/ - AWS Config

Deploys conformance packs across member accounts in an Amazon Web Services Organization. For information on how many organization conformance packs and how many Config rules you can have per account, see Service Limits in the Config Developer Guide.

Only a management account and a delegated administrator can call this API. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added. An organization can have up to 3 delegated administrators.

This API enables organization service access for config-multiaccountsetup.amazonaws.com through the EnableAWSServiceAccess action and creates a service-linked role AWSServiceRoleForConfigMultiAccountSetup in the management or delegated administrator account of your organization. The service-linked role is created only when the role does not exist in the caller account. To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization register-delegate-admin for config-multiaccountsetup.amazonaws.com.

curl --location --request POST '/' \ --header 'X-Amz-Target;' \ --header 'Content-Type: application/json' \ --data-raw '{ "OrganizationConformancePackName": "string", "TemplateS3Uri": "string", "TemplateBody": "string", "DeliveryS3Bucket": "string", "DeliveryS3KeyPrefix": "string", "ConformancePackInputParameters": [], "ExcludedAccounts": [] }'

Request

Header Params

X-Amz-Target

string

required

Body Params application/json

OrganizationConformancePackName

string

required

Name of the organization conformance pack you want to create.

>= 1 characters<= 128 characters

Match pattern:

[a-zA-Z][-a-zA-Z0-9]*

TemplateS3Uri

string

optional

Location of file containing the template body. The uri must point to the conformance pack template (max size: 300 KB).

>= 1 characters<= 1024 characters

Match pattern:

s3://.*

TemplateBody

string

optional

A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

>= 1 characters<= 51200 characters

DeliveryS3Bucket

string

optional

The name of the Amazon S3 bucket where Config stores conformance pack templates.

>= 0 characters<= 63 characters

DeliveryS3KeyPrefix

string

optional

The prefix for the Amazon S3 bucket.

>= 0 characters<= 1024 characters

ConformancePackInputParameters

array[object (ConformancePackInputParameter) {2}]

optional

A list of ConformancePackInputParameter objects.

>= 0 items<= 60 items

ParameterName

string

required

One part of a key-value pair.

>= 0 characters<= 255 characters

ParameterValue

string

required

Another part of the key-value pair.

>= 0 characters<= 4096 characters

ExcludedAccounts

array[string]

optional

A list of Amazon Web Services accounts to be excluded from an organization conformance pack while deploying a conformance pack.

>= 0 items<= 1000 items

Examples

Responses

🟢200Success

application/json

Body

OrganizationConformancePackArn

string

optional

ARN of the organization conformance pack.

>= 1 characters<= 256 characters

🟠480MaxNumberOfOrganizationConformancePacksExceededException

🟠481ResourceInUseException

🟠482ValidationException

🟠483OrganizationAccessDeniedException

🟠484InsufficientPermissionsException

🟠485OrganizationConformancePackTemplateValidationException

🟠486OrganizationAllFeaturesNotEnabledException

🟠487NoAvailableOrganizationException