1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. configuration
  5. getConfigRule

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

aws-native.configuration.getConfigRule

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

    You must first create and start the CC configuration recorder in order to create CC managed rules with CFNlong. For more information, see Managing the Configuration Recorder. Adds or updates an CC rule to evaluate if your AWS resources comply with your desired configurations. For information on how many CC rules you can have per account, see Service Limits in the Developer Guide. There are two types of rules: Managed Rules and Custom Rules. You can use the ConfigRule resource to create both CC Managed Rules and CC Custom Rules. CC Managed Rules are predefined, customizable rules created by CC. For a list of managed rules, see List of Managed Rules. If you are adding an CC managed rule, you must specify the rule’s identifier for the SourceIdentifier key. CC Custom Rules are rules that you create from scratch. There are two ways to create CC custom rules: with Lambda functions (Developer Guide) and with CFNGUARDshort (Guard GitHub Repository), a policy-as-code language. CC custom rules created with LAMlong are called Custom Lambda Rules and CC custom rules created with CFNGUARDshort are called Custom Policy Rules. If you are adding a new CC Custom LAM rule, you first need to create an LAMlong function that the rule invokes to evaluate your resources. When you use the ConfigRule resource to add a Custom LAM rule to CC, you must specify the Amazon Resource Name (ARN) that LAMlong assigns to the function. You specify the ARN in the SourceIdentifier key. This key is part of the Source object, which is part of the ConfigRule object. For any new CC rule that you add, specify the ConfigRuleName in the ConfigRule object. Do not specify the ConfigRuleArn or the ConfigRuleId. These values are generated by CC for new rules. If you are updating a rule that you added previously, you can specify the rule by ConfigRuleName, ConfigRuleId, or ConfigRuleArn in the ConfigRule data type that you use in this request. For more information about developing and using CC rules, see Evaluating Resources with Rules in the Developer Guide.

    Using getConfigRule

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getConfigRule(args: GetConfigRuleArgs, opts?: InvokeOptions): Promise<GetConfigRuleResult>
    function getConfigRuleOutput(args: GetConfigRuleOutputArgs, opts?: InvokeOptions): Output<GetConfigRuleResult>
    def get_config_rule(config_rule_name: Optional[str] = None,
                        opts: Optional[InvokeOptions] = None) -> GetConfigRuleResult
    def get_config_rule_output(config_rule_name: Optional[pulumi.Input[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetConfigRuleResult]
    func LookupConfigRule(ctx *Context, args *LookupConfigRuleArgs, opts ...InvokeOption) (*LookupConfigRuleResult, error)
    func LookupConfigRuleOutput(ctx *Context, args *LookupConfigRuleOutputArgs, opts ...InvokeOption) LookupConfigRuleResultOutput

    > Note: This function is named LookupConfigRule in the Go SDK.

    public static class GetConfigRule 
    {
        public static Task<GetConfigRuleResult> InvokeAsync(GetConfigRuleArgs args, InvokeOptions? opts = null)
        public static Output<GetConfigRuleResult> Invoke(GetConfigRuleInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetConfigRuleResult> getConfigRule(GetConfigRuleArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: aws-native:configuration:getConfigRule
      arguments:
        # arguments dictionary

    The following arguments are supported:

    ConfigRuleName string
    A name for the CC rule. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type.
    ConfigRuleName string
    A name for the CC rule. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type.
    configRuleName String
    A name for the CC rule. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type.
    configRuleName string
    A name for the CC rule. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type.
    config_rule_name str
    A name for the CC rule. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type.
    configRuleName String
    A name for the CC rule. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type.

    getConfigRule Result

    The following output properties are available:

    Arn string
    The Amazon Resource Name (ARN) of the AWS Config rule, such as arn:aws:config:us-east-1:123456789012:config-rule/config-rule-a1bzhi .
    Compliance Pulumi.AwsNative.Configuration.Outputs.ComplianceProperties
    Indicates whether an AWS resource or CC rule is compliant and provides the number of contributors that affect the compliance.
    ConfigRuleId string
    The ID of the AWS Config rule, such as config-rule-a1bzhi .
    Description string
    The description that you provide for the CC rule.
    EvaluationModes List<Pulumi.AwsNative.Configuration.Outputs.ConfigRuleEvaluationModeConfiguration>
    The modes the CC rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.
    InputParameters object

    A string, in JSON format, that is passed to the CC rule Lambda function.

    Search the CloudFormation User Guide for AWS::Config::ConfigRule for more information about the expected schema for this property.

    MaximumExecutionFrequency string

    The maximum frequency with which CC runs evaluations for a rule. You can specify a value for MaximumExecutionFrequency when:

    • You are using an AWS managed rule that is triggered at a periodic frequency.
    • Your custom rule is triggered when CC delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.

