CfnGuardHookMixinProps

class aws_cdk.mixins_preview.aws_cloudformation.mixins.CfnGuardHookMixinProps(*, alias=None, execution_role=None, failure_mode=None, hook_status=None, log_bucket=None, options=None, rule_location=None, stack_filters=None, target_filters=None, target_operations=None)

Bases: object

Properties for CfnGuardHookPropsMixin.

Parameters:

alias (Optional[str]) – The type name alias for the Hook. This alias must be unique per account and Region. The alias must be in the form Name1::Name2::Name3 and must not begin with AWS . For example, Private::Guard::MyTestHook .
execution_role (Optional[str]) – The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back.
failure_mode (Optional[str]) – Specifies how the Hook responds when rules fail their evaluation. - FAIL : Prevents the action from proceeding. This is helpful for enforcing strict compliance or security policies. - WARN : Issues warnings to users but allows actions to continue. This is useful for non-critical validations or informational checks. Default: - “WARN”
hook_status (Optional[str]) – Specifies if the Hook is ENABLED or DISABLED . Default: - “DISABLED”
log_bucket (Optional[str]) – Specifies the name of an S3 bucket to store the Guard output report. This report contains the results of your Guard rule validations.
options (Union[IResolvable, OptionsProperty, Dict[str, Any], None]) – Specifies the S3 location of your input parameters.
rule_location (Union[IResolvable, S3LocationProperty, Dict[str, Any], None]) – Specifies the S3 location of your Guard rules.
stack_filters (Union[IResolvable, StackFiltersProperty, Dict[str, Any], None]) – Specifies the stack level filters for the Hook. Example stack level filter in JSON: "StackFilters": {"FilteringCriteria": "ALL", "StackNames": {"Exclude": [ "stack-1", "stack-2"]}} Example stack level filter in YAML: StackFilters: FilteringCriteria: ALL StackNames: Exclude: - stack-1 - stack-2
target_filters (Union[IResolvable, TargetFiltersProperty, Dict[str, Any], None]) – Specifies the target filters for the Hook. Example target filter in JSON: "TargetFilters": {"Actions": [ "CREATE", "UPDATE", "DELETE" ]} Example target filter in YAML: TargetFilters: Actions: - CREATE - UPDATE - DELETE
target_operations (Optional[Sequence[str]]) – Specifies the list of operations the Hook is run against. For more information, see Hook targets in the CloudFormation Hooks User Guide . Valid values: STACK | RESOURCE | CHANGE_SET | CLOUD_CONTROL

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_cloudformation import mixins as cloudformation_mixins

cfn_guard_hook_mixin_props = cloudformation_mixins.CfnGuardHookMixinProps(
    alias="alias",
    execution_role="executionRole",
    failure_mode="failureMode",
    hook_status="hookStatus",
    log_bucket="logBucket",
    options=cloudformation_mixins.CfnGuardHookPropsMixin.OptionsProperty(
        input_params=cloudformation_mixins.CfnGuardHookPropsMixin.S3LocationProperty(
            uri="uri",
            version_id="versionId"
        )
    ),
    rule_location=cloudformation_mixins.CfnGuardHookPropsMixin.S3LocationProperty(
        uri="uri",
        version_id="versionId"
    ),
    stack_filters=cloudformation_mixins.CfnGuardHookPropsMixin.StackFiltersProperty(
        filtering_criteria="filteringCriteria",
        stack_names=cloudformation_mixins.CfnGuardHookPropsMixin.StackNamesProperty(
            exclude=["exclude"],
            include=["include"]
        ),
        stack_roles=cloudformation_mixins.CfnGuardHookPropsMixin.StackRolesProperty(
            exclude=["exclude"],
            include=["include"]
        )
    ),
    target_filters=cloudformation_mixins.CfnGuardHookPropsMixin.TargetFiltersProperty(
        actions=["actions"],
        invocation_points=["invocationPoints"],
        target_names=["targetNames"],
        targets=[cloudformation_mixins.CfnGuardHookPropsMixin.HookTargetProperty(
            action="action",
            invocation_point="invocationPoint",
            target_name="targetName"
        )]
    ),
    target_operations=["targetOperations"]
)

Attributes

alias

The type name alias for the Hook. This alias must be unique per account and Region.

The alias must be in the form Name1::Name2::Name3 and must not begin with AWS . For example, Private::Guard::MyTestHook .

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html#cfn-cloudformation-guardhook-alias

execution_role

The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html#cfn-cloudformation-guardhook-executionrole

failure_mode

Specifies how the Hook responds when rules fail their evaluation.

FAIL : Prevents the action from proceeding. This is helpful for enforcing strict compliance or security policies.
WARN : Issues warnings to users but allows actions to continue. This is useful for non-critical validations or informational checks.

Default: