/AWS1/CL_CFSORGCUSTPLYRULEMET¶
An object that specifies metadata for your organization's Config Custom Policy rule. The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that initiate Config to evaluate Amazon Web Services resources against a rule.
CONSTRUCTOR
¶
IMPORTING¶
Required arguments:¶
IV_POLICYRUNTIME
TYPE /AWS1/CFSPOLICYRUNTIME
/AWS1/CFSPOLICYRUNTIME
¶
The runtime system for your organization Config Custom Policy rules. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
IV_POLICYTEXT
TYPE /AWS1/CFSPOLICYTEXT
/AWS1/CFSPOLICYTEXT
¶
The policy definition containing the logic for your organization Config Custom Policy rule.
Optional arguments:¶
IV_DESCRIPTION
TYPE /AWS1/CFSSTRWITHCHARLMT256MIN0
/AWS1/CFSSTRWITHCHARLMT256MIN0
¶
The description that you provide for your organization Config Custom Policy rule.
IT_ORGCONFIGRULETRIGGERTYPES
TYPE /AWS1/CL_CFSORGCFGRLTRIGGERT01=>TT_ORGCFGRULETRIGGERTYPENOSNS
TT_ORGCFGRULETRIGGERTYPENOSNS
¶
The type of notification that initiates Config to run an evaluation for a rule. For Config Custom Policy rules, Config supports change-initiated notification types:
ConfigurationItemChangeNotification
- Initiates an evaluation when Config delivers a configuration item as a result of a resource change.
OversizedConfigurationItemChangeNotification
- Initiates an evaluation when Config delivers an oversized configuration item. Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
IV_INPUTPARAMETERS
TYPE /AWS1/CFSSTRWITHCHARLIMIT2048
/AWS1/CFSSTRWITHCHARLIMIT2048
¶
A string, in JSON format, that is passed to your organization Config Custom Policy rule.
IV_MAXIMUMEXECUTIONFREQUENCY
TYPE /AWS1/CFSMAXIMUMEXECFREQUENCY
/AWS1/CFSMAXIMUMEXECFREQUENCY
¶
The maximum frequency with which Config runs evaluations for a rule. Your Config Custom Policy rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
IT_RESOURCETYPESSCOPE
TYPE /AWS1/CL_CFSRESRCTYPESSCOPE_W=>TT_RESOURCETYPESSCOPE
TT_RESOURCETYPESSCOPE
¶
The type of the Amazon Web Services resource that was evaluated.
IV_RESOURCEIDSCOPE
TYPE /AWS1/CFSSTRWITHCHARLIMIT768
/AWS1/CFSSTRWITHCHARLIMIT768
¶
The ID of the Amazon Web Services resource that was evaluated.
IV_TAGKEYSCOPE
TYPE /AWS1/CFSSTRWITHCHARLIMIT128
/AWS1/CFSSTRWITHCHARLIMIT128
¶
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
IV_TAGVALUESCOPE
TYPE /AWS1/CFSSTRWITHCHARLIMIT256
/AWS1/CFSSTRWITHCHARLIMIT256
¶
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
IT_DEBUGLOGDELIVERYACCOUNTS
TYPE /AWS1/CL_CFSDEBUGLOGDELIVERY00=>TT_DEBUGLOGDELIVERYACCOUNTS
TT_DEBUGLOGDELIVERYACCOUNTS
¶
A list of accounts that you can enable debug logging for your organization Config Custom Policy rule. List is null when debug logging is enabled for all accounts.
Queryable Attributes¶
Description¶
The description that you provide for your organization Config Custom Policy rule.
Accessible with the following methods¶
Method | Description |
---|---|
GET_DESCRIPTION() |
Getter for DESCRIPTION, with configurable default |
ASK_DESCRIPTION() |
Getter for DESCRIPTION w/ exceptions if field has no value |
HAS_DESCRIPTION() |
Determine if DESCRIPTION has a value |
OrganizationConfigRuleTriggerTypes¶
The type of notification that initiates Config to run an evaluation for a rule. For Config Custom Policy rules, Config supports change-initiated notification types:
ConfigurationItemChangeNotification
- Initiates an evaluation when Config delivers a configuration item as a result of a resource change.
OversizedConfigurationItemChangeNotification
- Initiates an evaluation when Config delivers an oversized configuration item. Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
Accessible with the following methods¶
Method | Description |
---|---|
GET_ORGCFGRULETRIGGERTYPES() |
Getter for ORGCONFIGRULETRIGGERTYPES, with configurable defa |
ASK_ORGCFGRULETRIGGERTYPES() |
Getter for ORGCONFIGRULETRIGGERTYPES w/ exceptions if field |
HAS_ORGCFGRULETRIGGERTYPES() |
Determine if ORGCONFIGRULETRIGGERTYPES has a value |
InputParameters¶
A string, in JSON format, that is passed to your organization Config Custom Policy rule.
