feat(client-config-service): AWS Config now supports ConformancePackTemplate documents in SSM Docs for the deployment and update of conformance packs.

Author: awstools

clients/client-config-service/src/ConfigService.ts

@@ -3218,8 +3218,7 @@ export class ConfigService extends ConfigServiceClient {
    * 		       <p>This API creates a service-linked role <code>AWSServiceRoleForConfigConforms</code> in your account.
    * 		The service-linked role is created only when the role does not exist in your account. </p>
    * 		       <note>
-   *             <p>You must specify either the <code>TemplateS3Uri</code> or the <code>TemplateBody</code> parameter, but not both.
-   * 			If you provide both Config uses the <code>TemplateS3Uri</code> parameter and ignores the <code>TemplateBody</code> parameter.</p>
+   *             <p>You must specify one and only one of the<code>TemplateS3Uri</code>, <code>TemplateBody</code> or <code>TemplateSSMDocumentDetails</code> parameters.</p>
    *          </note>
    */
   public putConformancePack(

clients/client-config-service/src/commands/PutConformancePackCommand.ts

@@ -13,8 +13,12 @@ import {
 } from "@aws-sdk/types";
 
 import { ConfigServiceClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../ConfigServiceClient";
-import { PutConformancePackRequest, PutConformancePackRequestFilterSensitiveLog } from "../models/models_0";
-import { PutConformancePackResponse, PutConformancePackResponseFilterSensitiveLog } from "../models/models_1";
+import {
+  PutConformancePackRequest,
+  PutConformancePackRequestFilterSensitiveLog,
+  PutConformancePackResponse,
+  PutConformancePackResponseFilterSensitiveLog,
+} from "../models/models_1";
 import {
   deserializeAws_json1_1PutConformancePackCommand,
   serializeAws_json1_1PutConformancePackCommand,
@@ -32,8 +36,7 @@ export interface PutConformancePackCommandOutput extends PutConformancePackRespo
  * 		       <p>This API creates a service-linked role <code>AWSServiceRoleForConfigConforms</code> in your account.
  * 		The service-linked role is created only when the role does not exist in your account. </p>
  * 		       <note>
- *             <p>You must specify either the <code>TemplateS3Uri</code> or the <code>TemplateBody</code> parameter, but not both.
- * 			If you provide both Config uses the <code>TemplateS3Uri</code> parameter and ignores the <code>TemplateBody</code> parameter.</p>
+ *             <p>You must specify one and only one of the<code>TemplateS3Uri</code>, <code>TemplateBody</code> or <code>TemplateSSMDocumentDetails</code> parameters.</p>
  *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-config-service/src/models/models_0.ts

@@ -2094,6 +2094,28 @@ export interface ConformancePackInputParameter {
   ParameterValue: string | undefined;
 }
 
+/**
+ * <p>This API allows you to create a conformance pack template with an Amazon Web Services Systems Manager document (SSM document).
+ * 			To deploy a conformance pack using an SSM document, you first create an SSM document with conformance pack content, and then provide the <code>DocumentName</code> (and optionally <code>DocumentVersion</code>) in the <a href="https://docs.aws.amazon.com/config/latest/APIReference/API_PutConformancePack.html">PutConformancePack API</a>.</p>
+ *
+ * 		       <p>The <code>TemplateSSMDocumentDetails</code> object contains the name of the SSM document and the version of the SSM document.</p>
+ */
+export interface TemplateSSMDocumentDetails {
+  /**
+   * <p>The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack.
+   * 			If you use the Document Name, Config checks only your account and region for the SSM document. If you want to use an SSM document from another region or account, you must provide the ARN.</p>
+   */
+  DocumentName: string | undefined;
+
+  /**
+   * <p>The version of the SSM document to use to create a conformance pack. By default, Config uses the latest version.</p>
+   * 		       <note>
+   *             <p>This field is optional.</p>
+   *          </note>
+   */
+  DocumentVersion?: string;
+}
+
 /**
  * <p>Returns details of a conformance pack. A conformance pack is a collection of Config rules and remediation actions that can be easily deployed in an account and a region.</p>
  */
@@ -2135,14 +2157,19 @@ export interface ConformancePackDetail {
   ConformancePackInputParameters?: ConformancePackInputParameter[];
 
   /**
-   * <p>Last time when conformation pack update was requested. </p>
+   * <p>The last time a conformation pack update was requested. </p>
    */
   LastUpdateRequestedTime?: Date;
 
   /**
-   * <p>Amazon Web Services service that created the conformance pack.</p>
+   * <p>The Amazon Web Services service that created the conformance pack.</p>
    */
   CreatedBy?: string;
+
+  /**
+   * <p>An object that contains the name or Amazon Resource Name (ARN) of the Amazon Web Services Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.</p>
+   */
+  TemplateSSMDocumentDetails?: TemplateSSMDocumentDetails;
 }
 
 /**
@@ -2692,7 +2719,7 @@ export interface DeleteRemediationConfigurationResponse {}
  *                      <p>To call IAM <code>GetRole</code> action or create a service-linked role.</p>
  *                   </li>
  *                   <li>
- *                      <p>To read Amazon S3 bucket.</p>
+ *                      <p>To read Amazon S3 bucket or call SSM:GetDocument.</p>
  *                   </li>
  *                </ul>
  * 			         </li>
@@ -6904,50 +6931,6 @@ export interface PutConfigurationRecorderRequest {
   ConfigurationRecorder: ConfigurationRecorder | undefined;
 }
 
-export interface PutConformancePackRequest {
-  /**
-   * <p>Name of the conformance pack you want to create.</p>
-   */
-  ConformancePackName: string | undefined;
-
-  /**
-   * <p>Location of file containing the template body (<code>s3://bucketname/prefix</code>). The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket in the same region as the conformance pack. </p>
-   * 		       <note>
-   *             <p>You must have access to read Amazon S3 bucket.</p>
-   *          </note>
-   */
-  TemplateS3Uri?: string;
-
-  /**
-   * <p>A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.</p>
-   * 		       <note>
-   *             <p>You can only use a YAML template with two resource types: Config rule (<code>AWS::Config::ConfigRule</code>) and a remediation action (<code>AWS::Config::RemediationConfiguration</code>).</p>
-   *          </note>
-   */
-  TemplateBody?: string;
-
-  /**
-   * <p>The name of the Amazon S3 bucket where Config stores conformance pack templates.</p>
-   * 		       <note>
-   *             <p>This field is optional.</p>
-   *          </note>
-   */
-  DeliveryS3Bucket?: string;
-
-  /**
-   * <p>The prefix for the Amazon S3 bucket. </p>
-   * 		       <note>
-   *             <p>This field is optional.</p>
-   *          </note>
-   */
-  DeliveryS3KeyPrefix?: string;
-
-  /**
-   * <p>A list of <code>ConformancePackInputParameter</code> objects.</p>
-   */
-  ConformancePackInputParameters?: ConformancePackInputParameter[];
-}
-
 /**
  * @internal
  */
@@ -7314,6 +7297,13 @@ export const ConformancePackInputParameterFilterSensitiveLog = (obj: Conformance
   ...obj,
 });
 
+/**
+ * @internal
+ */
+export const TemplateSSMDocumentDetailsFilterSensitiveLog = (obj: TemplateSSMDocumentDetails): any => ({
+  ...obj,
+});
+
 /**
  * @internal
  */
@@ -8667,10 +8657,3 @@ export const PutConfigurationAggregatorResponseFilterSensitiveLog = (obj: PutCon
 export const PutConfigurationRecorderRequestFilterSensitiveLog = (obj: PutConfigurationRecorderRequest): any => ({
   ...obj,
 });
-
-/**
- * @internal
- */
-export const PutConformancePackRequestFilterSensitiveLog = (obj: PutConformancePackRequest): any => ({
-  ...obj,
-});

clients/client-config-service/src/models/models_1.ts

@@ -19,8 +19,58 @@ import {
   RetentionConfiguration,
   StoredQuery,
   Tag,
+  TemplateSSMDocumentDetails,
 } from "./models_0";
 
+export interface PutConformancePackRequest {
+  /**
+   * <p>The unique name of the conformance pack you want to deploy.</p>
+   */
+  ConformancePackName: string | undefined;
+
+  /**
+   * <p>The location of the file containing the template body (<code>s3://bucketname/prefix</code>). The uri must point to a conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket in the same region as the conformance pack. </p>
+   * 		       <note>
+   *             <p>You must have access to read Amazon S3 bucket.</p>
+   *          </note>
+   */
+  TemplateS3Uri?: string;
+
+  /**
+   * <p>A string containing the full conformance pack template body. The structure containing the template body has a minimum length of 1 byte and a maximum length of 51,200 bytes.</p>
+   * 		       <note>
+   *             <p>You can only use a YAML template with two resource types: Config rule (<code>AWS::Config::ConfigRule</code>) and remediation action (<code>AWS::Config::RemediationConfiguration</code>).</p>
+   *          </note>
+   */
+  TemplateBody?: string;
+
+  /**
+   * <p>The name of the Amazon S3 bucket where Config stores conformance pack templates.</p>
+   * 		       <note>
+   *             <p>This field is optional.</p>
+   *          </note>
+   */
+  DeliveryS3Bucket?: string;
+
+  /**
+   * <p>The prefix for the Amazon S3 bucket. </p>
+   * 		       <note>
+   *             <p>This field is optional.</p>
+   *          </note>
+   */
+  DeliveryS3KeyPrefix?: string;
+
+  /**
+   * <p>A list of <code>ConformancePackInputParameter</code> objects.</p>
+   */
+  ConformancePackInputParameters?: ConformancePackInputParameter[];
+
+  /**
+   * <p>An object of type <code>TemplateSSMDocumentDetails</code>, which contains the name or the Amazon Resource Name (ARN) of the Amazon Web Services Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.</p>
+   */
+  TemplateSSMDocumentDetails?: TemplateSSMDocumentDetails;
+}
+
 export interface PutConformancePackResponse {
   /**
    * <p>ARN of the conformance pack.</p>
@@ -536,6 +586,13 @@ export interface UntagResourceRequest {
   TagKeys: string[] | undefined;
 }
 
