Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Use DescribeComplianceByConfigRule with a CLI

PDF
RSS
Focus mode
Use DescribeComplianceByConfigRule with a CLI - AWS Config

The following code examples show how to use DescribeComplianceByConfigRule.

CLI
AWS CLI

To get compliance information for your AWS Config rules

The following command returns compliance information for each AWS Config rule that is violated by one or more AWS resources:

aws configservice describe-compliance-by-config-rule --compliance-types NON_COMPLIANT

In the output, the value for each CappedCount attribute indicates how many resources do not comply with the related rule. For example, the following output indicates that 3 resources do not comply with the rule named InstanceTypesAreT2micro.

Output:

{
    "ComplianceByConfigRules": [
        {
            "Compliance": {
                "ComplianceContributorCount": {
                    "CappedCount": 3,
                    "CapExceeded": false
                },
                "ComplianceType": "NON_COMPLIANT"
            },
            "ConfigRuleName": "InstanceTypesAreT2micro"
        },
        {
            "Compliance": {
                "ComplianceContributorCount": {
                    "CappedCount": 10,
                    "CapExceeded": false
                },
                "ComplianceType": "NON_COMPLIANT"
            },
            "ConfigRuleName": "RequiredTagsForVolumes"
        }
    ]
}
PowerShell
Tools for PowerShell

Example 1: This example retrieves compliances details for the rule ebs-optimized-instance, for which there is no current evaluation results for the rule, hence it returns INSUFFICIENT_DATA

(Get-CFGComplianceByConfigRule -ConfigRuleName ebs-optimized-instance).Compliance

Output:

ComplianceContributorCount ComplianceType
-------------------------- --------------
                           INSUFFICIENT_DATA

Example 2: This example returns the number of non-compliant resources for the rule ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK.

(Get-CFGComplianceByConfigRule -ConfigRuleName ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK -ComplianceType NON_COMPLIANT).Compliance.ComplianceContributorCount

Output:

CapExceeded CappedCount
----------- -----------
False       2
anchoranchor
AWS CLI

To get compliance information for your AWS Config rules

The following command returns compliance information for each AWS Config rule that is violated by one or more AWS resources:

aws configservice describe-compliance-by-config-rule --compliance-types NON_COMPLIANT

In the output, the value for each CappedCount attribute indicates how many resources do not comply with the related rule. For example, the following output indicates that 3 resources do not comply with the rule named InstanceTypesAreT2micro.

Output:

{
    "ComplianceByConfigRules": [
        {
            "Compliance": {
                "ComplianceContributorCount": {
                    "CappedCount": 3,
                    "CapExceeded": false
                },
                "ComplianceType": "NON_COMPLIANT"
            },
            "ConfigRuleName": "InstanceTypesAreT2micro"
        },
        {
            "Compliance": {
                "ComplianceContributorCount": {
                    "CappedCount": 10,
                    "CapExceeded": false
                },
                "ComplianceType": "NON_COMPLIANT"
            },
            "ConfigRuleName": "RequiredTagsForVolumes"
        }
    ]
}

For a complete list of AWS SDK developer guides and code examples, see Using AWS Config with an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.