    By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.

    Scope Pulumi.AwsNative.Configuration.Outputs.ConfigRuleScope
    Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. The scope can be empty.
    Source Pulumi.AwsNative.Configuration.Outputs.ConfigRuleSource
    Provides the rule owner (```` for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.
    Arn string
    The Amazon Resource Name (ARN) of the AWS Config rule, such as arn:aws:config:us-east-1:123456789012:config-rule/config-rule-a1bzhi .
    Compliance ComplianceProperties
    Indicates whether an AWS resource or CC rule is compliant and provides the number of contributors that affect the compliance.
    ConfigRuleId string
    The ID of the AWS Config rule, such as config-rule-a1bzhi .
    Description string
    The description that you provide for the CC rule.
    EvaluationModes []ConfigRuleEvaluationModeConfiguration
    The modes the CC rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.
    InputParameters interface{}

    A string, in JSON format, that is passed to the CC rule Lambda function.

    Search the CloudFormation User Guide for AWS::Config::ConfigRule for more information about the expected schema for this property.

    MaximumExecutionFrequency string

    The maximum frequency with which CC runs evaluations for a rule. You can specify a value for MaximumExecutionFrequency when:

    • You are using an AWS managed rule that is triggered at a periodic frequency.
    • Your custom rule is triggered when CC delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.

    By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.

    Scope ConfigRuleScope
    Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. The scope can be empty.
    Source ConfigRuleSource
    Provides the rule owner (```` for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.
    arn String
    The Amazon Resource Name (ARN) of the AWS Config rule, such as arn:aws:config:us-east-1:123456789012:config-rule/config-rule-a1bzhi .
    compliance ComplianceProperties
    Indicates whether an AWS resource or CC rule is compliant and provides the number of contributors that affect the compliance.
    configRuleId String
    The ID of the AWS Config rule, such as config-rule-a1bzhi .
    description String
    The description that you provide for the CC rule.
    evaluationModes List<ConfigRuleEvaluationModeConfiguration>
    The modes the CC rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.
    inputParameters Object

    A string, in JSON format, that is passed to the CC rule Lambda function.

    Search the CloudFormation User Guide for AWS::Config::ConfigRule for more information about the expected schema for this property.

    maximumExecutionFrequency String

    The maximum frequency with which CC runs evaluations for a rule. You can specify a value for MaximumExecutionFrequency when:

    • You are using an AWS managed rule that is triggered at a periodic frequency.
    • Your custom rule is triggered when CC delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.

    By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.

    scope ConfigRuleScope
    Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. The scope can be empty.
    source ConfigRuleSource
    Provides the rule owner (```` for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.
    arn string
    The Amazon Resource Name (ARN) of the AWS Config rule, such as arn:aws:config:us-east-1:123456789012:config-rule/config-rule-a1bzhi .
    compliance ComplianceProperties
    Indicates whether an AWS resource or CC rule is compliant and provides the number of contributors that affect the compliance.
    configRuleId string
    The ID of the AWS Config rule, such as config-rule-a1bzhi .
    description string
    The description that you provide for the CC rule.
    evaluationModes ConfigRuleEvaluationModeConfiguration[]
    The modes the CC rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.
    inputParameters any

    A string, in JSON format, that is passed to the CC rule Lambda function.

    Search the CloudFormation User Guide for AWS::Config::ConfigRule for more information about the expected schema for this property.

    maximumExecutionFrequency string

    The maximum frequency with which CC runs evaluations for a rule. You can specify a value for MaximumExecutionFrequency when:

    • You are using an AWS managed rule that is triggered at a periodic frequency.
    • Your custom rule is triggered when CC delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.

    By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.

    scope ConfigRuleScope
    Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. The scope can be empty.
    source ConfigRuleSource
    Provides the rule owner (```` for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.
    arn str
    The Amazon Resource Name (ARN) of the AWS Config rule, such as arn:aws:config:us-east-1:123456789012:config-rule/config-rule-a1bzhi .
    compliance ComplianceProperties
    Indicates whether an AWS resource or CC rule is compliant and provides the number of contributors that affect the compliance.
    config_rule_id str
    The ID of the AWS Config rule, such as config-rule-a1bzhi .
    description str
    The description that you provide for the CC rule.
    evaluation_modes Sequence[ConfigRuleEvaluationModeConfiguration]
    The modes the CC rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.
    input_parameters Any

    A string, in JSON format, that is passed to the CC rule Lambda function.

    Search the CloudFormation User Guide for AWS::Config::ConfigRule for more information about the expected schema for this property.

    maximum_execution_frequency str

    The maximum frequency with which CC runs evaluations for a rule. You can specify a value for MaximumExecutionFrequency when:

    • You are using an AWS managed rule that is triggered at a periodic frequency.
    • Your custom rule is triggered when CC delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.

    By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.

    scope ConfigRuleScope
    Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. The scope can be empty.
    source ConfigRuleSource
    Provides the rule owner (```` for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.
    arn String
    The Amazon Resource Name (ARN) of the AWS Config rule, such as arn:aws:config:us-east-1:123456789012:config-rule/config-rule-a1bzhi .
    compliance Property Map
    Indicates whether an AWS resource or CC rule is compliant and provides the number of contributors that affect the compliance.
    configRuleId String
    The ID of the AWS Config rule, such as config-rule-a1bzhi .
    description String
    The description that you provide for the CC rule.
    evaluationModes List<Property Map>
    The modes the CC rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.
    inputParameters Any

    A string, in JSON format, that is passed to the CC rule Lambda function.

    Search the CloudFormation User Guide for AWS::Config::ConfigRule for more information about the expected schema for this property.

    maximumExecutionFrequency String

    The maximum frequency with which CC runs evaluations for a rule. You can specify a value for MaximumExecutionFrequency when:

    • You are using an AWS managed rule that is triggered at a periodic frequency.
    • Your custom rule is triggered when CC delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.

    By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.

    scope Property Map
    Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. The scope can be empty.
    source Property Map
    Provides the rule owner (```` for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.

    Supporting Types

    ComplianceProperties

    Type string
    Compliance type determined by the Config rule
    Type string
    Compliance type determined by the Config rule
    type String
    Compliance type determined by the Config rule
    type string
    Compliance type determined by the Config rule
    type str
    Compliance type determined by the Config rule
    type String
    Compliance type determined by the Config rule

    ConfigRuleCustomPolicyDetails

    EnableDebugLogDelivery bool
    The boolean expression for enabling debug logging for your CC Custom Policy rule. The default value is false.
    PolicyRuntime string
    The runtime system for your CC Custom Policy rule. Guard is a policy-as-code language that allows you to write policies that are enforced by CC Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
    PolicyText string
    The policy definition containing the logic for your CC Custom Policy rule.
    EnableDebugLogDelivery bool
    The boolean expression for enabling debug logging for your CC Custom Policy rule. The default value is false.
    PolicyRuntime string
    The runtime system for your CC Custom Policy rule. Guard is a policy-as-code language that allows you to write policies that are enforced by CC Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
    PolicyText string
    The policy definition containing the logic for your CC Custom Policy rule.
    enableDebugLogDelivery Boolean
    The boolean expression for enabling debug logging for your CC Custom Policy rule. The default value is false.
    policyRuntime String
    The runtime system for your CC Custom Policy rule. Guard is a policy-as-code language that allows you to write policies that are enforced by CC Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
    policyText String
    The policy definition containing the logic for your CC Custom Policy rule.
    enableDebugLogDelivery boolean
    The boolean expression for enabling debug logging for your CC Custom Policy rule. The default value is false.
    policyRuntime string
    The runtime system for your CC Custom Policy rule. Guard is a policy-as-code language that allows you to write policies that are enforced by CC Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
    policyText string
    The policy definition containing the logic for your CC Custom Policy rule.
    enable_debug_log_delivery bool
    The boolean expression for enabling debug logging for your CC Custom Policy rule. The default value is false.
    policy_runtime str
    The runtime system for your CC Custom Policy rule. Guard is a policy-as-code language that allows you to write policies that are enforced by CC Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
    policy_text str
    The policy definition containing the logic for your CC Custom Policy rule.
    enableDebugLogDelivery Boolean
    The boolean expression for enabling debug logging for your CC Custom Policy rule. The default value is false.
    policyRuntime String
    The runtime system for your CC Custom Policy rule. Guard is a policy-as-code language that allows you to write policies that are enforced by CC Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.
    policyText String
    The policy definition containing the logic for your CC Custom Policy rule.

    ConfigRuleEvaluationModeConfiguration

    Mode string
    The mode of an evaluation. The valid values are Detective or Proactive.
    Mode string
    The mode of an evaluation. The valid values are Detective or Proactive.
    mode String
    The mode of an evaluation. The valid values are Detective or Proactive.
    mode string
    The mode of an evaluation. The valid values are Detective or Proactive.
    mode str
    The mode of an evaluation. The valid values are Detective or Proactive.
    mode String
    The mode of an evaluation. The valid values are Detective or Proactive.

