This documentation is for Version 1 of the Amazon CLI only. For documentation related to Version 2 of the Amazon CLI, see the Version 2 User Guide.
Amazon Config examples using Amazon CLI
The following code examples show you how to perform actions and implement common scenarios by using the Amazon Command Line Interface with Amazon Config.
Actions are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios.
Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.
Topics
Actions
The following code example shows how to use delete-config-rule
.
- Amazon CLI
-
To delete an Amazon Config rule
The following command deletes an Amazon Config rule named
MyConfigRule
:aws configservice delete-config-rule --config-rule-name
MyConfigRule
-
For API details, see DeleteConfigRule
in Amazon CLI Command Reference.
-
The following code example shows how to use delete-delivery-channel
.
- Amazon CLI
-
To delete a delivery channel
The following command deletes the default delivery channel:
aws configservice delete-delivery-channel --delivery-channel-name
default
-
For API details, see DeleteDeliveryChannel
in Amazon CLI Command Reference.
-
The following code example shows how to use delete-evaluation-results
.
- Amazon CLI
-
To manually delete evaluation results
The following command deletes the current evaluation results for the Amazon managed rule s3-bucket-versioning-enabled:
aws configservice delete-evaluation-results --config-rule-name
s3-bucket-versioning-enabled
-
For API details, see DeleteEvaluationResults
in Amazon CLI Command Reference.
-
The following code example shows how to use deliver-config-snapshot
.
- Amazon CLI
-
To deliver a configuration snapshot
The following command delivers a configuration snapshot to the Amazon S3 bucket that belongs to the default delivery channel:
aws configservice deliver-config-snapshot --delivery-channel-name
default
Output:
{ "configSnapshotId": "d0333b00-a683-44af-921e-examplefb794" }
-
For API details, see DeliverConfigSnapshot
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-compliance-by-config-rule
.
- Amazon CLI
-
To get compliance information for your Amazon Config rules
The following command returns compliance information for each Amazon Config rule that is violated by one or more Amazon resources:
aws configservice describe-compliance-by-config-rule --compliance-types
NON_COMPLIANT
In the output, the value for each
CappedCount
attribute indicates how many resources do not comply with the related rule. For example, the following output indicates that 3 resources do not comply with the rule namedInstanceTypesAreT2micro
.Output:
{ "ComplianceByConfigRules": [ { "Compliance": { "ComplianceContributorCount": { "CappedCount": 3, "CapExceeded": false }, "ComplianceType": "NON_COMPLIANT" }, "ConfigRuleName": "InstanceTypesAreT2micro" }, { "Compliance": { "ComplianceContributorCount": { "CappedCount": 10, "CapExceeded": false }, "ComplianceType": "NON_COMPLIANT" }, "ConfigRuleName": "RequiredTagsForVolumes" } ] }
-
For API details, see DescribeComplianceByConfigRule
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-compliance-by-resource
.
- Amazon CLI
-
To get compliance information for your Amazon resources
The following command returns compliance information for each EC2 instance that is recorded by Amazon Config and that violates one or more rules:
aws configservice describe-compliance-by-resource --resource-type
AWS::EC2::Instance
--compliance-typesNON_COMPLIANT
In the output, the value for each
CappedCount
attribute indicates how many rules the resource violates. For example, the following output indicates that instancei-1a2b3c4d
violates 2 rules.Output:
{ "ComplianceByResources": [ { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-1a2b3c4d", "Compliance": { "ComplianceContributorCount": { "CappedCount": 2, "CapExceeded": false }, "ComplianceType": "NON_COMPLIANT" } }, { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-2a2b3c4d ", "Compliance": { "ComplianceContributorCount": { "CappedCount": 3, "CapExceeded": false }, "ComplianceType": "NON_COMPLIANT" } } ] }
-
For API details, see DescribeComplianceByResource
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-config-rule-evaluation-status
.
