ConfigService / Client / delete_organization_config_rule
delete_organization_config_rule¶
- ConfigService.Client.delete_organization_config_rule(**kwargs)¶
Deletes the specified organization Config rule and all of its evaluation results from all member accounts in that organization.
Only a management account and a delegated administrator account can delete an organization Config rule. When calling this API with a delegated administrator, you must ensure Organizations
ListDelegatedAdministratorpermissions are added.Config sets the state of a rule to DELETE_IN_PROGRESS until the deletion is complete. You cannot update a rule while it is in this state.
Note
Recommendation: Consider excluding the
AWS::Config::ResourceComplianceresource type from recording before deleting rulesDeleting rules creates configuration items (CIs) for
AWS::Config::ResourceCompliancethat can affect your costs for the configuration recorder. If you are deleting rules which evaluate a large number of resource types, this can lead to a spike in the number of CIs recorded.To avoid the associated costs, you can opt to disable recording for the
AWS::Config::ResourceComplianceresource type before deleting rules, and re-enable recording after the rules have been deleted.However, since deleting rules is an asynchronous process, it might take an hour or more to complete. During the time when recording is disabled for
AWS::Config::ResourceCompliance, rule evaluations will not be recorded in the associated resource’s history.See also: AWS API Documentation
Request Syntax
response = client.delete_organization_config_rule( OrganizationConfigRuleName='string' )
- Parameters:
OrganizationConfigRuleName (string) –
[REQUIRED]
The name of organization Config rule that you want to delete.
- Returns:
None
Exceptions
ConfigService.Client.exceptions.NoSuchOrganizationConfigRuleExceptionConfigService.Client.exceptions.ResourceInUseExceptionConfigService.Client.exceptions.OrganizationAccessDeniedException