StartRemediationExecution
Runs an on-demand remediation for the specified AWS Config rules against the last known remediation configuration. It runs an execution against the current state of your resources. Remediation execution is asynchronous.
You can specify up to 100 resource keys per request. An existing StartRemediationExecution call for the specified resource keys must complete before you can call the API again.
Request Syntax
{
"ConfigRuleName": "string
",
"ResourceKeys": [
{
"resourceId": "string
",
"resourceType": "string
"
}
]
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- ConfigRuleName
-
The list of names of AWS Config rules that you want to run remediation execution for.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
.*\S.*
Required: Yes
- ResourceKeys
-
A list of resource keys to be processed with the current request. Each element in the list consists of the resource type and resource ID.
Type: Array of ResourceKey objects
Array Members: Minimum number of 1 item. Maximum number of 100 items.
Required: Yes
Response Syntax
{
"FailedItems": [
{
"resourceId": "string",
"resourceType": "string"
}
],
"FailureMessage": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- FailedItems
-
For resources that have failed to start execution, the API returns a resource key object.
Type: Array of ResourceKey objects
Array Members: Minimum number of 1 item. Maximum number of 100 items.
- FailureMessage
-
Returns a failure message. For example, the resource is already compliant.
Type: String
Errors
For information about the errors that are common to all actions, see Common Errors.
- InsufficientPermissionsException
-
Indicates one of the following errors:
-
For PutConfigRule, the rule cannot be created because the IAM role assigned to AWS Config lacks permissions to perform the config:Put* action.
-
For PutConfigRule, the AWS Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.
-
For PutOrganizationConfigRule, organization AWS Config rule cannot be created because you do not have permissions to call IAM
GetRole
action or create a service-linked role. -
For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because you do not have the following permissions:
-
You do not have permission to call IAM
GetRole
action or create a service-linked role. -
You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.
-
-
For PutServiceLinkedConfigurationRecorder, a service-linked configuration recorder cannot be created because you do not have the following permissions: IAM
CreateServiceLinkedRole
.
HTTP Status Code: 400
-
- InvalidParameterValueException
-
One or more of the specified parameters are not valid. Verify that your parameters are valid and try again.
HTTP Status Code: 400
- NoSuchRemediationConfigurationException
-
You specified an AWS Config rule without a remediation configuration.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: