Interface ICfnGuardHookProps
Properties for defining a CfnGuardHook
.
Namespace: Amazon.CDK.AWS.CloudFormation
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface ICfnGuardHookProps
Syntax (vb)
Public Interface ICfnGuardHookProps
Remarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.CloudFormation;
var cfnGuardHookProps = new CfnGuardHookProps {
Alias = "alias",
ExecutionRole = "executionRole",
FailureMode = "failureMode",
HookStatus = "hookStatus",
RuleLocation = new S3LocationProperty {
Uri = "uri",
// the properties below are optional
VersionId = "versionId"
},
TargetOperations = new [] { "targetOperations" },
// the properties below are optional
LogBucket = "logBucket",
Options = new OptionsProperty {
InputParams = new S3LocationProperty {
Uri = "uri",
// the properties below are optional
VersionId = "versionId"
}
},
StackFilters = new StackFiltersProperty {
FilteringCriteria = "filteringCriteria",
// the properties below are optional
StackNames = new StackNamesProperty {
Exclude = new [] { "exclude" },
Include = new [] { "include" }
},
StackRoles = new StackRolesProperty {
Exclude = new [] { "exclude" },
Include = new [] { "include" }
}
},
TargetFilters = new TargetFiltersProperty {
Targets = new [] { new HookTargetProperty {
Action = "action",
InvocationPoint = "invocationPoint",
TargetName = "targetName"
} },
// the properties below are optional
Actions = new [] { "actions" },
InvocationPoints = new [] { "invocationPoints" },
TargetNames = new [] { "targetNames" }
}
};
Synopsis
Properties
Alias | The type name alias for the Hook. This alias must be unique per account and Region. |
Execution |
The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back. |
Failure |
Specifies how the Hook responds when rules fail their evaluation. |
Hook |
Specifies if the Hook is |
Log |
Specifies the name of an S3 bucket to store the Guard output report. |
Options | Specifies the S3 location of your input parameters. |
Rule |
Specifies the S3 location of your Guard rules. |
Stack |
Specifies the stack level filters for the Hook. |
Target |
Specifies the target filters for the Hook. |
Target |
Specifies the list of operations the Hook is run against. |
Properties
Alias
The type name alias for the Hook. This alias must be unique per account and Region.
string Alias { get; }
Property Value
System.
Remarks
The alias must be in the form Name1::Name2::Name3
and must not begin with AWS
. For example, Private::Guard::MyTestHook
.
ExecutionRole
The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back.
string ExecutionRole { get; }
Property Value
System.
Remarks
FailureMode
Specifies how the Hook responds when rules fail their evaluation.
string FailureMode { get; }
Property Value
System.
Remarks
HookStatus
Specifies if the Hook is ENABLED
or DISABLED
.
string HookStatus { get; }
Property Value
System.
Remarks
LogBucket
Specifies the name of an S3 bucket to store the Guard output report.
virtual string LogBucket { get; }
Property Value
System.
Remarks
This report contains the results of your Guard rule validations.
Options
Specifies the S3 location of your input parameters.
virtual object Options { get; }
Property Value
System.
Remarks
RuleLocation
Specifies the S3 location of your Guard rules.
object RuleLocation { get; }
Property Value
System.
Remarks
StackFilters
Specifies the stack level filters for the Hook.
virtual object StackFilters { get; }
Property Value
System.
Remarks
Example stack level filter in JSON:
"StackFilters": {"FilteringCriteria": "ALL", "StackNames": {"Exclude": [ "stack-1", "stack-2"]}}
Example stack level filter in YAML:
StackFilters: FilteringCriteria: ALL StackNames: Exclude: - stack-1 - stack-2
TargetFilters
Specifies the target filters for the Hook.
virtual object TargetFilters { get; }
Property Value
System.
Remarks
Example target filter in JSON:
"TargetFilters": {"Actions": [ "Create", "Update", "Delete" ]}
Example target filter in YAML:
TargetFilters: Actions: - CREATE - UPDATE - DELETE
TargetOperations
Specifies the list of operations the Hook is run against.
string[] TargetOperations { get; }
Property Value
System.
Remarks
For more information, see Hook targets in the AWS CloudFormation Hooks User Guide .
Valid values: STACK
| RESOURCE
| CHANGE_SET
| CLOUD_CONTROL