Amazon AWS Config

24 min

this connector allows turbine to connect with aws config prerequisites this connector authenticates with aws config using the following input values requirements aws access key id a long term aws access key id with access to iam aws access secret key a long term secret access key associated with the above accesskey id capabilities this connector provides the following capabilities get compliance by resource get compliance summary by resource type get resources compliance details by resource type get rules list resources task setup the following tasks inputs there are different ways to pass parameters get compliance summary by resource type you can provide either a resourceevaluationid or a resourceid and resourcetype notes for more information on aws config https //docs aws amazon com/cli/latest/reference/configservice/ https //docs aws amazon com/config/latest/apireference/api operations html configurations aws config asset authenticates using aws credentials configuration parameters parameter description type required access key a specific long term aws access key id string required secret key a specific long term aws secret access key string required region name the aws region where you want to create new connections string required role arn role arn string optional session token use if a session token is provided when switching roles string optional external id external id to assume iam role optional value used for assuming roles can be added, or removed in trusted relationships of target role string optional role session name defaults to sessionfromswimlane \<hash> when no value is provided string optional actions get compliance by resource describe aws config compliance by resource input argument name type required description resourcetype string required the types of amazon web services resources for which you want compliance information resourceid string required the id of the amazon web services resource for which you want compliance information you can specify only one resource id if you specify a resource id, you must also specify a type for resourcetype compliancetypes array optional filters the results by compliance limit number optional the maximum number of evaluation results returned on each page the default is 10 nexttoken string optional the nexttoken string returned on a previous page that you use to get the next page of results in a paginated response input example {"resourcetype" "aws ec2 instance","resourceid" "apphub bundles artifacts","compliancetypes" \["compliant"],"limit" 123,"nexttoken" "string1"} output parameter type description status code number http status code of the response reason string response reason phrase compliancebyresources array output field compliancebyresources compliancebyresources resourcetype string type of the resource compliancebyresources resourceid string unique identifier compliancebyresources compliance object output field compliancebyresources compliance compliancebyresources compliance compliancetype string type of the resource compliancebyresources compliance compliancecontributorcount object count value compliancebyresources compliance compliancecontributorcount cappedcount number count value compliancebyresources compliance compliancecontributorcount capexceeded boolean output field compliancebyresources compliance compliancecontributorcount capexceeded nexttoken string output field nexttoken output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"compliancebyresources" \[{}],"nexttoken" "string1"}} get compliance summary by resource type retrieve aws config compliance summary by resource type input argument name type required description resourcetypes array optional specify one or more resource types to get the number of resources that are compliant and the number that are noncompliant for each resource type input example {"resourcetypes" \["aws ec2 instance"]} output parameter type description status code number http status code of the response reason string response reason phrase compliancesummariesbyresourcetype array type of the resource compliancesummariesbyresourcetype resourcetype string type of the resource compliancesummariesbyresourcetype compliancesummary object type of the resource compliancesummariesbyresourcetype compliancesummary compliantresourcecount object type of the resource compliancesummariesbyresourcetype compliancesummary compliantresourcecount cappedcount number type of the resource compliancesummariesbyresourcetype compliancesummary compliantresourcecount capexceeded boolean type of the resource compliancesummariesbyresourcetype compliancesummary noncompliantresourcecount object type of the resource compliancesummariesbyresourcetype compliancesummary noncompliantresourcecount cappedcount number type of the resource compliancesummariesbyresourcetype compliancesummary noncompliantresourcecount capexceeded boolean type of the resource compliancesummariesbyresourcetype compliancesummary compliancesummarytimestamp string type of the resource output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"compliancesummariesbyresourcetype" \[{}]}} get resources compliance details by resource type retrieve aws config compliance details for resources by resource type input argument name type required description resourcetype string required the type of aws resource resourceid string optional the id of the aws resource compliancetypes array optional filters the results by compliance nexttoken string optional the nexttoken string use to get next page of results in a paginated response resourceevaluationid string optional the unique id of aws resource to retrieve evaluation results input example {"resourcetype" "string","resourceid" "abc12","compliancetypes" \["compliant"],"nexttoken" "string1","resourceevaluationid" "string1"} output