interface CfnGuardHookMixinProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.Mixins.Preview.AWS.CloudFormation.Mixins.CfnGuardHookMixinProps |
 Go | github.com/aws/aws-cdk-go/awscdkmixinspreview/v2/awscloudformation/mixins#CfnGuardHookMixinProps |
 Java | software.amazon.awscdk.mixins.preview.services.cloudformation.mixins.CfnGuardHookMixinProps |
 Python | aws_cdk.mixins_preview.aws_cloudformation.mixins.CfnGuardHookMixinProps |
 TypeScript | @aws-cdk/mixins-preview » aws_cloudformation » mixins » CfnGuardHookMixinProps |
Properties for CfnGuardHookPropsMixin.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { mixins as cloudformation_mixins } from '@aws-cdk/mixins-preview/aws-cloudformation';
const cfnGuardHookMixinProps: cloudformation_mixins.CfnGuardHookMixinProps = {
alias: 'alias',
executionRole: 'executionRole',
failureMode: 'failureMode',
hookStatus: 'hookStatus',
logBucket: 'logBucket',
options: {
inputParams: {
uri: 'uri',
versionId: 'versionId',
},
},
ruleLocation: {
uri: 'uri',
versionId: 'versionId',
},
stackFilters: {
filteringCriteria: 'filteringCriteria',
stackNames: {
exclude: ['exclude'],
include: ['include'],
},
stackRoles: {
exclude: ['exclude'],
include: ['include'],
},
},
targetFilters: {
actions: ['actions'],
invocationPoints: ['invocationPoints'],
targetNames: ['targetNames'],
targets: [{
action: 'action',
invocationPoint: 'invocationPoint',
targetName: 'targetName',
}],
},
targetOperations: ['targetOperations'],
};
Properties
| Name | Type | Description |
|---|---|---|
| alias? | string | The type name alias for the Hook. This alias must be unique per account and Region. |
| execution | string | The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back. |
| failure | string | Specifies how the Hook responds when rules fail their evaluation. |
| hook | string | Specifies if the Hook is ENABLED or DISABLED . |
| log | string | Specifies the name of an S3 bucket to store the Guard output report. |
| options? | IResolvable | Options | Specifies the S3 location of your input parameters. |
| rule | IResolvable | S3 | Specifies the S3 location of your Guard rules. |
| stack | IResolvable | Stack | Specifies the stack level filters for the Hook. |
| target | IResolvable | Target | Specifies the target filters for the Hook. |
| target | string[] | Specifies the list of operations the Hook is run against. |
alias?
Type:
string
(optional)
The type name alias for the Hook. This alias must be unique per account and Region.
The alias must be in the form Name1::Name2::Name3 and must not begin with AWS . For example, Private::Guard::MyTestHook .
executionRole?
Type:
string
(optional)
The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back.
failureMode?
Type:
string
(optional, default: "WARN")
Specifies how the Hook responds when rules fail their evaluation.
FAIL: Prevents the action from proceeding. This is helpful for enforcing strict compliance or security policies.WARN: Issues warnings to users but allows actions to continue. This is useful for non-critical validations or informational checks.
hookStatus?
Type:
string
(optional, default: "DISABLED")
Specifies if the Hook is ENABLED or DISABLED .
logBucket?
Type:
string
(optional)
Specifies the name of an S3 bucket to store the Guard output report.
This report contains the results of your Guard rule validations.
options?
Type:
IResolvable | Options
(optional)
Specifies the S3 location of your input parameters.
ruleLocation?
Type:
IResolvable | S3
(optional)
Specifies the S3 location of your Guard rules.
stackFilters?
Type:
IResolvable | Stack
(optional)
Specifies the stack level filters for the Hook.
Example stack level filter in JSON:
"StackFilters": {"FilteringCriteria": "ALL", "StackNames": {"Exclude": [ "stack-1", "stack-2"]}}
Example stack level filter in YAML:
StackFilters: FilteringCriteria: ALL StackNames: Exclude: - stack-1 - stack-2
targetFilters?
Type:
IResolvable | Target
(optional)
Specifies the target filters for the Hook.
Example target filter in JSON:
"TargetFilters": {"Actions": [ "CREATE", "UPDATE", "DELETE" ]}
Example target filter in YAML:
TargetFilters: Actions: - CREATE - UPDATE - DELETE
targetOperations?
Type:
string[]
(optional)
Specifies the list of operations the Hook is run against.
For more information, see Hook targets in the CloudFormation Hooks User Guide .
Valid values: STACK | RESOURCE | CHANGE_SET | CLOUD_CONTROL