Accessible with the following methods¶
Method | Description |
---|---|
GET_INPUTPARAMETERS() |
Getter for INPUTPARAMETERS, with configurable default |
ASK_INPUTPARAMETERS() |
Getter for INPUTPARAMETERS w/ exceptions if field has no val |
HAS_INPUTPARAMETERS() |
Determine if INPUTPARAMETERS has a value |
MaximumExecutionFrequency¶
The maximum frequency with which Config runs evaluations for a rule. Your Config Custom Policy rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
Accessible with the following methods¶
Method | Description |
---|---|
GET_MAXIMUMEXECFREQUENCY() |
Getter for MAXIMUMEXECUTIONFREQUENCY, with configurable defa |
ASK_MAXIMUMEXECFREQUENCY() |
Getter for MAXIMUMEXECUTIONFREQUENCY w/ exceptions if field |
HAS_MAXIMUMEXECFREQUENCY() |
Determine if MAXIMUMEXECUTIONFREQUENCY has a value |
ResourceTypesScope¶
The type of the Amazon Web Services resource that was evaluated.
Accessible with the following methods¶
Method | Description |
---|---|
GET_RESOURCETYPESSCOPE() |
Getter for RESOURCETYPESSCOPE, with configurable default |
ASK_RESOURCETYPESSCOPE() |
Getter for RESOURCETYPESSCOPE w/ exceptions if field has no |
HAS_RESOURCETYPESSCOPE() |
Determine if RESOURCETYPESSCOPE has a value |
ResourceIdScope¶
The ID of the Amazon Web Services resource that was evaluated.
Accessible with the following methods¶
Method | Description |
---|---|
GET_RESOURCEIDSCOPE() |
Getter for RESOURCEIDSCOPE, with configurable default |
ASK_RESOURCEIDSCOPE() |
Getter for RESOURCEIDSCOPE w/ exceptions if field has no val |
HAS_RESOURCEIDSCOPE() |
Determine if RESOURCEIDSCOPE has a value |
TagKeyScope¶
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
Accessible with the following methods¶
Method | Description |
---|---|
GET_TAGKEYSCOPE() |
Getter for TAGKEYSCOPE, with configurable default |
ASK_TAGKEYSCOPE() |
Getter for TAGKEYSCOPE w/ exceptions if field has no value |
HAS_TAGKEYSCOPE() |
Determine if TAGKEYSCOPE has a value |
TagValueScope¶
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
Accessible with the following methods¶
Method | Description |
---|---|
GET_TAGVALUESCOPE() |
Getter for TAGVALUESCOPE, with configurable default |
ASK_TAGVALUESCOPE() |
Getter for TAGVALUESCOPE w/ exceptions if field has no value |
HAS_TAGVALUESCOPE() |
Determine if TAGVALUESCOPE has a value |
PolicyRuntime¶
The runtime system for your organization Config Custom Policy rules. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
Accessible with the following methods¶
Method | Description |
---|---|
GET_POLICYRUNTIME() |
Getter for POLICYRUNTIME, with configurable default |
ASK_POLICYRUNTIME() |
Getter for POLICYRUNTIME w/ exceptions if field has no value |
HAS_POLICYRUNTIME() |
Determine if POLICYRUNTIME has a value |
PolicyText¶
The policy definition containing the logic for your organization Config Custom Policy rule.
Accessible with the following methods¶
Method | Description |
---|---|
GET_POLICYTEXT() |
Getter for POLICYTEXT, with configurable default |
ASK_POLICYTEXT() |
Getter for POLICYTEXT w/ exceptions if field has no value |
HAS_POLICYTEXT() |
Determine if POLICYTEXT has a value |
DebugLogDeliveryAccounts¶
A list of accounts that you can enable debug logging for your organization Config Custom Policy rule. List is null when debug logging is enabled for all accounts.
Accessible with the following methods¶
Method | Description |
---|---|
GET_DEBUGLOGDELIVERYACCOUNTS() |
Getter for DEBUGLOGDELIVERYACCOUNTS, with configurable defau |
ASK_DEBUGLOGDELIVERYACCOUNTS() |
Getter for DEBUGLOGDELIVERYACCOUNTS w/ exceptions if field h |
HAS_DEBUGLOGDELIVERYACCOUNTS() |
Determine if DEBUGLOGDELIVERYACCOUNTS has a value |