ManagedRuleProps

class aws_cdk.aws_config.ManagedRuleProps(*, config_rule_name=None, description=None, evaluation_modes=None, input_parameters=None, maximum_execution_frequency=None, rule_scope=None, identifier)

Bases: RuleProps

Construction properties for a ManagedRule.

Parameters:

  • config_rule_name (Optional[str]) – A name for the AWS Config rule. Default: - CloudFormation generated name

  • description (Optional[str]) – A description about this AWS Config rule. Default: - No description

  • evaluation_modes (Optional[EvaluationMode]) – The modes the AWS Config rule can be evaluated in. The valid values are distinct objects. Default: - Detective evaluation mode only

  • input_parameters (Optional[Mapping[str, Any]]) – Input parameter values that are passed to the AWS Config rule. Default: - No input parameters

  • maximum_execution_frequency (Optional[MaximumExecutionFrequency]) – The maximum frequency at which the AWS Config rule runs evaluations. Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS

  • rule_scope (Optional[RuleScope]) – Defines which resources trigger an evaluation for an AWS Config rule. Default: - evaluations for the rule are triggered when any resource in the recording group changes.

  • identifier (str) – The identifier of the AWS managed rule.

ExampleMetadata:

infused

Example:

# fn: lambda.Function
# sample_policy_text: str


config.ManagedRule(self, "ManagedRule",
    identifier=config.ManagedRuleIdentifiers.API_GW_XRAY_ENABLED,
    evaluation_modes=config.EvaluationMode.DETECTIVE_AND_PROACTIVE
)

config.CustomRule(self, "CustomRule",
    lambda_function=fn,
    evaluation_modes=config.EvaluationMode.PROACTIVE
)

config.CustomPolicy(self, "CustomPolicy",
    policy_text=sample_policy_text,
    evaluation_modes=config.EvaluationMode.DETECTIVE
)

Attributes

config_rule_name

A name for the AWS Config rule.

Default:

  • CloudFormation generated name

description

A description about this AWS Config rule.

Default:

  • No description

evaluation_modes

The modes the AWS Config rule can be evaluated in.

The valid values are distinct objects.

Default:

  • Detective evaluation mode only

identifier

The identifier of the AWS managed rule.

See:

https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html

input_parameters

Input parameter values that are passed to the AWS Config rule.

Default:

  • No input parameters

maximum_execution_frequency

The maximum frequency at which the AWS Config rule runs evaluations.

Default:

MaximumExecutionFrequency.TWENTY_FOUR_HOURS

rule_scope

Defines which resources trigger an evaluation for an AWS Config rule.

Default:

  • evaluations for the rule are triggered when any resource in the recording group changes.