parameter type description status code number http status code of the response reason string response reason phrase evaluationresults array result of the operation evaluationresults evaluationresultidentifier object unique identifier evaluationresults evaluationresultidentifier evaluationresultqualifier object unique identifier evaluationresults evaluationresultidentifier evaluationresultqualifier configrulename string unique identifier evaluationresults evaluationresultidentifier evaluationresultqualifier resourcetype string unique identifier evaluationresults evaluationresultidentifier evaluationresultqualifier resourceid string unique identifier evaluationresults evaluationresultidentifier evaluationresultqualifier evaluationmode string unique identifier evaluationresults evaluationresultidentifier orderingtimestamp string unique identifier evaluationresults evaluationresultidentifier resourceevaluationid string unique identifier evaluationresults compliancetype string type of the resource evaluationresults resultrecordedtime string result of the operation evaluationresults configruleinvokedtime string result of the operation evaluationresults annotation string result of the operation evaluationresults resulttoken string result of the operation nexttoken string output field nexttoken output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"evaluationresults" \[{}],"nexttoken" "string"}} get rules retrieve a list of aws config rules input argument name type required description configrulenames array optional the names of the config rules for which you want details if you do not specify any names, config returns details for all your rules nexttoken string optional the nexttoken string returned on a previous page that you use to get the next page of results in a paginated response filters object optional returns a list of detective or proactive config rules by default, this api returns an unfiltered list filters evaluationmode string optional the mode of an evaluation the valid values are detective or proactive input example {"configrulenames" \["abcdefghij"],"nexttoken" "xyzng","filters" {"evaluationmode" "detective"}} output parameter type description status code number http status code of the response reason string response reason phrase configrules array output field configrules configrules configrulename string name of the resource configrules configrulearn string output field configrules configrulearn configrules configruleid string unique identifier configrules description string output field configrules description configrules scope object output field configrules scope configrules scope complianceresourcetypes array type of the resource configrules scope tagkey string output field configrules scope tagkey configrules scope tagvalue string value for the parameter configrules scope complianceresourceid string unique identifier configrules source object output field configrules source configrules source owner string output field configrules source owner configrules source sourceidentifier string unique identifier configrules source sourcedetails array output field configrules source sourcedetails configrules source sourcedetails eventsource string output field configrules source sourcedetails eventsource configrules source sourcedetails messagetype string type of the resource configrules source sourcedetails maximumexecutionfrequency string output field configrules source sourcedetails maximumexecutionfrequency configrules source custompolicydetails object output field configrules source custompolicydetails configrules source custompolicydetails policyruntime string time value configrules source custompolicydetails policytext string output field configrules source custompolicydetails policytext configrules source custompolicydetails enabledebuglogdelivery boolean output field configrules source custompolicydetails enabledebuglogdelivery configrules inputparameters string parameters for the get rules action configrules maximumexecutionfrequency string output field configrules maximumexecutionfrequency output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"configrules" \[{}],"nexttoken" "axyz"}} list resources retrieve aws config discovered resources input argument name type required description resourcetype string required the type of resources that you want config to list in the response resourceids array optional the ids of only those resources that you want config to list in the response resourcename string optional the custom name of only those resources that you want config to list in the response limit number optional the maximum number of resource identifiers returned on each page includedeletedresources boolean optional specifies whether config includes deleted resources in the results by default, deleted resources are not included nexttoken string optional the nexttoken string returned on a previous page that you use to get the next page of results in a paginated response input example {"resourcetype" "aws ec2 customergateway","resourceids" \["string"],"resourcename" "string","limit" 123,"includedeletedresources"\ true,"nexttoken" "string"} output parameter type description status code number http status code of the response reason string response reason phrase resourceidentifiers array unique identifier resourceidentifiers resourcetype string unique identifier resourceidentifiers resourceid string unique identifier resourceidentifiers resourcename string unique identifier resourceidentifiers resourcedeletiontime string unique identifier nexttoken string output field nexttoken output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"resourceidentifiers" \[{}],"nexttoken" "abc123"}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt