Package software.amazon.awscdk.services.cloudformation

Class CfnGuardHook

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.CfnElement

software.amazon.awscdk.CfnRefElement

software.amazon.awscdk.CfnResource

software.amazon.awscdk.services.cloudformation.CfnGuardHook

All Implemented Interfaces:

IInspectable, IGuardHookRef, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.116.0 (build 0eddcff)",
           date="2025-10-24T13:34:32.794Z")
@Stability(Stable)
public class CfnGuardHook
extends CfnResource
implements IInspectable, IGuardHookRef

The AWS::CloudFormation::GuardHook resource creates and activates a Guard Hook.

Using the Guard domain specific language (DSL), you can author Guard Hooks to evaluate your resources before allowing stack operations.

For more information, see Guard Hooks in the AWS CloudFormation Hooks User Guide .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.cloudformation.*;
 CfnGuardHook cfnGuardHook = CfnGuardHook.Builder.create(this, "MyCfnGuardHook")
         .alias("alias")
         .executionRole("executionRole")
         .failureMode("failureMode")
         .hookStatus("hookStatus")
         .ruleLocation(S3LocationProperty.builder()
                 .uri("uri")
                 // the properties below are optional
                 .versionId("versionId")
                 .build())
         .targetOperations(List.of("targetOperations"))
         // the properties below are optional
         .logBucket("logBucket")
         .options(OptionsProperty.builder()
                 .inputParams(S3LocationProperty.builder()
                         .uri("uri")
                         // the properties below are optional
                         .versionId("versionId")
                         .build())
                 .build())
         .stackFilters(StackFiltersProperty.builder()
                 .filteringCriteria("filteringCriteria")
                 // the properties below are optional
                 .stackNames(StackNamesProperty.builder()
                         .exclude(List.of("exclude"))
                         .include(List.of("include"))
                         .build())
                 .stackRoles(StackRolesProperty.builder()
                         .exclude(List.of("exclude"))
                         .include(List.of("include"))
                         .build())
                 .build())
         .targetFilters(TargetFiltersProperty.builder()
                 .targets(List.of(HookTargetProperty.builder()
                         .action("action")
                         .invocationPoint("invocationPoint")
                         .targetName("targetName")
                         .build()))
                 // the properties below are optional
                 .actions(List.of("actions"))
                 .invocationPoints(List.of("invocationPoints"))
                 .targetNames(List.of("targetNames"))
                 .build())
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	CfnGuardHook.Builder	A fluent builder for CfnGuardHook.
static interface	CfnGuardHook.HookTargetProperty	Hook targets are the destination where hooks will be invoked against.
static interface	CfnGuardHook.OptionsProperty	Specifies the input parameters for a Guard Hook.
static interface	CfnGuardHook.S3LocationProperty	Specifies the S3 location where your Guard rules or input parameters are located.
static interface	CfnGuardHook.StackFiltersProperty	The StackFilters property type specifies stack level filters for a Hook.
static interface	CfnGuardHook.StackNamesProperty	Specifies the stack names for the StackFilters property type to include or exclude specific stacks from Hook invocations.
static interface	CfnGuardHook.StackRolesProperty	Specifies the stack roles for the StackFilters property type to include or exclude specific stacks from Hook invocations based on their associated IAM roles.
static interface	CfnGuardHook.TargetFiltersProperty	The TargetFilters property type specifies the target filters for the Hook.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.cloudformation.IGuardHookRef

IGuardHookRef.Jsii$Default, IGuardHookRef.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CFN_RESOURCE_TYPE_NAME	The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	CfnGuardHook(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnGuardHook(software.amazon.jsii.JsiiObjectRef objRef)
	CfnGuardHook(software.constructs.Construct scope, String id, CfnGuardHookProps props)

Method Summary

Modifier and Type	Method	Description
String	getAlias()	The type name alias for the Hook.
String	getAttrHookArn()	Returns the ARN of a Guard Hook.
protected Map<String,Object>	getCfnProperties()
String	getExecutionRole()	The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back.
String	getFailureMode()	Specifies how the Hook responds when rules fail their evaluation.
GuardHookReference	getGuardHookRef()	A reference to a GuardHook resource.
String	getHookStatus()	Specifies if the Hook is ENABLED or DISABLED .
String	getLogBucket()	Specifies the name of an S3 bucket to store the Guard output report.
Object	getOptions()	Specifies the S3 location of your input parameters.
Object	getRuleLocation()	Specifies the S3 location of your Guard rules.
Object	getStackFilters()	Specifies the stack level filters for the Hook.
Object	getTargetFilters()	Specifies the target filters for the Hook.
List<String>	getTargetOperations()	Specifies the list of operations the Hook is run against.
void	inspect(TreeInspector inspector)	Examines the CloudFormation resource and discloses attributes.
protected Map<String,Object>	renderProperties(Map<String,Object> props)
void	setAlias(String value)	The type name alias for the Hook.
void	setExecutionRole(String value)	The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back.
void	setFailureMode(String value)	Specifies how the Hook responds when rules fail their evaluation.
void	setHookStatus(String value)	Specifies if the Hook is ENABLED or DISABLED .
void	setLogBucket(String value)	Specifies the name of an S3 bucket to store the Guard output report.
void	setOptions(IResolvable value)	Specifies the S3 location of your input parameters.
void	setOptions(CfnGuardHook.OptionsProperty value)	Specifies the S3 location of your input parameters.
void	setRuleLocation(IResolvable value)	Specifies the S3 location of your Guard rules.
void	setRuleLocation(CfnGuardHook.S3LocationProperty value)	Specifies the S3 location of your Guard rules.
void	setStackFilters(IResolvable value)	Specifies the stack level filters for the Hook.
void	setStackFilters(CfnGuardHook.StackFiltersProperty value)	Specifies the stack level filters for the Hook.
void	setTargetFilters(IResolvable value)	Specifies the target filters for the Hook.
void	setTargetFilters(CfnGuardHook.TargetFiltersProperty value)	Specifies the target filters for the Hook.
void	setTargetOperations(List<String> value)	Specifies the list of operations the Hook is run against.

Methods inherited from class software.amazon.awscdk.CfnResource

addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.constructs.Construct

getNode, isConstruct

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.constructs.IConstruct

getNode

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Details

CFN_RESOURCE_TYPE_NAME

@Stability(Stable)
public static final String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Details

CfnGuardHook

protected CfnGuardHook(software.amazon.jsii.JsiiObjectRef objRef)

CfnGuardHook

protected CfnGuardHook(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnGuardHook

@Stability(Stable)
public CfnGuardHook(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 CfnGuardHookProps props)

Parameters:

scope - Scope in which this resource is defined. This parameter is required.

id - Construct identifier for this resource (unique in its scope). This parameter is required.

props - Resource properties. This parameter is required.

Method Details

inspect

@Stability(Stable)
public void inspect(@NotNull
 TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - tree inspector to collect and process attributes. This parameter is required.

renderProperties

@Stability(Stable)
@NotNull
protected Map<String,Object> renderProperties(@NotNull
 Map<String,Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getAttrHookArn

@Stability(Stable)
@NotNull
public String getAttrHookArn()

Returns the ARN of a Guard Hook.

getCfnProperties

@Stability(Stable)
@NotNull
protected Map<String,Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getGuardHookRef

@Stability(Stable)
@NotNull
public GuardHookReference getGuardHookRef()

A reference to a GuardHook resource.

Specified by:

getGuardHookRef in interface IGuardHookRef

getAlias

@Stability(Stable)
@NotNull
public String getAlias()

The type name alias for the Hook.

This alias must be unique per account and Region.

setAlias

@Stability(Stable)
public void setAlias(@NotNull
 String value)

The type name alias for the Hook.

This alias must be unique per account and Region.

getExecutionRole

@Stability(Stable)
@NotNull
public String getExecutionRole()

The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back.

setExecutionRole

@Stability(Stable)
public void setExecutionRole(@NotNull
 String value)

The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back.

getFailureMode

@Stability(Stable)
@NotNull
public String getFailureMode()

Specifies how the Hook responds when rules fail their evaluation.

setFailureMode

@Stability(Stable)
public void setFailureMode(@NotNull
 String value)

Specifies how the Hook responds when rules fail their evaluation.

getHookStatus

@Stability(Stable)
@NotNull
public String getHookStatus()

Specifies if the Hook is ENABLED or DISABLED .

setHookStatus

@Stability(Stable)
public void setHookStatus(@NotNull
 String value)

Specifies if the Hook is ENABLED or DISABLED .

getRuleLocation

@Stability(Stable)
@NotNull
public Object getRuleLocation()

Specifies the S3 location of your Guard rules.

Returns union: either IResolvable or CfnGuardHook.S3LocationProperty

setRuleLocation

@Stability(Stable)
public void setRuleLocation(@NotNull
 IResolvable value)

Specifies the S3 location of your Guard rules.

setRuleLocation

@Stability(Stable)
public void setRuleLocation(@NotNull
 CfnGuardHook.S3LocationProperty value)

Specifies the S3 location of your Guard rules.

getTargetOperations

@Stability(Stable)
@NotNull
public List<String> getTargetOperations()

Specifies the list of operations the Hook is run against.

setTargetOperations

@Stability(Stable)
public void setTargetOperations(@NotNull
 List<String> value)

Specifies the list of operations the Hook is run against.

getLogBucket

@Stability(Stable)
@Nullable
public String getLogBucket()

Specifies the name of an S3 bucket to store the Guard output report.

setLogBucket

@Stability(Stable)
public void setLogBucket(@Nullable
 String value)

Specifies the name of an S3 bucket to store the Guard output report.

getOptions

@Stability(Stable)
@Nullable
public Object getOptions()

Specifies the S3 location of your input parameters.

Returns union: either IResolvable or CfnGuardHook.OptionsProperty

setOptions

@Stability(Stable)
public void setOptions(@Nullable
 IResolvable value)

Specifies the S3 location of your input parameters.

setOptions

@Stability(Stable)
public void setOptions(@Nullable
 CfnGuardHook.OptionsProperty value)

Specifies the S3 location of your input parameters.

getStackFilters

@Stability(Stable)
@Nullable
public Object getStackFilters()

Specifies the stack level filters for the Hook.

Returns union: either IResolvable or CfnGuardHook.StackFiltersProperty

setStackFilters

@Stability(Stable)
public void setStackFilters(@Nullable
 IResolvable value)

Specifies the stack level filters for the Hook.

setStackFilters

@Stability(Stable)
public void setStackFilters(@Nullable
 CfnGuardHook.StackFiltersProperty value)

Specifies the stack level filters for the Hook.

getTargetFilters

@Stability(Stable)
@Nullable
public Object getTargetFilters()

Specifies the target filters for the Hook.

Returns union: either IResolvable or CfnGuardHook.TargetFiltersProperty

setTargetFilters

@Stability(Stable)
public void setTargetFilters(@Nullable
 IResolvable value)

Specifies the target filters for the Hook.

setTargetFilters

@Stability(Stable)
public void setTargetFilters(@Nullable
 CfnGuardHook.TargetFiltersProperty value)

Specifies the target filters for the Hook.