RuleScope¶
-
class
aws_cdk.aws_config.
RuleScope
(*args: Any, **kwargs)¶ Bases:
object
Determines which resources trigger an evaluation of an AWS Config rule.
- ExampleMetadata
infused
Example:
# eval_compliance_fn: lambda.Function ssh_rule = config.ManagedRule(self, "SSH", identifier=config.ManagedRuleIdentifiers.EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED, rule_scope=config.RuleScope.from_resource(config.ResourceType.EC2_SECURITY_GROUP, "sg-1234567890abcdefgh") ) custom_rule = config.CustomRule(self, "Lambda", lambda_function=eval_compliance_fn, configuration_changes=True, rule_scope=config.RuleScope.from_resources([config.ResourceType.CLOUDFORMATION_STACK, config.ResourceType.S3_BUCKET]) ) tag_rule = config.CustomRule(self, "CostCenterTagRule", lambda_function=eval_compliance_fn, configuration_changes=True, rule_scope=config.RuleScope.from_tag("Cost Center", "MyApp") )
Attributes
-
key
¶ tag key applied to resources that will trigger evaluation of a rule.
- Return type
Optional
[str
]
-
resource_id
¶ ID of the only AWS resource that will trigger evaluation of a rule.
- Return type
Optional
[str
]
-
resource_types
¶ Resource types that will trigger evaluation of a rule.
- Return type
Optional
[List
[ResourceType
]]
-
value
¶ tag value applied to resources that will trigger evaluation of a rule.
- Return type
Optional
[str
]
Static Methods
-
classmethod
from_resource
(resource_type, resource_id=None)¶ restricts scope of changes to a specific resource type or resource identifier.
- Parameters
resource_type (
ResourceType
) –resource_id (
Optional
[str
]) –
- Return type
-
classmethod
from_resources
(resource_types)¶ restricts scope of changes to specific resource types.
- Parameters
resource_types (
Sequence
[ResourceType
]) –- Return type