docs(client-config-service): Documentation update for PutConfigRule a…

…nd PutOrganizationConfigRule
aws · Aug 1, 2022 · 8630419 · 8630419
1 parent 9802d47
commit 8630419
Show file tree

Hide file tree

Showing 12 changed files with 193 additions and 136 deletions.
diff --git a/clients/client-config-service/README.md b/clients/client-config-service/README.md
@@ -187,7 +187,7 @@ try {
   const data = await client.send(command);
   // process data.
 } catch (error) {
-  const { requestId, cfId, extendedRequestId } = error.$metadata;
+  const { requestId, cfId, extendedRequestId } = error.$$metadata;
   console.log({ requestId, cfId, extendedRequestId });
   /**
    * The keys within exceptions are also parsed.

diff --git a/clients/client-config-service/src/ConfigService.ts b/clients/client-config-service/src/ConfigService.ts
@@ -2867,7 +2867,10 @@ export class ConfigService extends ConfigServiceClient {
    * <p>Returns a list of conformance pack compliance scores.
    * 			A compliance score is the percentage of the number of compliant rule-resource combinations in a conformance pack compared to the number of total possible rule-resource combinations in the conformance pack.
    * 			This metric provides you with a high-level view of the compliance state of your conformance packs, and can be used to identify, investigate, and understand
-   * 			compliance deviations in your conformance packs.</p>
+   * 			the level of compliance in your conformance packs.</p>
+   * 		       <note>
+   *             <p>Conformance packs with no evaluation results will have a compliance score of <code>INSUFFICIENT_DATA</code>.</p>
+   *          </note>
    */
   public listConformancePackComplianceScores(
     args: ListConformancePackComplianceScoresCommandInput,
@@ -3044,23 +3047,33 @@ export class ConfigService extends ConfigServiceClient {
   }
 
