RuleScope

class aws_cdk.aws_config.RuleScope(*args: Any, **kwargs)

Bases: object

Determines which resources trigger an evaluation of an AWS Config rule.

ExampleMetadata

infused

Example:

# eval_compliance_fn: lambda.Function
ssh_rule = config.ManagedRule(self, "SSH",
    identifier=config.ManagedRuleIdentifiers.EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED,
    rule_scope=config.RuleScope.from_resource(config.ResourceType.EC2_SECURITY_GROUP, "sg-1234567890abcdefgh")
)
custom_rule = config.CustomRule(self, "Lambda",
    lambda_function=eval_compliance_fn,
    configuration_changes=True,
    rule_scope=config.RuleScope.from_resources([config.ResourceType.CLOUDFORMATION_STACK, config.ResourceType.S3_BUCKET])
)

tag_rule = config.CustomRule(self, "CostCenterTagRule",
    lambda_function=eval_compliance_fn,
    configuration_changes=True,
    rule_scope=config.RuleScope.from_tag("Cost Center", "MyApp")
)

Attributes

key

tag key applied to resources that will trigger evaluation of a rule.

Return type

Optional[str]

resource_id

ID of the only AWS resource that will trigger evaluation of a rule.

Return type

Optional[str]

resource_types

Resource types that will trigger evaluation of a rule.

Return type

Optional[List[ResourceType]]

value

tag value applied to resources that will trigger evaluation of a rule.

Return type

Optional[str]

Static Methods

classmethod from_resource(resource_type, resource_id=None)

restricts scope of changes to a specific resource type or resource identifier.

Parameters
  • resource_type (ResourceType) –

  • resource_id (Optional[str]) –

Return type

RuleScope

classmethod from_resources(resource_types)

restricts scope of changes to specific resource types.

Parameters

resource_types (Sequence[ResourceType]) –

Return type

RuleScope

classmethod from_tag(key, value=None)

restricts scope of changes to a specific tag.

Parameters
  • key (str) –

  • value (Optional[str]) –

Return type

RuleScope