AWS CloudFormation
User Guide (Version )

AWS::Config::ConfigRule Source

Provides the AWS Config rule owner (AWS or customer), the rule identifier, and the events that trigger the evaluation of your AWS resources.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Owner" : String, "SourceDetails" : [ SourceDetail, ... ], "SourceIdentifier" : String }

Properties

Owner

Indicates whether AWS or the customer owns and manages the AWS Config rule.

Required: Yes

Type: String

Allowed Values: AWS | CUSTOM_LAMBDA

Update requires: No interruption

SourceDetails

Provides the source and type of the event that causes AWS Config to evaluate your AWS resources.

Required: No

Type: List of SourceDetail

Maximum: 25

Update requires: No interruption

SourceIdentifier

For AWS Config managed rules, a predefined identifier from a list. For example, IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see Using AWS Managed Config Rules.

For custom rules, the identifier is the Amazon Resource Name (ARN) of the rule's AWS Lambda function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name.

Required: Yes

Type: String

Minimum: 1

Maximum: 256

Update requires: No interruption

On this page: