AWS::Config::ConfigRule Scope - AWS CloudFormation

AWS::Config::ConfigRule Scope

Defines which resources trigger an evaluation for an AWS Config rule. The scope can include one or more resource types, a combination of a tag key and value, or a combination of one resource type and one resource ID. Specify a scope to constrain which resources trigger an evaluation for a rule. Otherwise, evaluations for the rule are triggered when any resource in your recording group changes in configuration.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "ComplianceResourceId" : String, "ComplianceResourceTypes" : [ String, ... ], "TagKey" : String, "TagValue" : String }

YAML

ComplianceResourceId: String ComplianceResourceTypes: - String TagKey: String TagValue: String

Properties

ComplianceResourceId

The ID of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for ComplianceResourceTypes.

Required: No

Type: String

Minimum: 1

Maximum: 768

Update requires: No interruption

ComplianceResourceTypes

The resource types of only those AWS resources that you want to trigger an evaluation for the rule. You can only specify one type if you also specify a resource ID for ComplianceResourceId.

Required: No

Type: Array of String

Minimum: 0

Maximum: 100

Update requires: No interruption

TagKey

The tag key that is applied to only those AWS resources that you want to trigger an evaluation for the rule.

Required: No

Type: String

Minimum: 1

Maximum: 128

Update requires: No interruption

TagValue

The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule. If you specify a value for TagValue, you must also specify a value for TagKey.

Required: No

Type: String

Minimum: 1

Maximum: 256

Update requires: No interruption