putOrganizationConfigRule method
- required String organizationConfigRuleName,
- List<
String> ? excludedAccounts, - OrganizationCustomRuleMetadata? organizationCustomRuleMetadata,
- OrganizationManagedRuleMetadata? organizationManagedRuleMetadata,
Adds or updates organization config rule for your entire organization evaluating whether your AWS resources comply with your desired configurations.
Only a master account and a delegated administrator can create or update
an organization config rule. When calling this API with a delegated
administrator, you must ensure AWS Organizations
ListDelegatedAdministrator permissions are added.
This API enables organization service access through the
EnableAWSServiceAccess action and creates a service linked
role AWSServiceRoleForConfigMultiAccountSetup in the master
or delegated administrator account of your organization. The service
linked role is created only when the role does not exist in the caller
account. AWS Config verifies the existence of role with
GetRole action.
To use this API with delegated administrator, register a delegated
administrator by calling AWS Organization
register-delegated-administrator for
config-multiaccountsetup.amazonaws.com.
You can use this action to create both custom AWS Config rules and AWS
managed Config rules. If you are adding a new custom AWS Config rule, you
must first create AWS Lambda function in the master account or a delegated
administrator that the rule invokes to evaluate your resources. When you
use the PutOrganizationConfigRule action to add the rule to
AWS Config, you must specify the Amazon Resource Name (ARN) that AWS
Lambda assigns to the function. If you are adding an AWS managed Config
rule, specify the rule's identifier for the RuleIdentifier
key.
The maximum number of organization config rules that AWS Config supports is 150 and 3 delegated administrator per organization.
Specify either OrganizationCustomRuleMetadata or
OrganizationManagedRuleMetadata.
May throw MaxNumberOfOrganizationConfigRulesExceededException. May throw ResourceInUseException. May throw InvalidParameterValueException. May throw ValidationException. May throw OrganizationAccessDeniedException. May throw NoAvailableOrganizationException. May throw OrganizationAllFeaturesNotEnabledException. May throw InsufficientPermissionsException.
Parameter organizationConfigRuleName :
The name that you assign to an organization config rule.
Parameter excludedAccounts :
A comma-separated list of accounts that you want to exclude from an
organization config rule.
Parameter organizationCustomRuleMetadata :
An OrganizationCustomRuleMetadata object.
Parameter organizationManagedRuleMetadata :
An OrganizationManagedRuleMetadata object.
Implementation
Future<PutOrganizationConfigRuleResponse> putOrganizationConfigRule({
required String organizationConfigRuleName,
List<String>? excludedAccounts,
OrganizationCustomRuleMetadata? organizationCustomRuleMetadata,
OrganizationManagedRuleMetadata? organizationManagedRuleMetadata,
}) async {
ArgumentError.checkNotNull(
organizationConfigRuleName, 'organizationConfigRuleName');
_s.validateStringLength(
'organizationConfigRuleName',
organizationConfigRuleName,
1,
64,
isRequired: true,
);
final headers = <String, String>{
'Content-Type': 'application/x-amz-json-1.1',
'X-Amz-Target': 'StarlingDoveService.PutOrganizationConfigRule'
};
final jsonResponse = await _protocol.send(
method: 'POST',
requestUri: '/',
exceptionFnMap: _exceptionFns,
// TODO queryParams
headers: headers,
payload: {
'OrganizationConfigRuleName': organizationConfigRuleName,
if (excludedAccounts != null) 'ExcludedAccounts': excludedAccounts,
if (organizationCustomRuleMetadata != null)
'OrganizationCustomRuleMetadata': organizationCustomRuleMetadata,
if (organizationManagedRuleMetadata != null)
'OrganizationManagedRuleMetadata': organizationManagedRuleMetadata,
},
);
return PutOrganizationConfigRuleResponse.fromJson(jsonResponse.body);
}