[ aws . configservice ]

start-config-rules-evaluation

Description

Runs an on-demand evaluation for the specified AWS Config rules against the last known configuration state of the resources. Use StartConfigRulesEvaluation when you want to test that a rule you updated is working as expected. StartConfigRulesEvaluation does not re-record the latest configuration state for your resources. It re-runs an evaluation against the last known state of your resources.

You can specify up to 25 AWS Config rules per request.

An existing StartConfigRulesEvaluation call for the specified rules must complete before you can call the API again. If you chose to have AWS Config stream to an Amazon SNS topic, you will receive a ConfigRuleEvaluationStarted notification when the evaluation starts.

Note

You don’t need to call the StartConfigRulesEvaluation API to run an evaluation for a new rule. When you create a rule, AWS Config evaluates your resources against the rule automatically.

The StartConfigRulesEvaluation API is useful if you want to run on-demand evaluations, such as the following example:

  • You have a custom rule that evaluates your IAM resources every 24 hours.

  • You update your Lambda function to add additional conditions to your rule.

  • Instead of waiting for the next periodic evaluation, you call the StartConfigRulesEvaluation API.

  • AWS Config invokes your Lambda function and evaluates your IAM resources.

  • Your custom rule will still run periodic evaluations every 24 hours.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  start-config-rules-evaluation
[--config-rule-names <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--cli-auto-prompt <value>]

Options

--config-rule-names (list)

The list of names of AWS Config rules that you want to run evaluations for.

(string)

Syntax:

"string" "string" ...

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

--cli-auto-prompt (boolean) Automatically prompt for CLI input parameters.

See ‘aws help’ for descriptions of global parameters.

Examples

To run an on-demand evaluation for AWS Config rules

The following command starts an evaluation for two AWS managed rules:

aws configservice start-config-rules-evaluation --config-rule-names s3-bucket-versioning-enabled cloudtrail-enabled

Output

None