AWS::Config::OrganizationConformancePack - AWS CloudFormation
SyntaxPropertiesReturn valuesExamples

AWS::Config::OrganizationConformancePack

OrganizationConformancePack deploys conformance packs across member accounts in an AWS Organizations. OrganizationConformancePack enables organization service access for config-multiaccountsetup.amazonaws.com through the EnableAWSServiceAccess action and creates a service linked role in the master account of your organization. The service linked role is created only when the role does not exist in the master account.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::Config::OrganizationConformancePack",
  "Properties" : {
      "ConformancePackInputParameters" : [ ConformancePackInputParameter, ... ],
      "DeliveryS3Bucket" : String,
      "DeliveryS3KeyPrefix" : String,
      "ExcludedAccounts" : [ String, ... ],
      "OrganizationConformancePackName" : String,
      "TemplateBody" : String,
      "TemplateS3Uri" : String
    }
}

YAML

Type: AWS::Config::OrganizationConformancePack
Properties:
  ConformancePackInputParameters: 
    - ConformancePackInputParameter
  DeliveryS3Bucket: String
  DeliveryS3KeyPrefix: String
  ExcludedAccounts: 
    - String
  OrganizationConformancePackName: String
  TemplateBody: String
  TemplateS3Uri: String

Properties

ConformancePackInputParameters

A list of ConformancePackInputParameter objects.

Required: No

Type: Array of ConformancePackInputParameter

Minimum: 0

Maximum: 60

Update requires: No interruption

DeliveryS3Bucket

The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.

Note

This field is optional.

Required: No

Type: String

Minimum: 0

Maximum: 63

Update requires: No interruption

DeliveryS3KeyPrefix

Any folder structure you want to add to an Amazon S3 bucket.

Note

This field is optional.

Required: No

Type: String

Minimum: 0

Maximum: 1024

Update requires: No interruption

ExcludedAccounts

A comma-separated list of accounts excluded from organization conformance pack.

Required: No

Type: Array of String

Minimum: 0

Maximum: 1000

Update requires: No interruption

OrganizationConformancePackName

The name you assign to an organization conformance pack.

Required: Yes

Type: String

Pattern: [a-zA-Z][-a-zA-Z0-9]*

Minimum: 1

Maximum: 128

Update requires: Replacement

TemplateBody

A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Required: No

Type: String

Minimum: 1

Maximum: 51200

Update requires: No interruption

TemplateS3Uri

Location of file containing the template body. The uri must point to the conformance pack template (max size: 300 KB).

Required: No

Type: String

Pattern: s3://.*

Minimum: 1

Maximum: 1024

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the name of organization conformance pack.

For more information about using the Ref function, see Ref.

Examples

Organization Conformance Pack

The following example creates an organization conformance pack.

JSON


{
    "Resources": {
        "OrganizationConformancePack": {
            "Type": "AWS::Config::OrganizationConformancePack",
            "Properties": {
                "OrganizationConformancePackName": "OrganizationConformancePackName",
                "DeliveryS3Bucket": "DeliveryS3Bucket",
                "TemplateS3Uri": "s3://bucketname/prefix"
             }
         }
     }
}

YAML


---
Resources:
    OrganizationConformancePack:
        Type: AWS::Config::OrganizationConformancePack
        Properties:
            OrganizationConformancePackName: OrganizationConformancePackName
            DeliveryS3Bucket: DeliveryS3Bucket
            TemplateS3Uri: s3://bucketname/prefix