   /**
-   * <p>Adds or updates an Config rule for evaluating whether your
-   * 			Amazon Web Services resources comply with your desired configurations.</p>
-   * 		       <p>You can use this action for Config custom rules and Config
-   * 			managed rules. A Config custom rule is a rule that you
-   * 			develop and maintain. An Config managed rule is a customizable,
-   * 			predefined rule that Config provides.</p>
-   * 		       <p>If you are adding a new Config custom rule, you must first
-   * 			create the Lambda function that the rule invokes to evaluate
-   * 			your resources. When you use the <code>PutConfigRule</code> action
-   * 			to add the rule to Config, you must specify the Amazon Resource
-   * 			Name (ARN) that Lambda assigns to the function. Specify the ARN
-   * 			for the <code>SourceIdentifier</code> key. This key is part of the
-   * 				<code>Source</code> object, which is part of the
-   * 				<code>ConfigRule</code> object. </p>
-   * 		       <p>If you are adding an Config managed rule, specify the
-   * 			rule's identifier for the <code>SourceIdentifier</code> key. To
-   * 			reference Config managed rule identifiers, see <a href="https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html">About Config managed rules</a>.</p>
+   * <p>Adds or updates an Config rule to evaluate if your
+   * 			Amazon Web Services resources comply with your desired configurations. For information on how many Config rules you can have per account,
+   * 			see <a href="https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html">
+   *                <b>Service Limits</b>
+   *             </a> in the <i>Config Developer Guide</i>.</p>
+   *
+   * 		       <p>There are two types of rules: Config Custom Rules and Config Managed Rules.
+   * 			You can use <code>PutConfigRule</code> to create both Config custom rules and Config managed rules.</p>
+   *
+   * 		       <p>Custom rules are rules that you can create using either Guard or Lambda functions.
+   * 			Guard (<a href="https://github.com/aws-cloudformation/cloudformation-guard">Guard GitHub
+   * 				Repository</a>) is a policy-as-code language that allows you to write policies that
+   * 			are enforced by Config Custom Policy rules. Lambda uses custom code that you upload to
+   * 			evaluate a custom rule. If you are adding a new Custom Lambda rule,
+   * 			you first need to create an Lambda function that the rule invokes to evaluate
+   * 			your resources. When you use <code>PutConfigRule</code> to add a Custom Lambda rule to Config, you must specify the Amazon Resource
+   * 			Name (ARN) that Lambda assigns to the function. You specify the ARN
+   * 			in the <code>SourceIdentifier</code> key. This key is part of the
+   * 			<code>Source</code> object, which is part of the
+   * 			<code>ConfigRule</code> object. </p>
+   *
+   * 		       <p>Managed rules are predefined,
+   * 			customizable rules created by Config. For a list of managed rules, see
+   * 			<a href="https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html">List of Config
+   * 				Managed Rules</a>. If you are adding an Config managed rule, you must specify the
+   * 			rule's identifier for the <code>SourceIdentifier</code> key.</p>
+   *
    * 		       <p>For any new rule that you add, specify the
    * 				<code>ConfigRuleName</code> in the <code>ConfigRule</code>
    * 			object. Do not specify the <code>ConfigRuleArn</code> or the
@@ -3070,10 +3083,6 @@ export class ConfigService extends ConfigServiceClient {
    * 				<code>ConfigRuleId</code>, or <code>ConfigRuleArn</code> in the
    * 				<code>ConfigRule</code> data type that you use in this
    * 			request.</p>
-   * 		       <p>For information on how many Config rules you can have per account,
-   * 			see <a href="https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html">
-   *                <b>Service Limits</b>
-   *             </a> in the Config Developer Guide.</p>
    *
    * 		       <p>For more information about developing and using Config
    * 			rules, see <a href="https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html">Evaluating Amazon Web Services resource Configurations with Config</a>
@@ -3123,7 +3132,7 @@ export class ConfigService extends ConfigServiceClient {
    * 			         <p>If your source type is an organization, you must be signed in to the management account or a registered delegated administrator and all the features must be enabled in your organization.
    * 				If the caller is a management account, Config calls <code>EnableAwsServiceAccess</code> API to enable integration between Config and Organizations.
    * 				If the caller is a registered delegated administrator, Config calls <code>ListDelegatedAdministrators</code> API to verify whether the caller is a valid delegated administrator.</p>
-   * 			         <p>To register a delegated administrator, see <a href="https://docs.aws.amazon.com/config/latest/developerguide/set-up-aggregator-cli.html#register-a-delegated-administrator-cli">Register a Delegated Administrator</a> in the Config developer guide. </p>
+   * 			         <p>To register a delegated administrator, see <a href="https://docs.aws.amazon.com/config/latest/developerguide/set-up-aggregator-cli.html#register-a-delegated-administrator-cli">Register a Delegated Administrator</a> in the <i>Config developer guide</i>. </p>
    * 		       </note>
    */
   public putConfigurationAggregator(
@@ -3206,8 +3215,8 @@ export class ConfigService extends ConfigServiceClient {
    * 			see <a href="https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html">
    *                <b>Service Limits</b>
    *             </a> in the Config Developer Guide.</p>
-   * 		       <p>This API creates a service linked role <code>AWSServiceRoleForConfigConforms</code> in your account.
-   * 		The service linked role is created only when the role does not exist in your account. </p>
+   * 		       <p>This API creates a service-linked role <code>AWSServiceRoleForConfigConforms</code> in your account.
+   * 		The service-linked role is created only when the role does not exist in your account. </p>
    * 		       <note>
    *             <p>You must specify either the <code>TemplateS3Uri</code> or the <code>TemplateBody</code> parameter, but not both.
    * 			If you provide both Config uses the <code>TemplateS3Uri</code> parameter and ignores the <code>TemplateBody</code> parameter.</p>
@@ -3358,29 +3367,42 @@ export class ConfigService extends ConfigServiceClient {
   }
 
   /**
-   * <p>Adds or updates organization Config rule for your entire organization evaluating whether your Amazon Web Services resources comply with your
+   * <p>Adds or updates an Config rule for your entire organization to evaluate if your Amazon Web Services resources comply with your
    * 			desired configurations. For information on how many organization Config rules you can have per account,
    * 			see <a href="https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html">
    *                <b>Service Limits</b>
-   *             </a> in the Config Developer Guide.</p>
+   *             </a> in the <i>Config Developer Guide</i>.</p>
    * 	        <p> Only a master account and a delegated administrator can create or update an organization Config rule.
    * 		When calling this API with a delegated administrator, you must ensure Organizations
    * 		<code>ListDelegatedAdministrator</code> permissions are added. An organization can have up to 3 delegated administrators.</p>
-   * 		       <p>This API enables organization service access through the <code>EnableAWSServiceAccess</code> action and creates a service linked
+   * 		       <p>This API enables organization service access through the <code>EnableAWSServiceAccess</code> action and creates a service-linked
    * 			role <code>AWSServiceRoleForConfigMultiAccountSetup</code> in the master or delegated administrator account of your organization.
-   * 			The service linked role is created only when the role does not exist in the caller account.
+   * 			The service-linked role is created only when the role does not exist in the caller account.
    * 			Config verifies the existence of role with <code>GetRole</code> action.</p>
    * 		       <p>To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization
    * 			<code>register-delegated-administrator</code> for <code>config-multiaccountsetup.amazonaws.com</code>. </p>
-   * 		       <p>You can use this action to create both Config custom rules and Config managed rules.
-   * 			If you are adding a new Config custom rule, you must first create Lambda function in the master account or a delegated
-   * 			administrator that the rule invokes to evaluate your resources. You also need to create an IAM role in the managed-account that can be assumed by the Lambda function.
-   * 			When you use the <code>PutOrganizationConfigRule</code> action to add the rule to Config, you must
-   * 			specify the Amazon Resource Name (ARN) that Lambda assigns to the function.
-   * 			If you are adding an Config managed rule, specify the rule's identifier for the <code>RuleIdentifier</code> key.</p>
+   *
+   * 		       <p>There are two types of rules: Config Custom Rules and Config Managed Rules.
+   * 			You can use <code>PutOrganizationConfigRule</code> to create both Config custom rules and Config managed rules.</p>
+   *
+   * 		       <p>Custom rules are rules that you can create using either Guard or Lambda functions.
+   * 			Guard (<a href="https://github.com/aws-cloudformation/cloudformation-guard">Guard GitHub
+   * 				Repository</a>) is a policy-as-code language that allows you to write policies that
+   * 			are enforced by Config Custom Policy rules. Lambda uses custom code that you upload to
+   * 			evaluate a custom rule. If you are adding a new Custom Lambda rule, you first need to create an Lambda function in the master account or a delegated
+   * 		administrator that the rule invokes to evaluate your resources. You also need to create an IAM role in the managed account that can be assumed by the Lambda function.
+   * 		When you use <code>PutOrganizationConfigRule</code> to add a Custom Lambda rule to Config, you must
+   * 			specify the Amazon Resource Name (ARN) that Lambda assigns to the function.</p>
+   *
+   * 		       <p>Managed rules are predefined,
+   * 			customizable rules created by Config. For a list of managed rules, see
+   * 			<a href="https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html">List of Config
+   * 				Managed Rules</a>. If you are adding an Config managed rule, you must specify the rule's identifier for the <code>RuleIdentifier</code> key.</p>
+   *
+   *
    * 		       <note>
    *             <p>Prerequisite: Ensure you call <code>EnableAllFeatures</code> API to enable all features in an organization.</p>
-   * 			         <p>Specify either <code>OrganizationCustomRuleMetadata</code> or <code>OrganizationManagedRuleMetadata</code>.</p>
+   * 			         <p>Make sure to specify one of either <code>OrganizationCustomPolicyRuleMetadata</code> for Custom Policy rules, <code>OrganizationCustomRuleMetadata</code> for Custom Lambda rules, or <code>OrganizationManagedRuleMetadata</code> for managed rules.</p>
    * 			      </note>
    */
   public putOrganizationConfigRule(
@@ -3422,8 +3444,8 @@ export class ConfigService extends ConfigServiceClient {
    * 			<code>ListDelegatedAdministrator</code> permissions are added. An organization can have up to 3 delegated administrators.</p>
    * 		       <p>This API enables organization service access for <code>config-multiaccountsetup.amazonaws.com</code>
    * 			through the <code>EnableAWSServiceAccess</code> action and creates a
-   * 			service linked role <code>AWSServiceRoleForConfigMultiAccountSetup</code> in the master or delegated administrator account of your organization.
-   * 			The service linked role is created only when the role does not exist in the caller account.
+   * 			service-linked role <code>AWSServiceRoleForConfigMultiAccountSetup</code> in the master or delegated administrator account of your organization.
+   * 			The service-linked role is created only when the role does not exist in the caller account.
    * 			To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization
    * 			<code>register-delegate-admin</code> for <code>config-multiaccountsetup.amazonaws.com</code>.</p>
    *
@@ -3715,7 +3737,7 @@ export class ConfigService extends ConfigServiceClient {
    * 		       <p>For more information about query components, see the
    * 			<a href="https://docs.aws.amazon.com/config/latest/developerguide/query-components.html">
    *                <b>Query Components</b>
-   *             </a> section in the Config Developer Guide.</p>
+   *             </a> section in the <i>Config Developer Guide</i>.</p>
    */
   public selectResourceConfig(
     args: SelectResourceConfigCommandInput,