- Amazon CLI
-
To get status information for an Amazon Config rule
The following command returns the status information for an Amazon Config rule named
MyConfigRule
:aws configservice describe-config-rule-evaluation-status --config-rule-names
MyConfigRule
Output:
{ "ConfigRulesEvaluationStatus": [ { "ConfigRuleArn": "arn:aws:config:us-east-1:123456789012:config-rule/config-rule-abcdef", "FirstActivatedTime": 1450311703.844, "ConfigRuleId": "config-rule-abcdef", "LastSuccessfulInvocationTime": 1450314643.156, "ConfigRuleName": "MyConfigRule" } ] }
-
For API details, see DescribeConfigRuleEvaluationStatus
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-config-rules
.
- Amazon CLI
-
To get details for an Amazon Config rule
The following command returns details for an Amazon Config rule named
InstanceTypesAreT2micro
:aws configservice describe-config-rules --config-rule-names
InstanceTypesAreT2micro
Output:
{ "ConfigRules": [ { "ConfigRuleState": "ACTIVE", "Description": "Evaluates whether EC2 instances are the t2.micro type.", "ConfigRuleName": "InstanceTypesAreT2micro", "ConfigRuleArn": "arn:aws:config:us-east-1:123456789012:config-rule/config-rule-abcdef", "Source": { "Owner": "CUSTOM_LAMBDA", "SourceIdentifier": "arn:aws:lambda:us-east-1:123456789012:function:InstanceTypeCheck", "SourceDetails": [ { "EventSource": "aws.config", "MessageType": "ConfigurationItemChangeNotification" } ] }, "InputParameters": "{\"desiredInstanceType\":\"t2.micro\"}", "Scope": { "ComplianceResourceTypes": [ "AWS::EC2::Instance" ] }, "ConfigRuleId": "config-rule-abcdef" } ] }
-
For API details, see DescribeConfigRules
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-configuration-recorder-status
.
- Amazon CLI
-
To get status information for the configuration recorder
The following command returns the status of the default configuration recorder:
aws configservice describe-configuration-recorder-status
Output:
{ "ConfigurationRecordersStatus": [ { "name": "default", "lastStatus": "SUCCESS", "recording": true, "lastStatusChangeTime": 1452193834.344, "lastStartTime": 1441039997.819, "lastStopTime": 1441039992.835 } ] }
-
For API details, see DescribeConfigurationRecorderStatus
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-configuration-recorders
.
- Amazon CLI
-
To get details about the configuration recorder
The following command returns details about the default configuration recorder:
aws configservice describe-configuration-recorders
Output:
{ "ConfigurationRecorders": [ { "recordingGroup": { "allSupported": true, "resourceTypes": [], "includeGlobalResourceTypes": true }, "roleARN": "arn:aws:iam::123456789012:role/config-ConfigRole-A1B2C3D4E5F6", "name": "default" } ] }
-
For API details, see DescribeConfigurationRecorders
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-delivery-channel-status
.
- Amazon CLI
-
To get status information for the delivery channel
The following command returns the status of the delivery channel:
aws configservice describe-delivery-channel-status
Output:
{ "DeliveryChannelsStatus": [ { "configStreamDeliveryInfo": { "lastStatusChangeTime": 1452193834.381, "lastStatus": "SUCCESS" }, "configHistoryDeliveryInfo": { "lastSuccessfulTime": 1450317838.412, "lastStatus": "SUCCESS", "lastAttemptTime": 1450317838.412 }, "configSnapshotDeliveryInfo": { "lastSuccessfulTime": 1452185597.094, "lastStatus": "SUCCESS", "lastAttemptTime": 1452185597.094 }, "name": "default" } ] }
-
For API details, see DescribeDeliveryChannelStatus
in Amazon CLI Command Reference.
-
The following code example shows how to use describe-delivery-channels
.
- Amazon CLI
-
To get details about the delivery channel
The following command returns details about the delivery channel:
aws configservice describe-delivery-channels
Output:
{ "DeliveryChannels": [ { "snsTopicARN": "arn:aws:sns:us-east-1:123456789012:config-topic", "name": "default", "s3BucketName": "config-bucket-123456789012" } ] }
-
For API details, see DescribeDeliveryChannels
in Amazon CLI Command Reference.
-
The following code example shows how to use get-compliance-details-by-config-rule
.
