CfnConfigRuleProps
- class aws_cdk.aws_config.CfnConfigRuleProps(*, source, compliance=None, config_rule_name=None, description=None, evaluation_modes=None, input_parameters=None, maximum_execution_frequency=None, scope=None)
Bases:
objectProperties for defining a
CfnConfigRule.- Parameters:
source (
Union[IResolvable,SourceProperty,Dict[str,Any]]) – Provides the rule owner (AWSfor managed rules,CUSTOM_POLICYfor Custom Policy rules, andCUSTOM_LAMBDAfor Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.compliance (
Union[IResolvable,ComplianceProperty,Dict[str,Any],None]) – Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.config_rule_name (
Optional[str]) – A name for the AWS Config rule. If you don’t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type .description (
Optional[str]) – The description that you provide for the AWS Config rule.evaluation_modes (
Union[IResolvable,Sequence[Union[IResolvable,EvaluationModeConfigurationProperty,Dict[str,Any]]],None]) – The modes the AWS Config rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.input_parameters (
Any) – A string, in JSON format, that is passed to the AWS Config rule Lambda function.maximum_execution_frequency (
Optional[str]) – The maximum frequency with which AWS Config runs evaluations for a rule. You can specify a value forMaximumExecutionFrequencywhen: - You are using an AWS managed rule that is triggered at a periodic frequency. - Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties . .. epigraph:: By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for theMaximumExecutionFrequencyparameter.scope (
Union[IResolvable,ScopeProperty,Dict[str,Any],None]) – Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.
- See:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_config as config # input_parameters: Any cfn_config_rule_props = config.CfnConfigRuleProps( source=config.CfnConfigRule.SourceProperty( owner="owner", # the properties below are optional custom_policy_details=config.CfnConfigRule.CustomPolicyDetailsProperty( enable_debug_log_delivery=False, policy_runtime="policyRuntime", policy_text="policyText" ), source_details=[config.CfnConfigRule.SourceDetailProperty( event_source="eventSource", message_type="messageType", # the properties below are optional maximum_execution_frequency="maximumExecutionFrequency" )], source_identifier="sourceIdentifier" ), # the properties below are optional compliance=config.CfnConfigRule.ComplianceProperty( type="type" ), config_rule_name="configRuleName", description="description", evaluation_modes=[config.CfnConfigRule.EvaluationModeConfigurationProperty( mode="mode" )], input_parameters=input_parameters, maximum_execution_frequency="maximumExecutionFrequency", scope=config.CfnConfigRule.ScopeProperty( compliance_resource_id="complianceResourceId", compliance_resource_types=["complianceResourceTypes"], tag_key="tagKey", tag_value="tagValue" ) )
Attributes
- compliance
Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.
- config_rule_name
A name for the AWS Config rule.
If you don’t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type .
- description
The description that you provide for the AWS Config rule.
- evaluation_modes
The modes the AWS Config rule can be evaluated in.
The valid values are distinct objects. By default, the value is Detective evaluation mode only.
- input_parameters
A string, in JSON format, that is passed to the AWS Config rule Lambda function.
- maximum_execution_frequency
The maximum frequency with which AWS Config runs evaluations for a rule.
You can specify a value for
MaximumExecutionFrequencywhen:You are using an AWS managed rule that is triggered at a periodic frequency.
Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties .
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the
MaximumExecutionFrequencyparameter.
- scope
Defines which resources can trigger an evaluation for the rule.
The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.
- source
Provides the rule owner (
AWSfor managed rules,CUSTOM_POLICYfor Custom Policy rules, andCUSTOM_LAMBDAfor Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.