Copyright	(c) 2013-2021 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay+amazonka@gmail.com>
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	None

Amazonka.Config.PutOrganizationConfigRule

Contents

Creating a Request
Request Lenses
Destructuring the Response
Response Lenses

Description

Adds or updates organization config rule for your entire organization evaluating whether your Amazon Web Services resources comply with your desired configurations.

Only a master account and a delegated administrator can create or update an organization config rule. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added.

This API enables organization service access through the EnableAWSServiceAccess action and creates a service linked role AWSServiceRoleForConfigMultiAccountSetup in the master or delegated administrator account of your organization. The service linked role is created only when the role does not exist in the caller account. Config verifies the existence of role with GetRole action.

To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization register-delegated-administrator for config-multiaccountsetup.amazonaws.com.

You can use this action to create both custom Config rules and Config managed rules. If you are adding a new custom Config rule, you must first create Lambda function in the master account or a delegated administrator that the rule invokes to evaluate your resources. You also need to create an IAM role in the managed-account that can be assumed by the Lambda function. When you use the PutOrganizationConfigRule action to add the rule to Config, you must specify the Amazon Resource Name (ARN) that Lambda assigns to the function. If you are adding an Config managed rule, specify the rule's identifier for the RuleIdentifier key.

The maximum number of organization config rules that Config supports is 150 and 3 delegated administrator per organization.

Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.

Specify either OrganizationCustomRuleMetadata or OrganizationManagedRuleMetadata.

Synopsis

Creating a Request

data PutOrganizationConfigRule Source #

See: newPutOrganizationConfigRule smart constructor.

Constructors

PutOrganizationConfigRule'

Fields

organizationManagedRuleMetadata :: Maybe OrganizationManagedRuleMetadata
An OrganizationManagedRuleMetadata object.
excludedAccounts :: Maybe [Text]
A comma-separated list of accounts that you want to exclude from an organization config rule.
organizationCustomRuleMetadata :: Maybe OrganizationCustomRuleMetadata
An OrganizationCustomRuleMetadata object.
organizationConfigRuleName :: Text
The name that you assign to an organization config rule.

Instances

Instances details

Eq PutOrganizationConfigRule Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Methods (==) :: PutOrganizationConfigRule -> PutOrganizationConfigRule -> Bool # (/=) :: PutOrganizationConfigRule -> PutOrganizationConfigRule -> Bool #
Read PutOrganizationConfigRule Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Methods readsPrec :: Int -> ReadS PutOrganizationConfigRule # readList :: ReadS [PutOrganizationConfigRule] # readPrec :: ReadPrec PutOrganizationConfigRule # readListPrec :: ReadPrec [PutOrganizationConfigRule] #
Show PutOrganizationConfigRule Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Methods showsPrec :: Int -> PutOrganizationConfigRule -> ShowS # show :: PutOrganizationConfigRule -> String # showList :: [PutOrganizationConfigRule] -> ShowS #
Generic PutOrganizationConfigRule Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Associated Types type Rep PutOrganizationConfigRule :: Type -> Type # Methods from :: PutOrganizationConfigRule -> Rep PutOrganizationConfigRule x # to :: Rep PutOrganizationConfigRule x -> PutOrganizationConfigRule #
NFData PutOrganizationConfigRule Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Methods rnf :: PutOrganizationConfigRule -> () #
Hashable PutOrganizationConfigRule Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Methods hashWithSalt :: Int -> PutOrganizationConfigRule -> Int # hash :: PutOrganizationConfigRule -> Int #
ToJSON PutOrganizationConfigRule Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Methods toJSON :: PutOrganizationConfigRule -> Value # toEncoding :: PutOrganizationConfigRule -> Encoding # toJSONList :: [PutOrganizationConfigRule] -> Value # toEncodingList :: [PutOrganizationConfigRule] -> Encoding #
AWSRequest PutOrganizationConfigRule Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Associated Types type AWSResponse PutOrganizationConfigRule # Methods request :: PutOrganizationConfigRule -> Request PutOrganizationConfigRule # response :: MonadResource m => Logger -> Service -> Proxy PutOrganizationConfigRule -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse PutOrganizationConfigRule))) #
ToHeaders PutOrganizationConfigRule Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Methods toHeaders :: PutOrganizationConfigRule -> [Header] #
ToPath PutOrganizationConfigRule Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Methods toPath :: PutOrganizationConfigRule -> ByteString #
ToQuery PutOrganizationConfigRule Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Methods toQuery :: PutOrganizationConfigRule -> QueryString #
type Rep PutOrganizationConfigRule Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule type Rep PutOrganizationConfigRule = D1 ('MetaData "PutOrganizationConfigRule" "Amazonka.Config.PutOrganizationConfigRule" "libZSservicesZSamazonka-configZSamazonka-config" 'False) (C1 ('MetaCons "PutOrganizationConfigRule'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "organizationManagedRuleMetadata") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe OrganizationManagedRuleMetadata)) :: S1 ('MetaSel ('Just "excludedAccounts") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [Text]))) :: (S1 ('MetaSel ('Just "organizationCustomRuleMetadata") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe OrganizationCustomRuleMetadata)) :*: S1 ('MetaSel ('Just "organizationConfigRuleName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))))
type AWSResponse PutOrganizationConfigRule Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule type AWSResponse PutOrganizationConfigRule = PutOrganizationConfigRuleResponse

newPutOrganizationConfigRule Source #

Arguments

:: Text	`$sel:organizationConfigRuleName:PutOrganizationConfigRule'`
-> PutOrganizationConfigRule

Create a value of PutOrganizationConfigRule with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:organizationManagedRuleMetadata:PutOrganizationConfigRule', putOrganizationConfigRule_organizationManagedRuleMetadata - An OrganizationManagedRuleMetadata object.