- Amazon CLI
-
To get the evaluation results for an Amazon Config rule
The following command returns the evaluation results for all of the resources that don't comply with an Amazon Config rule named
InstanceTypesAreT2micro
:aws configservice get-compliance-details-by-config-rule --config-rule-name
InstanceTypesAreT2micro
--compliance-typesNON_COMPLIANT
Output:
{ "EvaluationResults": [ { "EvaluationResultIdentifier": { "OrderingTimestamp": 1450314635.065, "EvaluationResultQualifier": { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-1a2b3c4d", "ConfigRuleName": "InstanceTypesAreT2micro" } }, "ResultRecordedTime": 1450314645.261, "ConfigRuleInvokedTime": 1450314642.948, "ComplianceType": "NON_COMPLIANT" }, { "EvaluationResultIdentifier": { "OrderingTimestamp": 1450314635.065, "EvaluationResultQualifier": { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-2a2b3c4d", "ConfigRuleName": "InstanceTypesAreT2micro" } }, "ResultRecordedTime": 1450314645.18, "ConfigRuleInvokedTime": 1450314642.902, "ComplianceType": "NON_COMPLIANT" }, { "EvaluationResultIdentifier": { "OrderingTimestamp": 1450314635.065, "EvaluationResultQualifier": { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-3a2b3c4d", "ConfigRuleName": "InstanceTypesAreT2micro" } }, "ResultRecordedTime": 1450314643.346, "ConfigRuleInvokedTime": 1450314643.124, "ComplianceType": "NON_COMPLIANT" } ] }
-
For API details, see GetComplianceDetailsByConfigRule
in Amazon CLI Command Reference.
-
The following code example shows how to use get-compliance-details-by-resource
.
- Amazon CLI
-
To get the evaluation results for an Amazon resource
The following command returns the evaluation results for each rule with which the EC2 instance
i-1a2b3c4d
does not comply:aws configservice get-compliance-details-by-resource --resource-type
AWS::EC2::Instance
--resource-idi-1a2b3c4d
--compliance-typesNON_COMPLIANT
Output:
{ "EvaluationResults": [ { "EvaluationResultIdentifier": { "OrderingTimestamp": 1450314635.065, "EvaluationResultQualifier": { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-1a2b3c4d", "ConfigRuleName": "InstanceTypesAreT2micro" } }, "ResultRecordedTime": 1450314643.288, "ConfigRuleInvokedTime": 1450314643.034, "ComplianceType": "NON_COMPLIANT" }, { "EvaluationResultIdentifier": { "OrderingTimestamp": 1450314635.065, "EvaluationResultQualifier": { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-1a2b3c4d", "ConfigRuleName": "RequiredTagForEC2Instances" } }, "ResultRecordedTime": 1450314645.261, "ConfigRuleInvokedTime": 1450314642.948, "ComplianceType": "NON_COMPLIANT" } ] }
-
For API details, see GetComplianceDetailsByResource
in Amazon CLI Command Reference.
-
The following code example shows how to use get-compliance-summary-by-config-rule
.
- Amazon CLI
-
To get the compliance summary for your Amazon Config rules
The following command returns the number of rules that are compliant and the number that are noncompliant:
aws configservice get-compliance-summary-by-config-rule
In the output, the value for each
CappedCount
attribute indicates how many rules are compliant or noncompliant.Output:
{ "ComplianceSummary": { "NonCompliantResourceCount": { "CappedCount": 3, "CapExceeded": false }, "ComplianceSummaryTimestamp": 1452204131.493, "CompliantResourceCount": { "CappedCount": 2, "CapExceeded": false } } }
-
For API details, see GetComplianceSummaryByConfigRule
in Amazon CLI Command Reference.
-
The following code example shows how to use get-compliance-summary-by-resource-type
.
- Amazon CLI
-
To get the compliance summary for all resource types
The following command returns the number of Amazon resources that are noncompliant and the number that are compliant:
aws configservice get-compliance-summary-by-resource-type
In the output, the value for each
CappedCount
attribute indicates how many resources are compliant or noncompliant.Output:
{ "ComplianceSummariesByResourceType": [ { "ComplianceSummary": { "NonCompliantResourceCount": { "CappedCount": 16, "CapExceeded": false }, "ComplianceSummaryTimestamp": 1453237464.543, "CompliantResourceCount": { "CappedCount": 10, "CapExceeded": false } } } ] }
To get the compliance summary for a specific resource type
The following command returns the number of EC2 instances that are noncompliant and the number that are compliant:
aws configservice get-compliance-summary-by-resource-type --resource-types
AWS::EC2::Instance
In the output, the value for each
CappedCount
attribute indicates how many resources are compliant or noncompliant.Output:
{ "ComplianceSummariesByResourceType": [ { "ResourceType": "AWS::EC2::Instance", "ComplianceSummary": { "NonCompliantResourceCount": { "CappedCount": 3, "CapExceeded": false }, "ComplianceSummaryTimestamp": 1452204923.518, "CompliantResourceCount": { "CappedCount": 7, "CapExceeded": false } } } ] }
-
For API details, see GetComplianceSummaryByResourceType
in Amazon CLI Command Reference.
-
The following code example shows how to use get-resource-config-history
.
- Amazon CLI
-
To get the configuration history of an Amazon resource
The following command returns a list of configuration items for an EC2 instance with an ID of
i-1a2b3c4d
:aws configservice get-resource-config-history --resource-type
AWS::EC2::Instance
--resource-idi-1a2b3c4d
-
For API details, see GetResourceConfigHistory
in Amazon CLI Command Reference.
-
The following code example shows how to use get-status
.
- Amazon CLI
-
To get the status for Amazon Config
The following command returns the status of the delivery channel and configuration recorder:
aws configservice get-status
Output:
Configuration Recorders: name: default recorder: ON last status: SUCCESS Delivery Channels: name: default last stream delivery status: SUCCESS last history delivery status: SUCCESS last snapshot delivery status: SUCCESS
-
For API details, see GetStatus
in Amazon CLI Command Reference.
-
The following code example shows how to use list-discovered-resources
.
- Amazon CLI
-
To list resources that Amazon Config has discovered
The following command lists the EC2 instances that Amazon Config has discovered:
aws configservice list-discovered-resources --resource-type
AWS::EC2::Instance
Output:
{ "resourceIdentifiers": [ { "resourceType": "AWS::EC2::Instance", "resourceId": "i-1a2b3c4d" }, { "resourceType": "AWS::EC2::Instance", "resourceId": "i-2a2b3c4d" }, { "resourceType": "AWS::EC2::Instance", "resourceId": "i-3a2b3c4d" } ] }
-
For API details, see ListDiscoveredResources
in Amazon CLI Command Reference.
-
The following code example shows how to use put-config-rule
.
- Amazon CLI
-
To add an Amazon managed Config rule
The following command provides JSON code to add an Amazon managed Config rule:
aws configservice put-config-rule --config-rule
file://RequiredTagsForEC2Instances.json
RequiredTagsForEC2Instances.json
is a JSON file that contains the rule configuration:{ "ConfigRuleName": "RequiredTagsForEC2Instances", "Description": "Checks whether the CostCenter and Owner tags are applied to EC2 instances.", "Scope": { "ComplianceResourceTypes": [ "AWS::EC2::Instance" ] }, "Source": { "Owner": "AWS", "SourceIdentifier": "REQUIRED_TAGS" }, "InputParameters": "{\"tag1Key\":\"CostCenter\",\"tag2Key\":\"Owner\"}" }
For the
ComplianceResourceTypes
attribute, this JSON code limits the scope to resources of theAWS::EC2::Instance
type, so Amazon Config will evaluate only EC2 instances against the rule. Because the rule is a managed rule, theOwner
attribute is set toAWS
, and theSourceIdentifier
attribute is set to the rule identifier,REQUIRED_TAGS
. For theInputParameters
attribute, the tag keys that the rule requires,CostCenter
andOwner
, are specified.If the command succeeds, Amazon Config returns no output. To verify the rule configuration, run the describe-config-rules command, and specify the rule name.
To add a customer managed Config rule
The following command provides JSON code to add a customer managed Config rule:
aws configservice put-config-rule --config-rule
file://InstanceTypesAreT2micro.json
InstanceTypesAreT2micro.json
is a JSON file that contains the rule configuration:{ "ConfigRuleName": "InstanceTypesAreT2micro", "Description": "Evaluates whether EC2 instances are the t2.micro type.", "Scope": { "ComplianceResourceTypes": [ "AWS::EC2::Instance" ] }, "Source": { "Owner": "CUSTOM_LAMBDA", "SourceIdentifier": "arn:aws:lambda:us-east-1:123456789012:function:InstanceTypeCheck", "SourceDetails": [ { "EventSource": "aws.config", "MessageType": "ConfigurationItemChangeNotification" } ] }, "InputParameters": "{\"desiredInstanceType\":\"t2.micro\"}" }
For the
ComplianceResourceTypes
attribute, this JSON code limits the scope to resources of theAWS::EC2::Instance
type, so Amazon Config will evaluate only EC2 instances against the rule. Because this rule is a customer managed rule, theOwner
attribute is set toCUSTOM_LAMBDA
, and theSourceIdentifier
attribute is set to the ARN of the Amazon Lambda function. TheSourceDetails
object is required. The parameters that are specified for theInputParameters
attribute are passed to the Amazon Lambda function when Amazon Config invokes it to evaluate resources against the rule.If the command succeeds, Amazon Config returns no output. To verify the rule configuration, run the describe-config-rules command, and specify the rule name.
-
For API details, see PutConfigRule
in Amazon CLI Command Reference.
-
The following code example shows how to use put-configuration-recorder
.
- Amazon CLI
-
Example 1: To record all supported resources
The following command creates a configuration recorder that tracks changes to all supported resource types, including global resource types:
aws configservice put-configuration-recorder \ --configuration-recorder
name=default,roleARN=arn:aws:iam::123456789012:role/config-role
\ --recording-groupallSupported=true,includeGlobalResourceTypes=true
If the command succeeds, Amazon Config returns no output. To verify the settings of your configuration recorder, run the describe-configuration-recorders command.
Example 2: To record specific types of resources
The following command creates a configuration recorder that tracks changes to only those types of resources that are specified in the JSON file for the --recording-group option:
aws configservice put-configuration-recorder \ --configuration-recorder
name=default,roleARN=arn:aws:iam::123456789012:role/config-role
\ --recording-groupfile://recordingGroup.json
recordingGroup.json is a JSON file that specifies the types of resources that Amazon Config will record:
{ "allSupported": false, "includeGlobalResourceTypes": false, "resourceTypes": [ "AWS::EC2::EIP", "AWS::EC2::Instance", "AWS::EC2::NetworkAcl", "AWS::EC2::SecurityGroup", "AWS::CloudTrail::Trail", "AWS::EC2::Volume", "AWS::EC2::VPC", "AWS::IAM::User", "AWS::IAM::Policy" ] }
Before you can specify resource types for the resourceTypes key, you must set the allSupported and includeGlobalResourceTypes options to false or omit them.
If the command succeeds, Amazon Config returns no output. To verify the settings of your configuration recorder, run the describe-configuration-recorders command.
Example 3: To select all supported resources excluding specific types of resources
The following command creates a configuration recorder that tracks changes to all current and future supported resource types excluding those types of resources that are specified in the JSON file for the --recording-group option:
aws configservice put-configuration-recorder \ --configuration-recorder
name=default,roleARN=arn:aws:iam::123456789012:role/config-role
\ --recording-groupfile://recordingGroup.json
recordingGroup.json is a JSON file that specifies the types of resources that Amazon Config will record:
{ "allSupported": false, "exclusionByResourceTypes": { "resourceTypes": [ "AWS::Redshift::ClusterSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::CloudFront::StreamingDistribution" ] }, "includeGlobalResourceTypes": false, "recordingStrategy": { "useOnly": "EXCLUSION_BY_RESOURCE_TYPES" }, }
Before you can specify resource types to excluding from recording: 1) You must set the allSupported and includeGlobalResourceTypes options to false or omit them, and 2) You must set the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES.
If the command succeeds, Amazon Config returns no output. To verify the settings of your configuration recorder, run the describe-configuration-recorders command.
-
For API details, see PutConfigurationRecorder
in Amazon CLI Command Reference.
-
The following code example shows how to use put-delivery-channel
.
