Syntax Properties Return values Examples

AWS::Config::RemediationConfiguration

An object that represents the details about the remediation configuration that includes the remediation action, parameters, and data to execute the action.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::Config::RemediationConfiguration",
  "Properties" : {
      "Automatic" : Boolean,
      "ConfigRuleName" : String,
      "ExecutionControls" : ExecutionControls,
      "MaximumAutomaticAttempts" : Integer,
      "Parameters" : {Key: Value, ...},
      "ResourceType" : String,
      "RetryAttemptSeconds" : Integer,
      "TargetId" : String,
      "TargetType" : String,
      "TargetVersion" : String
    }
}

YAML


Type: AWS::Config::RemediationConfiguration
Properties:
  Automatic: Boolean
  ConfigRuleName: String
  ExecutionControls: 
    ExecutionControls
  MaximumAutomaticAttempts: Integer
  Parameters: 
    Key: Value
  ResourceType: String
  RetryAttemptSeconds: Integer
  TargetId: String
  TargetType: String
  TargetVersion: String

Properties

Automatic

The remediation is triggered automatically.

Required: No

Type: Boolean

Update requires: No interruption

ConfigRuleName

The name of the AWS Config rule.

Required: Yes

Type: String

Pattern: .*\S.*

Minimum: 1

Maximum: 128

Update requires: Replacement

ExecutionControls

An ExecutionControls object.

Required: No

Type: ExecutionControls

Update requires: No interruption

MaximumAutomaticAttempts

The maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.

For example, if you specify MaximumAutomaticAttempts as 5 with RetryAttemptSeconds as 50 seconds, AWS Config will put a RemediationException on your behalf for the failing resource after the 5th failed attempt within 50 seconds.

Required: No

Type: Integer

Minimum: 1

Maximum: 25

Update requires: No interruption

Parameters

An object of the RemediationParameterValue. For more information, see RemediationParameterValue.

Note

The type is a map of strings to RemediationParameterValue.

Required: No

Type: Object of RemediationParameterValue

Update requires: No interruption

ResourceType

The type of a resource.

Required: No

Type: String

Update requires: No interruption

RetryAttemptSeconds

Time window to determine whether or not to add a remediation exception to prevent infinite remediation attempts. If MaximumAutomaticAttempts remediation attempts have been made under RetryAttemptSeconds, a remediation exception will be added to the resource. If you do not select a number, the default is 60 seconds.

For example, if you specify RetryAttemptSeconds as 50 seconds and MaximumAutomaticAttempts as 5, AWS Config will run auto-remediations 5 times within 50 seconds before adding a remediation exception to the resource.

Required: No

Type: Integer

Update requires: No interruption

TargetId

Target ID is the name of the SSM document.

Required: Yes

Type: String

Minimum: 1

Maximum: 256

Update requires: No interruption

TargetType

The type of the target. Target executes remediation. For example, SSM document.

Required: Yes

Type: String

Allowed values: SSM_DOCUMENT

Update requires: No interruption

TargetVersion

Version of the target. For example, version of the SSM document.

Note

If you make backward incompatible changes to the SSM document, you must call PutRemediationConfiguration API again to ensure the remediations can run.

Required: No

Type: String

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the remediation action with the associated SSM document.

For more information about using the Ref function, see Ref.

Fn::GetAtt

Examples

Remeditation Configuration

The following example creates a remediation configuration using AWS Systems Manager document.

JSON


{
    "BasicRemediationConfiguration": {
        "Type": "AWS::Config::RemediationConfiguration",
        "Properties": {
            "ConfigRuleName": "configRuleName",
            "Parameters": {
                "AutomationAssumeRole": {
                    "StaticValue": {
                        "Values": [
                            "automationAssumeRole"
                        ]
                    }
                },
                "InstanceId": {
                    "StaticValue": {
                        "Values": [
                            "instanceId"
                        ]
                    }
                }
            },
            "TargetId": "AWS-StartEC2Instance",
            "TargetType": "SSM_DOCUMENT",
            "TargetVersion": "1"
        }
    }
}

YAML


BasicRemediationConfiguration:
    Type: "AWS::Config::RemediationConfiguration"
    Properties:
        ConfigRuleName: configRuleName
        Parameters:
            AutomationAssumeRole:
                StaticValue:
                    Values: 
                    - automationAssumeRole
            InstanceId:
                StaticValue:
                    Values:
                        - instanceId
        TargetId: "AWS-StartEC2Instance"
        TargetType: "SSM_DOCUMENT"
        TargetVersion: "1"

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ConformancePackInputParameter

ExecutionControls