PutRemediationExceptions
A remediation exception is when a specific resource is no longer considered for auto-remediation. This API adds a new exception or updates an existing exception for a specific resource with a specific Amazon Config rule.
Amazon Config generates a remediation exception when a problem occurs executing a remediation action to a specific resource. Remediation exceptions blocks auto-remediation until the exception is cleared.
To place an exception on an Amazon resource, ensure remediation is set as manual remediation.
Request Syntax
{
"ConfigRuleName": "string
",
"ExpirationTime": number
,
"Message": "string
",
"ResourceKeys": [
{
"ResourceId": "string
",
"ResourceType": "string
"
}
]
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- ConfigRuleName
-
The name of the Amazon Config rule for which you want to create remediation exception.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
.*\S.*
Required: Yes
- ExpirationTime
-
The exception is automatically deleted after the expiration date.
Type: Timestamp
Required: No
- Message
-
The message contains an explanation of the exception.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: No
- ResourceKeys
-
An exception list of resource exception keys to be processed with the current request. Amazon Config adds exception for each resource key. For example, Amazon Config adds 3 exceptions for 3 resource keys.
Type: Array of RemediationExceptionResourceKey objects
Array Members: Minimum number of 1 item. Maximum number of 100 items.
Required: Yes
Response Syntax
{
"FailedBatches": [
{
"FailedItems": [
{
"ConfigRuleName": "string",
"ExpirationTime": number,
"Message": "string",
"ResourceId": "string",
"ResourceType": "string"
}
],
"FailureMessage": "string"
}
]
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- FailedBatches
-
Returns a list of failed remediation exceptions batch objects. Each object in the batch consists of a list of failed items and failure messages.
Type: Array of FailedRemediationExceptionBatch objects
Errors
For information about the errors that are common to all actions, see Common Errors.
- InsufficientPermissionsException
-
Indicates one of the following errors:
-
For PutConfigRule, the rule cannot be created because the IAM role assigned to Amazon Config lacks permissions to perform the config:Put* action.
-
For PutConfigRule, the Amazon Lambda function cannot be invoked. Check the function ARN, and check the function's permissions.
-
For PutOrganizationConfigRule, organization Amazon Config rule cannot be created because you do not have permissions to call IAM
GetRole
action or create a service-linked role. -
For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because you do not have the following permissions:
-
You do not have permission to call IAM
GetRole
action or create a service-linked role. -
You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.
-
HTTP Status Code: 400
-
- InvalidParameterValueException
-
One or more of the specified parameters are not valid. Verify that your parameters are valid and try again.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: