CfnConfigRuleProps

class aws_cdk.aws_config.CfnConfigRuleProps(*, source, compliance=None, config_rule_name=None, description=None, evaluation_modes=None, input_parameters=None, maximum_execution_frequency=None, scope=None)

Bases: object

Properties for defining a CfnConfigRule.

Parameters:
  • source (Union[IResolvable, SourceProperty, Dict[str, Any]]) – Provides the rule owner ( AWS for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.

  • compliance (Union[IResolvable, ComplianceProperty, Dict[str, Any], None]) – Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.

  • config_rule_name (Optional[str]) – A name for the AWS Config rule. If you don’t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type .

  • description (Optional[str]) – The description that you provide for the AWS Config rule.

  • evaluation_modes (Union[IResolvable, Sequence[Union[IResolvable, EvaluationModeConfigurationProperty, Dict[str, Any]]], None]) – The modes the AWS Config rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.

  • input_parameters (Optional[Any]) – A string, in JSON format, that is passed to the AWS Config rule Lambda function.

  • maximum_execution_frequency (Optional[str]) – The maximum frequency with which AWS Config runs evaluations for a rule. You can specify a value for MaximumExecutionFrequency when: - You are using an AWS managed rule that is triggered at a periodic frequency. - Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties . .. epigraph:: By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.

  • scope (Union[IResolvable, ScopeProperty, Dict[str, Any], None]) – Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. .. epigraph:: The scope can be empty.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_config as config

# input_parameters: Any

cfn_config_rule_props = config.CfnConfigRuleProps(
    source=config.CfnConfigRule.SourceProperty(
        owner="owner",

        # the properties below are optional
        custom_policy_details=config.CfnConfigRule.CustomPolicyDetailsProperty(
            enable_debug_log_delivery=False,
            policy_runtime="policyRuntime",
            policy_text="policyText"
        ),
        source_details=[config.CfnConfigRule.SourceDetailProperty(
            event_source="eventSource",
            message_type="messageType",

            # the properties below are optional
            maximum_execution_frequency="maximumExecutionFrequency"
        )],
        source_identifier="sourceIdentifier"
    ),

    # the properties below are optional
    compliance=config.CfnConfigRule.ComplianceProperty(
        type="type"
    ),
    config_rule_name="configRuleName",
    description="description",
    evaluation_modes=[config.CfnConfigRule.EvaluationModeConfigurationProperty(
        mode="mode"
    )],
    input_parameters=input_parameters,
    maximum_execution_frequency="maximumExecutionFrequency",
    scope=config.CfnConfigRule.ScopeProperty(
        compliance_resource_id="complianceResourceId",
        compliance_resource_types=["complianceResourceTypes"],
        tag_key="tagKey",
        tag_value="tagValue"
    )
)

Attributes

compliance

Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-compliance

config_rule_name

A name for the AWS Config rule.

If you don’t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-configrulename

description

The description that you provide for the AWS Config rule.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-description

evaluation_modes

The modes the AWS Config rule can be evaluated in.

The valid values are distinct objects. By default, the value is Detective evaluation mode only.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-evaluationmodes

input_parameters

A string, in JSON format, that is passed to the AWS Config rule Lambda function.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-inputparameters

maximum_execution_frequency

The maximum frequency with which AWS Config runs evaluations for a rule.

You can specify a value for MaximumExecutionFrequency when:

  • You are using an AWS managed rule that is triggered at a periodic frequency.

  • Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties .

By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-maximumexecutionfrequency

scope

Defines which resources can trigger an evaluation for the rule.

The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. .. epigraph:

The scope can be empty.
See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-scope

source

Provides the rule owner ( AWS for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-source