CloudFormationStackDriftDetectionCheckProps

class aws_cdk.aws_config.CloudFormationStackDriftDetectionCheckProps(*, config_rule_name=None, description=None, evaluation_modes=None, input_parameters=None, maximum_execution_frequency=None, rule_scope=None, own_stack_only=None, role=None)

Bases: RuleProps

Construction properties for a CloudFormationStackDriftDetectionCheck.

Parameters:

  • config_rule_name (Optional[str]) – A name for the AWS Config rule. Default: - CloudFormation generated name

  • description (Optional[str]) – A description about this AWS Config rule. Default: - No description

  • evaluation_modes (Optional[EvaluationMode]) – The modes the AWS Config rule can be evaluated in. The valid values are distinct objects. Default: - Detective evaluation mode only

  • input_parameters (Optional[Mapping[str, Any]]) – Input parameter values that are passed to the AWS Config rule. Default: - No input parameters

  • maximum_execution_frequency (Optional[MaximumExecutionFrequency]) – The maximum frequency at which the AWS Config rule runs evaluations. Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS

  • rule_scope (Optional[RuleScope]) – Defines which resources trigger an evaluation for an AWS Config rule. Default: - evaluations for the rule are triggered when any resource in the recording group changes.

  • own_stack_only (Optional[bool]) – Whether to check only the stack where this rule is deployed. Default: false

  • role (Optional[IRoleRef]) – The IAM role to use for this rule. It must have permissions to detect drift for AWS CloudFormation stacks. Ensure to attach config.amazonaws.com trusted permissions and ReadOnlyAccess policy permissions. For specific policy permissions, refer to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html. Default: - A role will be created

ExampleMetadata:

infused

Example:

# compliant if stack's status is 'IN_SYNC'
# non-compliant if the stack's drift status is 'DRIFTED'
config.CloudFormationStackDriftDetectionCheck(self, "Drift",
    own_stack_only=True
)

Attributes

config_rule_name

A name for the AWS Config rule.

Default:

  • CloudFormation generated name

description

A description about this AWS Config rule.

Default:

  • No description

evaluation_modes

The modes the AWS Config rule can be evaluated in.

The valid values are distinct objects.

Default:

  • Detective evaluation mode only

input_parameters

Input parameter values that are passed to the AWS Config rule.

Default:

  • No input parameters

maximum_execution_frequency

The maximum frequency at which the AWS Config rule runs evaluations.

Default:

MaximumExecutionFrequency.TWENTY_FOUR_HOURS

own_stack_only

Whether to check only the stack where this rule is deployed.

Default:

false

role

The IAM role to use for this rule.

It must have permissions to detect drift for AWS CloudFormation stacks. Ensure to attach config.amazonaws.com trusted permissions and ReadOnlyAccess policy permissions. For specific policy permissions, refer to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html.

Default:

  • A role will be created

rule_scope

Defines which resources trigger an evaluation for an AWS Config rule.

Default:

  • evaluations for the rule are triggered when any resource in the recording group changes.