$sel:excludedAccounts:PutOrganizationConfigRule', putOrganizationConfigRule_excludedAccounts - A comma-separated list of accounts that you want to exclude from an organization config rule.

$sel:organizationCustomRuleMetadata:PutOrganizationConfigRule', putOrganizationConfigRule_organizationCustomRuleMetadata - An OrganizationCustomRuleMetadata object.

$sel:organizationConfigRuleName:PutOrganizationConfigRule', putOrganizationConfigRule_organizationConfigRuleName - The name that you assign to an organization config rule.

Request Lenses

putOrganizationConfigRule_organizationManagedRuleMetadata :: Lens' PutOrganizationConfigRule (Maybe OrganizationManagedRuleMetadata) Source #

An OrganizationManagedRuleMetadata object.

putOrganizationConfigRule_excludedAccounts :: Lens' PutOrganizationConfigRule (Maybe [Text]) Source #

A comma-separated list of accounts that you want to exclude from an organization config rule.

putOrganizationConfigRule_organizationCustomRuleMetadata :: Lens' PutOrganizationConfigRule (Maybe OrganizationCustomRuleMetadata) Source #

An OrganizationCustomRuleMetadata object.

putOrganizationConfigRule_organizationConfigRuleName :: Lens' PutOrganizationConfigRule Text Source #

The name that you assign to an organization config rule.

Destructuring the Response

data PutOrganizationConfigRuleResponse Source #

See: newPutOrganizationConfigRuleResponse smart constructor.

Constructors

PutOrganizationConfigRuleResponse'
Fields organizationConfigRuleArn :: Maybe Text The Amazon Resource Name (ARN) of an organization config rule. httpStatus :: Int The response's http status code.

Instances

Instances details

Eq PutOrganizationConfigRuleResponse Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Methods (==) :: PutOrganizationConfigRuleResponse -> PutOrganizationConfigRuleResponse -> Bool # (/=) :: PutOrganizationConfigRuleResponse -> PutOrganizationConfigRuleResponse -> Bool #
Read PutOrganizationConfigRuleResponse Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Methods readsPrec :: Int -> ReadS PutOrganizationConfigRuleResponse # readList :: ReadS [PutOrganizationConfigRuleResponse] # readPrec :: ReadPrec PutOrganizationConfigRuleResponse # readListPrec :: ReadPrec [PutOrganizationConfigRuleResponse] #
Show PutOrganizationConfigRuleResponse Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Methods showsPrec :: Int -> PutOrganizationConfigRuleResponse -> ShowS # show :: PutOrganizationConfigRuleResponse -> String # showList :: [PutOrganizationConfigRuleResponse] -> ShowS #
Generic PutOrganizationConfigRuleResponse Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Associated Types type Rep PutOrganizationConfigRuleResponse :: Type -> Type # Methods from :: PutOrganizationConfigRuleResponse -> Rep PutOrganizationConfigRuleResponse x # to :: Rep PutOrganizationConfigRuleResponse x -> PutOrganizationConfigRuleResponse #
NFData PutOrganizationConfigRuleResponse Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule Methods rnf :: PutOrganizationConfigRuleResponse -> () #
type Rep PutOrganizationConfigRuleResponse Source #
Instance details Defined in Amazonka.Config.PutOrganizationConfigRule type Rep PutOrganizationConfigRuleResponse = D1 ('MetaData "PutOrganizationConfigRuleResponse" "Amazonka.Config.PutOrganizationConfigRule" "libZSservicesZSamazonka-configZSamazonka-config" 'False) (C1 ('MetaCons "PutOrganizationConfigRuleResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "organizationConfigRuleArn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int)))

newPutOrganizationConfigRuleResponse Source #

Arguments

:: Int	`$sel:httpStatus:PutOrganizationConfigRuleResponse'`
-> PutOrganizationConfigRuleResponse

Create a value of PutOrganizationConfigRuleResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:organizationConfigRuleArn:PutOrganizationConfigRuleResponse', putOrganizationConfigRuleResponse_organizationConfigRuleArn - The Amazon Resource Name (ARN) of an organization config rule.

$sel:httpStatus:PutOrganizationConfigRuleResponse', putOrganizationConfigRuleResponse_httpStatus - The response's http status code.

Response Lenses

putOrganizationConfigRuleResponse_organizationConfigRuleArn :: Lens' PutOrganizationConfigRuleResponse (Maybe Text) Source #

The Amazon Resource Name (ARN) of an organization config rule.

putOrganizationConfigRuleResponse_httpStatus :: Lens' PutOrganizationConfigRuleResponse Int Source #

The response's http status code.