- Amazon CLI
-
To create a delivery channel
The following command provides the settings for the delivery channel as JSON code:
aws configservice put-delivery-channel --delivery-channel
file://deliveryChannel.json
The
deliveryChannel.json
file specifies the delivery channel attributes:{ "name": "default", "s3BucketName": "config-bucket-123456789012", "snsTopicARN": "arn:aws:sns:us-east-1:123456789012:config-topic", "configSnapshotDeliveryProperties": { "deliveryFrequency": "Twelve_Hours" } }
This example sets the following attributes:
name
- The name of the delivery channel. By default, Amazon Config assigns the namedefault
to a new delivery channel.You cannot update the delivery channel name with theput-delivery-channel
command. For the steps to change the name, see Renaming the Delivery Channel.s3BucketName
- The name of the Amazon S3 bucket to which Amazon Config delivers configuration snapshots and configuration history files.If you specify a bucket that belongs to another Amazon account, that bucket must have policies that grant access permissions to Amazon Config. For more information, see Permissions for the Amazon S3 Bucket.snsTopicARN
- The Amazon Resource Name (ARN) of the Amazon SNS topic to which Amazon Config sends notifications about configuration changes.If you choose a topic from another account, the topic must have policies that grant access permissions to Amazon Config. For more information, see Permissions for the Amazon SNS Topic.configSnapshotDeliveryProperties
- Contains thedeliveryFrequency
attribute, which sets how often Amazon Config delivers configuration snapshots and how often it invokes evaluations for periodic Config rules.If the command succeeds, Amazon Config returns no output. To verify the settings of your delivery channel, run the describe-delivery-channels command.
-
For API details, see PutDeliveryChannel
in Amazon CLI Command Reference.
-
The following code example shows how to use start-config-rules-evaluation
.
- Amazon CLI
-
To run an on-demand evaluation for Amazon Config rules
The following command starts an evaluation for two Amazon managed rules:
aws configservice start-config-rules-evaluation --config-rule-names
s3-bucket-versioning-enabled
cloudtrail-enabled
-
For API details, see StartConfigRulesEvaluation
in Amazon CLI Command Reference.
-
The following code example shows how to use start-configuration-recorder
.
- Amazon CLI
-
To start the configuration recorder
The following command starts the default configuration recorder:
aws configservice start-configuration-recorder --configuration-recorder-name
default
If the command succeeds, Amazon Config returns no output. To verify that Amazon Config is recording your resources, run the get-status command.
-
For API details, see StartConfigurationRecorder
in Amazon CLI Command Reference.
-
The following code example shows how to use stop-configuration-recorder
.
- Amazon CLI
-
To stop the configuration recorder
The following command stops the default configuration recorder:
aws configservice stop-configuration-recorder --configuration-recorder-name
default
If the command succeeds, Amazon Config returns no output. To verify that Amazon Config is not recording your resources, run the get-status command.
-
For API details, see StopConfigurationRecorder
in Amazon CLI Command Reference.
-
The following code example shows how to use subscribe
.
- Amazon CLI
-
To subscribe to Amazon Config
The following command creates the default delivery channel and configuration recorder. The command also specifies the Amazon S3 bucket and Amazon SNS topic to which Amazon Config will deliver configuration information:
aws configservice subscribe --s3-bucket
config-bucket-123456789012
--sns-topicarn:aws:sns:us-east-1:123456789012:config-topic
--iam-rolearn:aws:iam::123456789012:role/ConfigRole-A1B2C3D4E5F6
Output:
Using existing S3 bucket: config-bucket-123456789012 Using existing SNS topic: arn:aws:sns:us-east-1:123456789012:config-topic Subscribe succeeded: Configuration Recorders: [ { "recordingGroup": { "allSupported": true, "resourceTypes": [], "includeGlobalResourceTypes": false }, "roleARN": "arn:aws:iam::123456789012:role/ConfigRole-A1B2C3D4E5F6", "name": "default" } ] Delivery Channels: [ { "snsTopicARN": "arn:aws:sns:us-east-1:123456789012:config-topic", "name": "default", "s3BucketName": "config-bucket-123456789012" } ]
-
For API details, see Subscribe
in Amazon CLI Command Reference.
-