PutServiceLinkedConfigurationRecorder
Creates a service-linked configuration recorder that is linked to a specific AWS service based on the ServicePrincipal you specify.
The configuration recorder's name, recordingGroup, recordingMode, and recordingScope is set by the service that is linked to the configuration recorder.
For more information, see Working with the Configuration Recorder in the AWS Config Developer Guide.
This API creates a service-linked role AWSServiceRoleForConfig in your account. The service-linked role is created only when the role does not exist in your account.
Note
The recording scope determines if you receive configuration items
The recording scope is set by the service that is linked to the configuration recorder and determines whether you receive configuration items (CIs) in the delivery channel. If the recording scope is internal, you will not receive CIs in the delivery channel.
Tags are added at creation and cannot be updated with this operation
Use TagResource and UntagResource to update tags after creation.
Request Syntax
{
"ServicePrincipal": "string",
"Tags": [
{
"Key": "string",
"Value": "string"
}
]
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- ServicePrincipal
-
The service principal of the AWS service for the service-linked configuration recorder that you want to create.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[\w+=,.@-]+Required: Yes
- Tags
-
The tags for a service-linked configuration recorder. Each tag consists of a key and an optional value, both of which you define.
Type: Array of Tag objects
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Required: No
Response Syntax
{
"Arn": "string",
"Name": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- Arn
-
The Amazon Resource Name (ARN) of the specified configuration recorder.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1000.
- Name
-
The name of the specified configuration recorder.
For service-linked configuration recorders, AWS Config automatically assigns a name that has the prefix "
AWS" to the new service-linked configuration recorder.Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Errors
For information about the errors that are common to all actions, see Common Errors.
- ConflictException
-
For PutServiceLinkedConfigurationRecorder, you cannot create a service-linked recorder because a service-linked recorder already exists for the specified service.
For DeleteServiceLinkedConfigurationRecorder, you cannot delete the service-linked recorder because it is currently in use by the linked AWS service.
For DeleteDeliveryChannel, you cannot delete the specified delivery channel because the customer managed configuration recorder is running. Use the StopConfigurationRecorder operation to stop the customer managed configuration recorder.
For AssociateResourceTypes and DisassociateResourceTypes, one of the following errors:
-
For service-linked configuration recorders, the configuration recorder is not in use by the service. No association or dissociation of resource types is permitted.
-
For service-linked configuration recorders, your requested change to the configuration recorder has been denied by its linked AWS service.
HTTP Status Code: 400
-
- InsufficientPermissionsException
-
Indicates one of the following errors:
-
For PutConfigRule, the rule cannot be created because the IAM role assigned to AWS Config lacks permissions to perform the config:Put* action.
-
For PutConfigRule, the AWS Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.
-
For PutOrganizationConfigRule, organization AWS Config rule cannot be created because you do not have permissions to call IAM
GetRoleaction or create a service-linked role. -
For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because you do not have the following permissions:
-
You do not have permission to call IAM
GetRoleaction or create a service-linked role. -
You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.
-
-
For PutServiceLinkedConfigurationRecorder, a service-linked configuration recorder cannot be created because you do not have the following permissions: IAM
CreateServiceLinkedRole.
HTTP Status Code: 400
-
- LimitExceededException
-
For
PutServiceLinkedConfigurationRecorderAPI, this exception is thrown if the number of service-linked roles in the account exceeds the limit.For
StartConfigRulesEvaluationAPI, this exception is thrown if an evaluation is in progress or if you call the StartConfigRulesEvaluation API more than once per minute.For
PutConfigurationAggregatorAPI, this exception is thrown if the number of accounts and aggregators exceeds the limit.HTTP Status Code: 400
- ValidationException
-
The requested operation is not valid. You will see this exception if there are missing required fields or if the input value fails the validation.
For PutStoredQuery, one of the following errors:
-
There are missing required fields.
-
The input value fails the validation.
-
You are trying to create more than 300 queries.
For DescribeConfigurationRecorders and DescribeConfigurationRecorderStatus, one of the following errors:
-
You have specified more than one configuration recorder.
-
You have provided a service principal for service-linked configuration recorder that is not valid.
For AssociateResourceTypes and DisassociateResourceTypes, one of the following errors:
-
Your configuraiton recorder has a recording strategy that does not allow the association or disassociation of resource types.
-
One or more of the specified resource types are already associated or disassociated with the configuration recorder.
-
For service-linked configuration recorders, the configuration recorder does not record one or more of the specified resource types.
HTTP Status Code: 400
-
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
