Amazon AWS Config

23 min

this connector allows turbine to connect with aws config prerequisites this connector authenticates with aws config using the following input values requirements aws access key id a long term aws access key id with access to iam aws access secret key a long term secret access key associated with the above accesskey id capabilities this connector provides the following capabilities get compliance by resource get compliance summary by resource type get resources compliance details by resource type get rules list resources task setup the following tasks inputs there are different ways to pass parameters get compliance summary by resource type you can provide either a resourceevaluationid or a resourceid and resourcetype configurations aws config asset authenticates using aws credentials configuration parameters parameter description type required access key a specific long term aws access key id string required secret key a specific long term aws secret access key string required region name the aws region where you want to create new connections string required role arn role arn string optional session token use if a session token is provided when switching roles string optional external id external id to assume iam role optional value used for assuming roles can be added, or removed in trusted relationships of target role string optional role session name defaults to sessionfromswimlane \<hash> when no value is provided string optional actions get compliance by resource describe aws config compliance by resource input argument name type required description resourcetype string required the types of amazon web services resources for which you want compliance information resourceid string required the id of the amazon web services resource for which you want compliance information you can specify only one resource id if you specify a resource id, you must also specify a type for resourcetype compliancetypes array optional filters the results by compliance limit number optional the maximum number of evaluation results returned on each page the default is 10 nexttoken string optional the nexttoken string returned on a previous page that you use to get the next page of results in a paginated response output parameter type description status code number http status code of the response reason string response reason phrase compliancebyresources array output field compliancebyresources resourcetype string type of the resource resourceid string unique identifier compliance object output field compliance compliancetype string type of the resource compliancecontributorcount object count value cappedcount number count value capexceeded boolean output field capexceeded nexttoken string output field nexttoken example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "compliancebyresources" \[], "nexttoken" "string1" } } ] get compliance summary by resource type retrieve aws config compliance summary by resource type input argument name type required description resourcetypes array optional specify one or more resource types to get the number of resources that are compliant and the number that are noncompliant for each resource type output parameter type description status code number http status code of the response reason string response reason phrase compliancesummariesbyresourcetype array type of the resource resourcetype string type of the resource compliancesummary object output field compliancesummary compliantresourcecount object count value cappedcount number count value capexceeded boolean output field capexceeded noncompliantresourcecount object count value cappedcount number count value capexceeded boolean output field capexceeded compliancesummarytimestamp string output field compliancesummarytimestamp example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "compliancesummariesbyresourcetype" \[] } } ] get resources compliance details by resource type retrieve aws config compliance details for resources by resource type input argument name type required description resourcetype string required the type of aws resource resourceid string optional the id of the aws resource compliancetypes array optional filters the results by compliance nexttoken string optional the nexttoken string use to get next page of results in a paginated response resourceevaluationid string optional the unique id of aws resource to retrieve evaluation results output parameter type description status code number http status code of the response reason string response reason phrase evaluationresults array result of the operation evaluationresultidentifier object unique identifier evaluationresultqualifier object result of the operation configrulename string name of the resource resourcetype string type of the resource resourceid string unique identifier evaluationmode string output field evaluationmode orderingtimestamp string output field orderingtimestamp resourceevaluationid string unique identifier compliancetype string type of the resource resultrecordedtime string result of the operation configruleinvokedtime string time value annotation string output field annotation resulttoken string result of the operation nexttoken string output field nexttoken example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "evaluationresults" \[], "nexttoken" "string" } } ] get rules retrieve a list of aws config rules input argument name type required description configrulenames array optional the names of the config rules for which you want details if you do not specify any names, config returns details for all your rules nexttoken string optional the nexttoken string returned on a previous page that you use to get the next page of results in a paginated response filters object optional returns a list of detective or proactive config rules by default, this api returns an unfiltered list evaluationmode string optional the mode of an evaluation the valid values are detective or proactive output parameter type description status code number http status code of the response reason string response reason phrase configrules array output field configrules configrulename string name of the resource configrulearn string output field configrulearn configruleid string unique identifier description string output field description scope object output field scope complianceresourcetypes array type of the resource tagkey string output field tagkey tagvalue string value for the parameter complianceresourceid string unique identifier source object output field source owner string output field owner sourceidentifier string unique identifier sourcedetails array output field sourcedetails eventsource string output field eventsource messagetype string type of the resource maximumexecutionfrequency string output field maximumexecutionfrequency custompolicydetails object output field custompolicydetails policyruntime string time value policytext string output field policytext enabledebuglogdelivery boolean output field enabledebuglogdelivery inputparameters string parameters for the get rules action maximumexecutionfrequency string output field maximumexecutionfrequency example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "configrules" \[], "nexttoken" "axyz" } } ] list resources retrieve aws config discovered resources input argument name type required description resourcetype string required the type of resources that you want config to list in the response resourceids array optional the ids of only those resources that you want config to list in the response resourcename string optional the custom name of only those resources that you want config to list in the response limit number optional the maximum number of resource identifiers returned on each page includedeletedresources boolean optional specifies whether config includes deleted resources in the results by default, deleted resources are not included nexttoken string optional the nexttoken string returned on a previous page that you use to get the next page of results in a paginated response output parameter type description status code number http status code of the response reason string response reason phrase resourceidentifiers array unique identifier resourcetype string type of the resource resourceid string unique identifier resourcename string name of the resource resourcedeletiontime string time value nexttoken string output field nexttoken example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "resourceidentifiers" \[], "nexttoken" "abc123" } } ] notes for more information on aws config aws config https //docs aws amazon com/cli/latest/reference/configservice/aws config actions https //docs aws amazon com/config/latest/apireference/api operations html