diff --git a/clients/client-config-service/src/commands/ListConformancePackComplianceScoresCommand.ts b/clients/client-config-service/src/commands/ListConformancePackComplianceScoresCommand.ts
@@ -33,7 +33,10 @@ export interface ListConformancePackComplianceScoresCommandOutput
  * <p>Returns a list of conformance pack compliance scores.
  * 			A compliance score is the percentage of the number of compliant rule-resource combinations in a conformance pack compared to the number of total possible rule-resource combinations in the conformance pack.
  * 			This metric provides you with a high-level view of the compliance state of your conformance packs, and can be used to identify, investigate, and understand
- * 			compliance deviations in your conformance packs.</p>
+ * 			the level of compliance in your conformance packs.</p>
+ * 		       <note>
+ *             <p>Conformance packs with no evaluation results will have a compliance score of <code>INSUFFICIENT_DATA</code>.</p>
+ *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-config-service/src/commands/PutConfigRuleCommand.ts b/clients/client-config-service/src/commands/PutConfigRuleCommand.ts
@@ -23,23 +23,33 @@ export interface PutConfigRuleCommandInput extends PutConfigRuleRequest {}
 export interface PutConfigRuleCommandOutput extends __MetadataBearer {}
 
 /**
- * <p>Adds or updates an Config rule for evaluating whether your
- * 			Amazon Web Services resources comply with your desired configurations.</p>
- * 		       <p>You can use this action for Config custom rules and Config
- * 			managed rules. A Config custom rule is a rule that you
- * 			develop and maintain. An Config managed rule is a customizable,
- * 			predefined rule that Config provides.</p>
- * 		       <p>If you are adding a new Config custom rule, you must first
- * 			create the Lambda function that the rule invokes to evaluate
- * 			your resources. When you use the <code>PutConfigRule</code> action
- * 			to add the rule to Config, you must specify the Amazon Resource
- * 			Name (ARN) that Lambda assigns to the function. Specify the ARN
- * 			for the <code>SourceIdentifier</code> key. This key is part of the
- * 				<code>Source</code> object, which is part of the
- * 				<code>ConfigRule</code> object. </p>
- * 		       <p>If you are adding an Config managed rule, specify the
- * 			rule's identifier for the <code>SourceIdentifier</code> key. To
- * 			reference Config managed rule identifiers, see <a href="https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html">About Config managed rules</a>.</p>
+ * <p>Adds or updates an Config rule to evaluate if your
+ * 			Amazon Web Services resources comply with your desired configurations. For information on how many Config rules you can have per account,
+ * 			see <a href="https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html">
+ *                <b>Service Limits</b>
+ *             </a> in the <i>Config Developer Guide</i>.</p>
+ *
+ * 		       <p>There are two types of rules: Config Custom Rules and Config Managed Rules.
+ * 			You can use <code>PutConfigRule</code> to create both Config custom rules and Config managed rules.</p>
+ *
+ * 		       <p>Custom rules are rules that you can create using either Guard or Lambda functions.
+ * 			Guard (<a href="https://github.com/aws-cloudformation/cloudformation-guard">Guard GitHub
+ * 				Repository</a>) is a policy-as-code language that allows you to write policies that
+ * 			are enforced by Config Custom Policy rules. Lambda uses custom code that you upload to
+ * 			evaluate a custom rule. If you are adding a new Custom Lambda rule,
+ * 			you first need to create an Lambda function that the rule invokes to evaluate
+ * 			your resources. When you use <code>PutConfigRule</code> to add a Custom Lambda rule to Config, you must specify the Amazon Resource
+ * 			Name (ARN) that Lambda assigns to the function. You specify the ARN
+ * 			in the <code>SourceIdentifier</code> key. This key is part of the
+ * 			<code>Source</code> object, which is part of the
+ * 			<code>ConfigRule</code> object. </p>
+ *
+ * 		       <p>Managed rules are predefined,
+ * 			customizable rules created by Config. For a list of managed rules, see
+ * 			<a href="https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html">List of Config
+ * 				Managed Rules</a>. If you are adding an Config managed rule, you must specify the
+ * 			rule's identifier for the <code>SourceIdentifier</code> key.</p>
+ *
  * 		       <p>For any new rule that you add, specify the
  * 				<code>ConfigRuleName</code> in the <code>ConfigRule</code>
  * 			object. Do not specify the <code>ConfigRuleArn</code> or the
@@ -49,10 +59,6 @@ export interface PutConfigRuleCommandOutput extends __MetadataBearer {}
  * 				<code>ConfigRuleId</code>, or <code>ConfigRuleArn</code> in the
  * 				<code>ConfigRule</code> data type that you use in this
  * 			request.</p>
- * 		       <p>For information on how many Config rules you can have per account,
- * 			see <a href="https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html">
- *                <b>Service Limits</b>
- *             </a> in the Config Developer Guide.</p>
  *
  * 		       <p>For more information about developing and using Config
  * 			rules, see <a href="https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html">Evaluating Amazon Web Services resource Configurations with Config</a>