GetResourceEvaluationSummary
Returns a summary of resource evaluation for the specified resource evaluation ID from the proactive rules that were run. The results indicate which evaluation context was used to evaluate the rules, which resource details were evaluated, the evaluation mode that was run, and whether the resource details comply with the configuration of the proactive rules.
Note
To see additional information about the evaluation result, such as which rule flagged a resource as NON_COMPLIANT, use the GetComplianceDetailsByResource API. For more information, see the Examples section.
Request Syntax
{
"ResourceEvaluationId": "string"
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- ResourceEvaluationId
-
The unique
ResourceEvaluationIdof AWS resource execution for which you want to retrieve the evaluation summary.Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Required: Yes
Response Syntax
{
"Compliance": "string",
"EvaluationContext": {
"EvaluationContextIdentifier": "string"
},
"EvaluationMode": "string",
"EvaluationStartTimestamp": number,
"EvaluationStatus": {
"FailureReason": "string",
"Status": "string"
},
"ResourceDetails": {
"ResourceConfiguration": "string",
"ResourceConfigurationSchemaType": "string",
"ResourceId": "string",
"ResourceType": "string"
},
"ResourceEvaluationId": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- Compliance
-
The compliance status of the resource evaluation summary.
Type: String
Valid Values:
COMPLIANT | NON_COMPLIANT | NOT_APPLICABLE | INSUFFICIENT_DATA - EvaluationContext
-
Returns an
EvaluationContextobject.Type: EvaluationContext object
- EvaluationMode
-
Lists results of the mode that you requested to retrieve the resource evaluation summary. The valid values are Detective or Proactive.
Type: String
Valid Values:
DETECTIVE | PROACTIVE - EvaluationStartTimestamp
-
The start timestamp when AWS Config rule starts evaluating compliance for the provided resource details.
Type: Timestamp
- EvaluationStatus
-
Returns an
EvaluationStatusobject.Type: EvaluationStatus object
- ResourceDetails
-
Returns a
ResourceDetailsobject.Type: ResourceDetails object
- ResourceEvaluationId
-
The unique
ResourceEvaluationIdof AWS resource execution for which you want to retrieve the evaluation summary.Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Errors
For information about the errors that are common to all actions, see Common Errors.
- ResourceNotFoundException
-
You have specified a resource that does not exist.
HTTP Status Code: 400
Examples
Example
To see additional information about the evaluation result, such as which rule flagged a resource as NON_COMPLIANT, use the GetComplianceDetailsByResource API. For example:
aws configservice get-compliance-details-by-resource --resource-evaluation-id MY-EVALUATION-ID { "EvaluationResults": [ { "EvaluationResultIdentifier": { "EvaluationResultQualifier": { "ConfigRuleName": "s3-bucket-logging-enabled", "ResourceType": "AWS::S3::Bucket", "ResourceId": "MY-RESOURCE-ID", "EvaluationMode": "PROACTIVE" }, "OrderingTimestamp": "2022-12-23T14:35:40.036000-05:00", "ResourceEvaluationId": "MY-EVALUATION-ID" }, "ComplianceType": "NON_COMPLIANT", "ResultRecordedTime": "2022-12-23T14:35:11.213000-05:00", "ConfigRuleInvokedTime": "2022-12-23T14:35:10.978000-05:00" } ] }
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
