AWS::Config::OrganizationConformancePack - AWS CloudFormation

AWS::Config::OrganizationConformancePack

OrganizationConformancePack deploys conformance packs across member accounts in an AWS Organization. OrganizationConformancePack enables organization service access for config-multiaccountsetup.amazonaws.com through the EnableAWSServiceAccess action and creates a service linked role in the master account of your organization. The service linked role is created only when the role does not exist in the master account.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Config::OrganizationConformancePack", "Properties" : { "ConformancePackInputParameters" : [ ConformancePackInputParameter, ... ], "DeliveryS3Bucket" : String, "DeliveryS3KeyPrefix" : String, "ExcludedAccounts" : [ String, ... ], "OrganizationConformancePackName" : String, "TemplateBody" : String, "TemplateS3Uri" : String } }

YAML

Type: AWS::Config::OrganizationConformancePack Properties: ConformancePackInputParameters: - ConformancePackInputParameter DeliveryS3Bucket: String DeliveryS3KeyPrefix: String ExcludedAccounts: - String OrganizationConformancePackName: String TemplateBody: String TemplateS3Uri: String

Properties

ConformancePackInputParameters

A list of ConformancePackInputParameter objects.

Required: No

Type: List of ConformancePackInputParameter

Maximum: 60

Update requires: No interruption

DeliveryS3Bucket

Amazon S3 bucket where AWS Config stores conformance pack templates.

Note

This field is optional.

Required: No

Type: String

Minimum: 0

Maximum: 63

Update requires: No interruption

DeliveryS3KeyPrefix

Any folder structure you want to add to an Amazon S3 bucket.

Note

This field is optional.

Required: No

Type: String

Minimum: 0

Maximum: 1024

Update requires: No interruption

ExcludedAccounts

A comma-separated list of accounts excluded from organization conformance pack.

Required: No

Type: List of String

Maximum: 1000

Update requires: No interruption

OrganizationConformancePackName

The name you assign to an organization conformance pack.

Required: Yes

Type: String

Minimum: 1

Maximum: 128

Pattern: [a-zA-Z][-a-zA-Z0-9]*

Update requires: Replacement

TemplateBody

A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Required: No

Type: String

Update requires: No interruption

TemplateS3Uri

Location of file containing the template body. The uri must point to the conformance pack template (max size: 300 KB).

Required: No

Type: String

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the name of organization conformance pack.

For more information about using the Ref function, see Ref.

Examples

Organization Conformance Pack

The following example creates an organization conformance pack.

JSON

{ "Resources": { "OrganizationConformancePack": { "Type": "AWS::Config::OrganizationConformancePack", "Properties": { "OrganizationConformancePackName": "OrganizationConformancePackName", "DeliveryS3Bucket": "DeliveryS3Bucket", "TemplateS3Uri": "s3://bucketname/prefix" } } } }

YAML

--- Resources: OrganizationConformancePack: Type: AWS::Config::OrganizationConformancePack Properties: OrganizationConformancePackName: OrganizationConformancePackName DeliveryS3Bucket: DeliveryS3Bucket TemplateS3Uri: s3://bucketname/prefix