interface CfnConfigRuleProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Config.CfnConfigRuleProps |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsconfig#CfnConfigRuleProps |
 Java | software.amazon.awscdk.services.config.CfnConfigRuleProps |
 Python | aws_cdk.aws_config.CfnConfigRuleProps |
 TypeScript | aws-cdk-lib » aws_config » CfnConfigRuleProps |
Properties for defining a CfnConfigRule.
See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_config as config } from 'aws-cdk-lib';
declare const inputParameters: any;
const cfnConfigRuleProps: config.CfnConfigRuleProps = {
source: {
owner: 'owner',
// the properties below are optional
customPolicyDetails: {
enableDebugLogDelivery: false,
policyRuntime: 'policyRuntime',
policyText: 'policyText',
},
sourceDetails: [{
eventSource: 'eventSource',
messageType: 'messageType',
// the properties below are optional
maximumExecutionFrequency: 'maximumExecutionFrequency',
}],
sourceIdentifier: 'sourceIdentifier',
},
// the properties below are optional
compliance: {
type: 'type',
},
configRuleName: 'configRuleName',
description: 'description',
evaluationModes: [{
mode: 'mode',
}],
inputParameters: inputParameters,
maximumExecutionFrequency: 'maximumExecutionFrequency',
scope: {
complianceResourceId: 'complianceResourceId',
complianceResourceTypes: ['complianceResourceTypes'],
tagKey: 'tagKey',
tagValue: 'tagValue',
},
};
Properties
| Name | Type | Description |
|---|---|---|
| source | IResolvable | Source | Provides the rule owner ( AWS for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources. |
| compliance? | IResolvable | Compliance | Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance. |
| config | string | A name for the AWS Config rule. |
| description? | string | The description that you provide for the AWS Config rule. |
| evaluation | IResolvable | (IResolvable | Evaluation)[] | The modes the AWS Config rule can be evaluated in. |
| input | any | A string, in JSON format, that is passed to the AWS Config rule Lambda function. |
| maximum | string | The maximum frequency with which AWS Config runs evaluations for a rule. |
| scope? | IResolvable | Scope | Defines which resources can trigger an evaluation for the rule. |
source
Type:
IResolvable | Source
Provides the rule owner ( AWS for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.
compliance?
Type:
IResolvable | Compliance
(optional)
Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.
configRuleName?
Type:
string
(optional)
A name for the AWS Config rule.
If you don't specify a name, CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type .
description?
Type:
string
(optional)
The description that you provide for the AWS Config rule.
evaluationModes?
Type:
IResolvable | (IResolvable | Evaluation)[]
(optional)
The modes the AWS Config rule can be evaluated in.
The valid values are distinct objects. By default, the value is Detective evaluation mode only.
inputParameters?
Type:
any
(optional)
A string, in JSON format, that is passed to the AWS Config rule Lambda function.
maximumExecutionFrequency?
Type:
string
(optional)
The maximum frequency with which AWS Config runs evaluations for a rule.
You can specify a value for MaximumExecutionFrequency when:
- You are using an AWS managed rule that is triggered at a periodic frequency.
- Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties .
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the
MaximumExecutionFrequencyparameter.
scope?
Type:
IResolvable | Scope
(optional)
Defines which resources can trigger an evaluation for the rule.
The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.