CloudFormationStackDriftDetectionCheckProps

class aws_cdk.aws_config.CloudFormationStackDriftDetectionCheckProps(*, config_rule_name=None, description=None, input_parameters=None, maximum_execution_frequency=None, rule_scope=None, own_stack_only=None, role=None)

Bases: aws_cdk.aws_config.RuleProps

Construction properties for a CloudFormationStackDriftDetectionCheck.

Parameters

  • config_rule_name (Optional[str]) – A name for the AWS Config rule. Default: - CloudFormation generated name

  • description (Optional[str]) – A description about this AWS Config rule. Default: - No description

  • input_parameters (Optional[Mapping[str, Any]]) – Input parameter values that are passed to the AWS Config rule. Default: - No input parameters

  • maximum_execution_frequency (Optional[MaximumExecutionFrequency]) – The maximum frequency at which the AWS Config rule runs evaluations. Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS

  • rule_scope (Optional[RuleScope]) – Defines which resources trigger an evaluation for an AWS Config rule. Default: - evaluations for the rule are triggered when any resource in the recording group changes.

  • own_stack_only (Optional[bool]) – Whether to check only the stack where this rule is deployed. Default: false

  • role (Optional[IRole]) – The IAM role to use for this rule. It must have permissions to detect drift for AWS CloudFormation stacks. Ensure to attach config.amazonaws.com trusted permissions and ReadOnlyAccess policy permissions. For specific policy permissions, refer to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html. Default: - A role will be created

Example:

# Example automatically generated from non-compiling source. May contain errors.
import aws_cdk.aws_config as config
import aws_cdk.aws_cdk as cdk

# compliant if stack's status is 'IN_SYNC'
# non-compliant if the stack's drift status is 'DRIFTED'
config.CloudFormationStackDriftDetectionCheck(stack, "Drift",
    own_stack_only=True
)

Attributes

config_rule_name

A name for the AWS Config rule.

Default

  • CloudFormation generated name

Return type

Optional[str]

description

A description about this AWS Config rule.

Default

  • No description

Return type

Optional[str]

input_parameters

Input parameter values that are passed to the AWS Config rule.

Default

  • No input parameters

Return type

Optional[Mapping[str, Any]]

maximum_execution_frequency

The maximum frequency at which the AWS Config rule runs evaluations.

Default

MaximumExecutionFrequency.TWENTY_FOUR_HOURS

Return type

Optional[MaximumExecutionFrequency]

own_stack_only

Whether to check only the stack where this rule is deployed.

Default

false

Return type

Optional[bool]

role

The IAM role to use for this rule.

It must have permissions to detect drift for AWS CloudFormation stacks. Ensure to attach config.amazonaws.com trusted permissions and ReadOnlyAccess policy permissions. For specific policy permissions, refer to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html.

Default

  • A role will be created

Return type

Optional[IRole]

rule_scope

Defines which resources trigger an evaluation for an AWS Config rule.

Default

  • evaluations for the rule are triggered when any resource in the recording group changes.

Return type

Optional[RuleScope]