ConfigService / Client / get_conformance_pack_compliance_details

get_conformance_pack_compliance_details#

ConfigService.Client.get_conformance_pack_compliance_details(**kwargs)#

Returns compliance details of a conformance pack for all Amazon Web Services resources that are monitered by conformance pack.

See also: AWS API Documentation

Request Syntax

response = client.get_conformance_pack_compliance_details(
    ConformancePackName='string',
    Filters={
        'ConfigRuleNames': [
            'string',
        ],
        'ComplianceType': 'COMPLIANT'|'NON_COMPLIANT'|'INSUFFICIENT_DATA',
        'ResourceType': 'string',
        'ResourceIds': [
            'string',
        ]
    },
    Limit=123,
    NextToken='string'
)
Parameters:
  • ConformancePackName (string) –

    [REQUIRED]

    Name of the conformance pack.

  • Filters (dict) –

    A ConformancePackEvaluationFilters object.

    • ConfigRuleNames (list) –

      Filters the results by Config rule names.

      • (string) –

    • ComplianceType (string) –

      Filters the results by compliance.

      The allowed values are COMPLIANT and NON_COMPLIANT. INSUFFICIENT_DATA is not supported.

    • ResourceType (string) –

      Filters the results by the resource type (for example, "AWS::EC2::Instance").

    • ResourceIds (list) –

      Filters the results by resource IDs.

      Note

      This is valid only when you provide resource type. If there is no resource type, you will see an error.

      • (string) –

  • Limit (integer) – The maximum number of evaluation results returned on each page. If you do no specify a number, Config uses the default. The default is 100.

  • NextToken (string) – The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.

Return type:

dict

Returns:

Response Syntax

{
    'ConformancePackName': 'string',
    'ConformancePackRuleEvaluationResults': [
        {
            'ComplianceType': 'COMPLIANT'|'NON_COMPLIANT'|'INSUFFICIENT_DATA',
            'EvaluationResultIdentifier': {
                'EvaluationResultQualifier': {
                    'ConfigRuleName': 'string',
                    'ResourceType': 'string',
                    'ResourceId': 'string',
                    'EvaluationMode': 'DETECTIVE'|'PROACTIVE'
                },
                'OrderingTimestamp': datetime(2015, 1, 1),
                'ResourceEvaluationId': 'string'
            },
            'ConfigRuleInvokedTime': datetime(2015, 1, 1),
            'ResultRecordedTime': datetime(2015, 1, 1),
            'Annotation': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) –

    • ConformancePackName (string) –

      Name of the conformance pack.

    • ConformancePackRuleEvaluationResults (list) –

      Returns a list of ConformancePackEvaluationResult objects.

      • (dict) –

        The details of a conformance pack evaluation. Provides Config rule and Amazon Web Services resource type that was evaluated, the compliance of the conformance pack, related time stamps, and supplementary information.

        • ComplianceType (string) –

          The compliance type. The allowed values are COMPLIANT and NON_COMPLIANT. INSUFFICIENT_DATA is not supported.

        • EvaluationResultIdentifier (dict) –

          Uniquely identifies an evaluation result.

          • EvaluationResultQualifier (dict) –

            Identifies an Config rule used to evaluate an Amazon Web Services resource, and provides the type and ID of the evaluated resource.

            • ConfigRuleName (string) –

              The name of the Config rule that was used in the evaluation.

            • ResourceType (string) –

              The type of Amazon Web Services resource that was evaluated.

            • ResourceId (string) –

              The ID of the evaluated Amazon Web Services resource.

            • EvaluationMode (string) –

              The mode of an evaluation. The valid values are Detective or Proactive.

          • OrderingTimestamp (datetime) –

            The time of the event that triggered the evaluation of your Amazon Web Services resources. The time can indicate when Config delivered a configuration item change notification, or it can indicate when Config delivered the configuration snapshot, depending on which event triggered the evaluation.

          • ResourceEvaluationId (string) –

            A Unique ID for an evaluation result.

        • ConfigRuleInvokedTime (datetime) –

          The time when Config rule evaluated Amazon Web Services resource.

        • ResultRecordedTime (datetime) –

          The time when Config recorded the evaluation result.

        • Annotation (string) –

          Supplementary information about how the evaluation determined the compliance.

    • NextToken (string) –

      The nextToken string returned in a previous request that you use to request the next page of results in a paginated response.

Exceptions