+/**
+ * @internal
+ */
+export const PutConformancePackRequestFilterSensitiveLog = (obj: PutConformancePackRequest): any => ({
+  ...obj,
+});
+
 /**
  * @internal
  */

clients/client-config-service/src/protocols/Aws_json1_1.ts

@@ -584,7 +584,6 @@ import {
   PutConfigurationAggregatorRequest,
   PutConfigurationAggregatorResponse,
   PutConfigurationRecorderRequest,
-  PutConformancePackRequest,
   RecordingGroup,
   Relationship,
   RemediationConfiguration,
@@ -614,9 +613,11 @@ import {
   StoredQuery,
   StoredQueryMetadata,
   Tag,
+  TemplateSSMDocumentDetails,
   ValidationException,
 } from "../models/models_0";
 import {
+  PutConformancePackRequest,
   PutConformancePackResponse,
   PutDeliveryChannelRequest,
   PutEvaluationsRequest,
@@ -8008,6 +8009,12 @@ const serializeAws_json1_1PutConformancePackRequest = (
     ...(input.DeliveryS3KeyPrefix != null && { DeliveryS3KeyPrefix: input.DeliveryS3KeyPrefix }),
     ...(input.TemplateBody != null && { TemplateBody: input.TemplateBody }),
     ...(input.TemplateS3Uri != null && { TemplateS3Uri: input.TemplateS3Uri }),
+    ...(input.TemplateSSMDocumentDetails != null && {
+      TemplateSSMDocumentDetails: serializeAws_json1_1TemplateSSMDocumentDetails(
+        input.TemplateSSMDocumentDetails,
+        context
+      ),
+    }),
   };
 };
 
@@ -8539,6 +8546,16 @@ const serializeAws_json1_1TagsList = (input: Tag[], context: __SerdeContext): an
     });
 };
 
+const serializeAws_json1_1TemplateSSMDocumentDetails = (
+  input: TemplateSSMDocumentDetails,
+  context: __SerdeContext
+): any => {
+  return {
+    ...(input.DocumentName != null && { DocumentName: input.DocumentName }),
+    ...(input.DocumentVersion != null && { DocumentVersion: input.DocumentVersion }),
+  };
+};
+
 const serializeAws_json1_1UntagResourceRequest = (input: UntagResourceRequest, context: __SerdeContext): any => {
   return {
     ...(input.ResourceArn != null && { ResourceArn: input.ResourceArn }),
@@ -9396,6 +9413,10 @@ const deserializeAws_json1_1ConformancePackDetail = (output: any, context: __Ser
       output.LastUpdateRequestedTime != null
         ? __expectNonNull(__parseEpochTimestamp(__expectNumber(output.LastUpdateRequestedTime)))
         : undefined,
+    TemplateSSMDocumentDetails:
+      output.TemplateSSMDocumentDetails != null
+        ? deserializeAws_json1_1TemplateSSMDocumentDetails(output.TemplateSSMDocumentDetails, context)
+        : undefined,
   } as any;
 };
 
@@ -11977,6 +11998,16 @@ const deserializeAws_json1_1Tags = (output: any, context: __SerdeContext): Recor
   }, {});
 };
 
+const deserializeAws_json1_1TemplateSSMDocumentDetails = (
+  output: any,
+  context: __SerdeContext
+): TemplateSSMDocumentDetails => {
+  return {
+    DocumentName: __expectString(output.DocumentName),
+    DocumentVersion: __expectString(output.DocumentVersion),
+  } as any;
+};
+
 const deserializeAws_json1_1TooManyTagsException = (output: any, context: __SerdeContext): TooManyTagsException => {
   return {
     message: __expectString(output.message),