class aws_cdk.CfnRule(scope, id, *, assertions=None, rule_condition=None)

Bases: CfnRefElement

The Rules that define template constraints in an AWS Service Catalog portfolio describe when end users can use the template and which values they can specify for parameters that are declared in the AWS CloudFormation template used to create the product they are attempting to use.

Rules are useful for preventing end users from inadvertently specifying an incorrect value. For example, you can add a rule to verify whether end users specified a valid subnet in a given VPC or used m1.small instance types for test environments. AWS CloudFormation uses rules to validate parameter values before it creates the resources for the product.

A rule can include a RuleCondition property and must include an Assertions property. For each rule, you can define only one rule condition; you can define one or more asserts within the Assertions property. You define a rule condition and assertions by using rule-specific intrinsic functions.





# cfn_template: cfn_inc.CfnInclude

# mutating the rule
# my_parameter: core.CfnParameter

rule = cfn_template.get_rule("MyRule")
rule.add_assertion(core.Fn.condition_contains(["m1.small"], my_parameter.value_as_string), "MyParameter has to be m1.small")

Creates and adds a rule.

  • scope (Construct) – The parent construct.

  • id (str) –

  • assertions (Optional[Sequence[Union[CfnRuleAssertion, Dict[str, Any]]]]) – Assertions which define the rule. Default: - No assertions for the rule.

  • rule_condition (Optional[ICfnConditionExpression]) – If the rule condition evaluates to false, the rule doesn’t take effect. If the function in the rule condition evaluates to true, expressions in each assert are evaluated and applied. Default: - Rule’s assertions will always take effect.


add_assertion(condition, description)

Adds an assertion to the rule.

  • condition (ICfnConditionExpression) – The expression to evaluation.

  • description (str) – The description of the assertion.

Return type:



Overrides the auto-generated logical ID with a specific ID.


new_logical_id (str) – The new logical ID to use for this stack element.

Return type:



Returns a string representation of this construct.

Return type:





the stack trace of the point where this Resource was created from, sourced from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most node +internal+ entries filtered.


The logical ID for this CloudFormation stack element.

The logical ID of the element is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).


the logical ID as a stringified token. This value will only get resolved during synthesis.


The tree node.


Return a string that will be resolved to a CloudFormation { Ref } for this element.

If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through Lazy.any({ produce: resource.ref }).


The stack in which this element is defined.

CfnElements must be defined within a stack scope (directly or indirectly).

Static Methods

classmethod is_cfn_element(x)

Returns true if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of instanceof to allow stack elements from different versions of this library to be included in the same stack.


x (Any) –

Return type:



The construct as a stack element or undefined if it is not a stack element.

classmethod is_construct(x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.


x (Any) – Any object.

Return type:



true if x is an object created from a class which extends Construct.