of a
// resource.
ConfigurationStateId *string
// A list of CloudTrail event IDs. A populated field indicates that the current
// configuration was initiated by the events recorded in the CloudTrail log. For
// more information about CloudTrail, see What Is CloudTrail (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html)
// . An empty field indicates that the current configuration was not initiated by
// any event. As of Version 1.3, the relatedEvents field is empty. You can access
// the LookupEvents API (https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_LookupEvents.html)
// in the CloudTrail API Reference to retrieve the events for the resource.
RelatedEvents []string
// A list of related Amazon Web Services resources.
Relationships []Relationship
// The time stamp when the resource was created.
ResourceCreationTime *time.Time
// The ID of the resource (for example, sg-xxxxxx ).
ResourceId *string
// The custom name of the resource, if available.
ResourceName *string
// The type of Amazon Web Services resource.
ResourceType ResourceType
// Configuration attributes that Config returns for certain resource types to
// supplement the information returned for the configuration parameter.
SupplementaryConfiguration map[string]string
// A mapping of key value tags associated with the resource.
Tags map[string]string
// The version number of the resource configuration.
Version *string
noSmithyDocumentSerde
}
// Records configuration changes to specified resource types. For more information
// about the configuration recorder, see Managing the Configuration Recorder (https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html)
// in the Config Developer Guide.
type ConfigurationRecorder struct {
// The name of the configuration recorder. Config automatically assigns the name
// of "default" when creating the configuration recorder. You cannot change the
// name of the configuration recorder after it has been created. To change the
// configuration recorder name, you must delete it and create a new configuration
// recorder with a new name.
Name *string
// Specifies which resource types Config records for configuration changes. High
// Number of Config Evaluations You may notice increased activity in your account
// during your initial month recording with Config when compared to subsequent
// months. During the initial bootstrapping process, Config runs evaluations on all
// the resources in your account that you have selected for Config to record. If
// you are running ephemeral workloads, you may see increased activity from Config
// as it records configuration changes associated with creating and deleting these
// temporary resources. An ephemeral workload is a temporary use of computing
// resources that are loaded and run when needed. Examples include Amazon Elastic
// Compute Cloud (Amazon EC2) Spot Instances, Amazon EMR jobs, and Auto Scaling. If
// you want to avoid the increased activity from running ephemeral workloads, you
// can run these types of workloads in a separate account with Config turned off to
// avoid increased configuration recording and rule evaluations.
RecordingGroup *RecordingGroup
// Amazon Resource Name (ARN) of the IAM role assumed by Config and used by the
// configuration recorder. While the API model does not require this field, the
// server will reject a request without a defined roleARN for the configuration
// recorder. Pre-existing Config role If you have used an Amazon Web Services
// service that uses Config, such as Security Hub or Control Tower, and an Config
// role has already been created, make sure that the IAM role that you use when
// setting up Config keeps the same minimum permissions as the already created
// Config role. You must do this so that the other Amazon Web Services service
// continues to run as expected. For example, if Control Tower has an IAM role that
// allows Config to read Amazon Simple Storage Service (Amazon S3) objects, make
// sure that the same permissions are granted within the IAM role you use when
// setting up Config. Otherwise, it may interfere with how Control Tower operates.
// For more information about IAM roles for Config, see Identity and Access
// Management for Config (https://docs.aws.amazon.com/config/latest/developerguide/security-iam.html)
// in the Config Developer Guide.
RoleARN *string
noSmithyDocumentSerde
}
// The current status of the configuration recorder. For a detailed status of
// recording events over time, add your Config events to CloudWatch metrics and use
// CloudWatch metrics.
type ConfigurationRecorderStatus struct {
// The latest error code from when the recorder last failed.
LastErrorCode *string
// The latest error message from when the recorder last failed.
LastErrorMessage *string
// The time the recorder was last started.
LastStartTime *time.Time
// The status of the latest recording event processed by the recorder.
LastStatus RecorderStatus
// The time of the latest change in status of an recording event processed by the
// recorder.
LastStatusChangeTime *time.Time
// The time the recorder was last stopped.
LastStopTime *time.Time
// The name of the configuration recorder.
Name *string
// Specifies whether or not the recorder is currently recording.
Recording bool
noSmithyDocumentSerde
}
// Filters the conformance pack by compliance types and Config rule names.
type ConformancePackComplianceFilters struct {
// Filters the results by compliance. The allowed values are COMPLIANT and
// NON_COMPLIANT . INSUFFICIENT_DATA is not supported.
ComplianceType ConformancePackComplianceType
// Filters the results by Config rule names.
ConfigRuleNames []string
noSmithyDocumentSerde
}
// A compliance score is the percentage of the number of compliant rule-resource
// combinations in a conformance pack compared to the number of total possible
// rule-resource combinations in the conformance pack. This metric provides you
// with a high-level view of the compliance state of your conformance packs. You
// can use it to identify, investigate, and understand the level of compliance in
// your conformance packs.
type ConformancePackComplianceScore struct {
// The name of the conformance pack.
ConformancePackName *string
// The time that the conformance pack compliance score was last updated.
LastUpdatedTime *time.Time
// Compliance score for the conformance pack. Conformance packs with no evaluation
// results will have a compliance score of INSUFFICIENT_DATA .
Score *string
noSmithyDocumentSerde
}
// A list of filters to apply to the conformance pack compliance score result set.
type ConformancePackComplianceScoresFilters struct {
// The names of the conformance packs whose compliance scores you want to include
// in the conformance pack compliance score result set. You can include up to 25
// conformance packs in the ConformancePackNames array of strings, each with a
// character limit of 256 characters for the conformance pack name.
//
// This member is required.
ConformancePackNames []string
noSmithyDocumentSerde
}
// Summary includes the name and status of the conformance pack.
type ConformancePackComplianceSummary struct {
// The status of the conformance pack.
//
// This member is required.
ConformancePackComplianceStatus ConformancePackComplianceType
// The name of the conformance pack name.
//
// This member is required.
ConformancePackName *string
noSmithyDocumentSerde
}
// Returns details of a conformance pack. A conformance pack is a collection of
// Config rules and remediation actions that can be easily deployed in an account
// and a region.
type ConformancePackDetail struct {
// Amazon Resource Name (ARN) of the conformance pack.
//
// This member is required.
ConformancePackArn *string
// ID of the conformance pack.
//
// This member is required.
ConformancePackId *string
// Name of the conformance pack.
//
// This member is required.
ConformancePackName *string
// A list of ConformancePackInputParameter objects.
ConformancePackInputParameters []ConformancePackInputParameter
// The Amazon Web Services service that created the conformance pack.
CreatedBy *string
// The name of the Amazon S3 bucket where Config stores conformance pack
// templates. This field is optional.
DeliveryS3Bucket *string
// The prefix for the Amazon S3 bucket. This field is optional.
DeliveryS3KeyPrefix *string