Documentation update for PutConfigRule and PutOrganizationConfigRule

This release introduces ModifySamlProperties, a new API that allows control of SAML properties associated with a WorkSpaces directory. The DescribeWorkspaceDirectories API will now additionally return SAML properties in its responses.

Author: aws-sdk-cpp-automation

aws-cpp-sdk-config/include/aws/config/ConfigServiceClient.h

@@ -1881,8 +1881,10 @@ namespace Model
          * conformance pack compared to the number of total possible rule-resource
          * combinations in the conformance pack. This metric provides you with a high-level
          * view of the compliance state of your conformance packs, and can be used to
-         * identify, investigate, and understand compliance deviations in your conformance
-         * packs.</p><p><h3>See Also:</h3>   <a
+         * identify, investigate, and understand the level of compliance in your
+         * conformance packs.</p>  <p>Conformance packs with no evaluation results
+         * will have a compliance score of <code>INSUFFICIENT_DATA</code>.</p>
+         * <p><h3>See Also:</h3>   <a
          * href="http://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/ListConformancePackComplianceScores">AWS
          * API Reference</a></p>
          */
@@ -1981,33 +1983,38 @@ namespace Model
         virtual void PutAggregationAuthorizationAsync(const Model::PutAggregationAuthorizationRequest& request, const PutAggregationAuthorizationResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const;
 
         /**
-         * <p>Adds or updates an Config rule for evaluating whether your Amazon Web
-         * Services resources comply with your desired configurations.</p> <p>You can use
-         * this action for Config custom rules and Config managed rules. A Config custom
-         * rule is a rule that you develop and maintain. An Config managed rule is a
-         * customizable, predefined rule that Config provides.</p> <p>If you are adding a
-         * new Config custom rule, you must first create the Lambda function that the rule
-         * invokes to evaluate your resources. When you use the <code>PutConfigRule</code>
-         * action to add the rule to Config, you must specify the Amazon Resource Name
-         * (ARN) that Lambda assigns to the function. Specify the ARN for the
+         * <p>Adds or updates an Config rule to evaluate if your Amazon Web Services
+         * resources comply with your desired configurations. For information on how many
+         * Config rules you can have per account, see <a
+         * href="https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html">
+         * <b>Service Limits</b> </a> in the <i>Config Developer Guide</i>.</p> <p>There
+         * are two types of rules: Config Custom Rules and Config Managed Rules. You can
+         * use <code>PutConfigRule</code> to create both Config custom rules and Config
+         * managed rules.</p> <p>Custom rules are rules that you can create using either
+         * Guard or Lambda functions. Guard (<a
+         * href="https://github.com/aws-cloudformation/cloudformation-guard">Guard GitHub
+         * Repository</a>) is a policy-as-code language that allows you to write policies
+         * that are enforced by Config Custom Policy rules. Lambda uses custom code that
+         * you upload to evaluate a custom rule. If you are adding a new Custom Lambda
+         * rule, you first need to create an Lambda function that the rule invokes to
+         * evaluate your resources. When you use <code>PutConfigRule</code> to add a Custom
+         * Lambda rule to Config, you must specify the Amazon Resource Name (ARN) that
+         * Lambda assigns to the function. You specify the ARN in the
          * <code>SourceIdentifier</code> key. This key is part of the <code>Source</code>
-         * object, which is part of the <code>ConfigRule</code> object. </p> <p>If you are
-         * adding an Config managed rule, specify the rule's identifier for the
-         * <code>SourceIdentifier</code> key. To reference Config managed rule identifiers,
-         * see <a
-         * href="https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html">About
-         * Config managed rules</a>.</p> <p>For any new rule that you add, specify the
-         * <code>ConfigRuleName</code> in the <code>ConfigRule</code> object. Do not
-         * specify the <code>ConfigRuleArn</code> or the <code>ConfigRuleId</code>. These
-         * values are generated by Config for new rules.</p> <p>If you are updating a rule
-         * that you added previously, you can specify the rule by
-         * <code>ConfigRuleName</code>, <code>ConfigRuleId</code>, or
+         * object, which is part of the <code>ConfigRule</code> object. </p> <p>Managed
+         * rules are predefined, customizable rules created by Config. For a list of
+         * managed rules, see <a
+         * href="https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html">List
+         * of Config Managed Rules</a>. If you are adding an Config managed rule, you must
+         * specify the rule's identifier for the <code>SourceIdentifier</code> key.</p>
+         * <p>For any new rule that you add, specify the <code>ConfigRuleName</code> in the
+         * <code>ConfigRule</code> object. Do not specify the <code>ConfigRuleArn</code> or
+         * the <code>ConfigRuleId</code>. These values are generated by Config for new
+         * rules.</p> <p>If you are updating a rule that you added previously, you can
+         * specify the rule by <code>ConfigRuleName</code>, <code>ConfigRuleId</code>, or
          * <code>ConfigRuleArn</code> in the <code>ConfigRule</code> data type that you use
-         * in this request.</p> <p>For information on how many Config rules you can have
-         * per account, see <a
-         * href="https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html">
-         * <b>Service Limits</b> </a> in the Config Developer Guide.</p> <p>For more
-         * information about developing and using Config rules, see <a
+         * in this request.</p> <p>For more information about developing and using Config
+         * rules, see <a
          * href="https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html">Evaluating
          * Amazon Web Services resource Configurations with Config</a> in the <i>Config
          * Developer Guide</i>.</p><p><h3>See Also:</h3>   <a
@@ -2043,7 +2050,7 @@ namespace Model
          * is a valid delegated administrator.</p> <p>To register a delegated
          * administrator, see <a
          * href="https://docs.aws.amazon.com/config/latest/developerguide/set-up-aggregator-cli.html#register-a-delegated-administrator-cli">Register
-         * a Delegated Administrator</a> in the Config developer guide. </p>
+         * a Delegated Administrator</a> in the <i>Config developer guide</i>. </p>
          * <p><h3>See Also:</h3>   <a
          * href="http://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/PutConfigurationAggregator">AWS
          * API Reference</a></p>
@@ -2092,8 +2099,8 @@ namespace Model
          * you can have per account, see <a
          * href="https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html">
          * <b>Service Limits</b> </a> in the Config Developer Guide.</p> <p>This API
-         * creates a service linked role <code>AWSServiceRoleForConfigConforms</code> in
-         * your account. The service linked role is created only when the role does not
+         * creates a service-linked role <code>AWSServiceRoleForConfigConforms</code> in
+         * your account. The service-linked role is created only when the role does not
          * exist in your account. </p>  <p>You must specify either the
          * <code>TemplateS3Uri</code> or the <code>TemplateBody</code> parameter, but not
          * both. If you provide both Config uses the <code>TemplateS3Uri</code> parameter
@@ -2179,38 +2186,49 @@ namespace Model
         virtual void PutExternalEvaluationAsync(const Model::PutExternalEvaluationRequest& request, const PutExternalEvaluationResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const;
 
         /**
-         * <p>Adds or updates organization Config rule for your entire organization
-         * evaluating whether your Amazon Web Services resources comply with your desired
-         * configurations. For information on how many organization Config rules you can
-         * have per account, see <a
+         * <p>Adds or updates an Config rule for your entire organization to evaluate if
+         * your Amazon Web Services resources comply with your desired configurations. For
+         * information on how many organization Config rules you can have per account, see
+         * <a
          * href="https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html">
-         * <b>Service Limits</b> </a> in the Config Developer Guide.</p> <p> Only a master
-         * account and a delegated administrator can create or update an organization
-         * Config rule. When calling this API with a delegated administrator, you must
-         * ensure Organizations <code>ListDelegatedAdministrator</code> permissions are
-         * added. An organization can have up to 3 delegated administrators.</p> <p>This
-         * API enables organization service access through the
-         * <code>EnableAWSServiceAccess</code> action and creates a service linked role
+         * <b>Service Limits</b> </a> in the <i>Config Developer Guide</i>.</p> <p> Only a
+         * master account and a delegated administrator can create or update an
+         * organization Config rule. When calling this API with a delegated administrator,
+         * you must ensure Organizations <code>ListDelegatedAdministrator</code>
+         * permissions are added. An organization can have up to 3 delegated
+         * administrators.</p> <p>This API enables organization service access through the
+         * <code>EnableAWSServiceAccess</code> action and creates a service-linked role
          * <code>AWSServiceRoleForConfigMultiAccountSetup</code> in the master or delegated
-         * administrator account of your organization. The service linked role is created
+         * administrator account of your organization. The service-linked role is created
          * only when the role does not exist in the caller account. Config verifies the
          * existence of role with <code>GetRole</code> action.</p> <p>To use this API with
          * delegated administrator, register a delegated administrator by calling Amazon
          * Web Services Organization <code>register-delegated-administrator</code> for
-         * <code>config-multiaccountsetup.amazonaws.com</code>. </p> <p>You can use this
-         * action to create both Config custom rules and Config managed rules. If you are
-         * adding a new Config custom rule, you must first create Lambda function in the
-         * master account or a delegated administrator that the rule invokes to evaluate
-         * your resources. You also need to create an IAM role in the managed-account that
-         * can be assumed by the Lambda function. When you use the
-         * <code>PutOrganizationConfigRule</code> action to add the rule to Config, you
-         * must specify the Amazon Resource Name (ARN) that Lambda assigns to the function.
-         * If you are adding an Config managed rule, specify the rule's identifier for the
-         * <code>RuleIdentifier</code> key.</p>  <p>Prerequisite: Ensure you call
-         * <code>EnableAllFeatures</code> API to enable all features in an
-         * organization.</p> <p>Specify either <code>OrganizationCustomRuleMetadata</code>
-         * or <code>OrganizationManagedRuleMetadata</code>.</p> <p><h3>See
-         * Also:</h3>   <a
+         * <code>config-multiaccountsetup.amazonaws.com</code>. </p> <p>There are two types
+         * of rules: Config Custom Rules and Config Managed Rules. You can use
+         * <code>PutOrganizationConfigRule</code> to create both Config custom rules and
+         * Config managed rules.</p> <p>Custom rules are rules that you can create using
+         * either Guard or Lambda functions. Guard (<a
+         * href="https://github.com/aws-cloudformation/cloudformation-guard">Guard GitHub
+         * Repository</a>) is a policy-as-code language that allows you to write policies
+         * that are enforced by Config Custom Policy rules. Lambda uses custom code that
+         * you upload to evaluate a custom rule. If you are adding a new Custom Lambda
+         * rule, you first need to create an Lambda function in the master account or a
+         * delegated administrator that the rule invokes to evaluate your resources. You
+         * also need to create an IAM role in the managed account that can be assumed by
+         * the Lambda function. When you use <code>PutOrganizationConfigRule</code> to add
+         * a Custom Lambda rule to Config, you must specify the Amazon Resource Name (ARN)
+         * that Lambda assigns to the function.</p> <p>Managed rules are predefined,
+         * customizable rules created by Config. For a list of managed rules, see <a
+         * href="https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html">List
+         * of Config Managed Rules</a>. If you are adding an Config managed rule, you must
+         * specify the rule's identifier for the <code>RuleIdentifier</code> key.</p>
+         *  <p>Prerequisite: Ensure you call <code>EnableAllFeatures</code> API to
+         * enable all features in an organization.</p> <p>Make sure to specify one of
+         * either <code>OrganizationCustomPolicyRuleMetadata</code> for Custom Policy
+         * rules, <code>OrganizationCustomRuleMetadata</code> for Custom Lambda rules, or
+         * <code>OrganizationManagedRuleMetadata</code> for managed rules.</p>
+         * <p><h3>See Also:</h3>   <a
          * href="http://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/PutOrganizationConfigRule">AWS
          * API Reference</a></p>
          */
@@ -2237,9 +2255,9 @@ namespace Model
          * <code>ListDelegatedAdministrator</code> permissions are added. An organization
          * can have up to 3 delegated administrators.</p> <p>This API enables organization
          * service access for <code>config-multiaccountsetup.amazonaws.com</code> through
-         * the <code>EnableAWSServiceAccess</code> action and creates a service linked role
+         * the <code>EnableAWSServiceAccess</code> action and creates a service-linked role
          * <code>AWSServiceRoleForConfigMultiAccountSetup</code> in the master or delegated
-         * administrator account of your organization. The service linked role is created
+         * administrator account of your organization. The service-linked role is created
          * only when the role does not exist in the caller account. To use this API with
          * delegated administrator, register a delegated administrator by calling Amazon
          * Web Services Organization <code>register-delegate-admin</code> for
@@ -2433,8 +2451,8 @@ namespace Model
          * performs the corresponding search, and returns resource configurations matching
          * the properties.</p> <p>For more information about query components, see the <a
          * href="https://docs.aws.amazon.com/config/latest/developerguide/query-components.html">
-         * <b>Query Components</b> </a> section in the Config Developer
-         * Guide.</p><p><h3>See Also:</h3>   <a
+         * <b>Query Components</b> </a> section in the <i>Config Developer
+         * Guide</i>.</p><p><h3>See Also:</h3>   <a
          * href="http://docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/SelectResourceConfig">AWS
          * API Reference</a></p>
          */