    ConfigRuleScope

    ComplianceResourceId string
    The ID of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for ComplianceResourceTypes.
    ComplianceResourceTypes List<string>
    The resource types of only those AWS resources that you want to trigger an evaluation for the rule. You can only specify one type if you also specify a resource ID for ComplianceResourceId.
    TagKey string
    The tag key that is applied to only those AWS resources that you want to trigger an evaluation for the rule.
    TagValue string
    The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule. If you specify a value for TagValue, you must also specify a value for TagKey.
    ComplianceResourceId string
    The ID of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for ComplianceResourceTypes.
    ComplianceResourceTypes []string
    The resource types of only those AWS resources that you want to trigger an evaluation for the rule. You can only specify one type if you also specify a resource ID for ComplianceResourceId.
    TagKey string
    The tag key that is applied to only those AWS resources that you want to trigger an evaluation for the rule.
    TagValue string
    The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule. If you specify a value for TagValue, you must also specify a value for TagKey.
    complianceResourceId String
    The ID of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for ComplianceResourceTypes.
    complianceResourceTypes List<String>
    The resource types of only those AWS resources that you want to trigger an evaluation for the rule. You can only specify one type if you also specify a resource ID for ComplianceResourceId.
    tagKey String
    The tag key that is applied to only those AWS resources that you want to trigger an evaluation for the rule.
    tagValue String
    The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule. If you specify a value for TagValue, you must also specify a value for TagKey.
    complianceResourceId string
    The ID of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for ComplianceResourceTypes.
    complianceResourceTypes string[]
    The resource types of only those AWS resources that you want to trigger an evaluation for the rule. You can only specify one type if you also specify a resource ID for ComplianceResourceId.
    tagKey string
    The tag key that is applied to only those AWS resources that you want to trigger an evaluation for the rule.
    tagValue string
    The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule. If you specify a value for TagValue, you must also specify a value for TagKey.
    compliance_resource_id str
    The ID of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for ComplianceResourceTypes.
    compliance_resource_types Sequence[str]
    The resource types of only those AWS resources that you want to trigger an evaluation for the rule. You can only specify one type if you also specify a resource ID for ComplianceResourceId.
    tag_key str
    The tag key that is applied to only those AWS resources that you want to trigger an evaluation for the rule.
    tag_value str
    The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule. If you specify a value for TagValue, you must also specify a value for TagKey.
    complianceResourceId String
    The ID of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for ComplianceResourceTypes.
    complianceResourceTypes List<String>
    The resource types of only those AWS resources that you want to trigger an evaluation for the rule. You can only specify one type if you also specify a resource ID for ComplianceResourceId.
    tagKey String
    The tag key that is applied to only those AWS resources that you want to trigger an evaluation for the rule.
    tagValue String
    The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule. If you specify a value for TagValue, you must also specify a value for TagKey.

    ConfigRuleSource

    Owner string
    Indicates whether AWS or the customer owns and manages the CC rule. CC Managed Rules are predefined rules owned by AWS. For more information, see Managed Rules in the developer guide. CC Custom Rules are rules that you can develop either with Guard (CUSTOM_POLICY) or LAMlong (CUSTOM_LAMBDA). For more information, see Custom Rules in the developer guide.
    CustomPolicyDetails Pulumi.AwsNative.Configuration.Inputs.ConfigRuleCustomPolicyDetails
    Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set to CUSTOM_POLICY.
    SourceDetails List<Pulumi.AwsNative.Configuration.Inputs.ConfigRuleSourceDetail>
    Provides the source and the message types that cause CC to evaluate your AWS resources against a rule. It also provides the frequency with which you want CC to run evaluations for the rule if the trigger type is periodic. If the owner is set to CUSTOM_POLICY, the only acceptable values for the CC rule trigger message type are ConfigurationItemChangeNotification and OversizedConfigurationItemChangeNotification.
    SourceIdentifier string
    For CC Managed rules, a predefined identifier from a list. For example, IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see List of Managed Rules. For CC Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's LAMlong function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name. For CC Custom Policy rules, this field will be ignored.
    Owner string
    Indicates whether AWS or the customer owns and manages the CC rule. CC Managed Rules are predefined rules owned by AWS. For more information, see Managed Rules in the developer guide. CC Custom Rules are rules that you can develop either with Guard (CUSTOM_POLICY) or LAMlong (CUSTOM_LAMBDA). For more information, see Custom Rules in the developer guide.
    CustomPolicyDetails ConfigRuleCustomPolicyDetails
    Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set to CUSTOM_POLICY.
    SourceDetails []ConfigRuleSourceDetail
    Provides the source and the message types that cause CC to evaluate your AWS resources against a rule. It also provides the frequency with which you want CC to run evaluations for the rule if the trigger type is periodic. If the owner is set to CUSTOM_POLICY, the only acceptable values for the CC rule trigger message type are ConfigurationItemChangeNotification and OversizedConfigurationItemChangeNotification.
    SourceIdentifier string
    For CC Managed rules, a predefined identifier from a list. For example, IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see List of Managed Rules. For CC Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's LAMlong function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name. For CC Custom Policy rules, this field will be ignored.
    owner String
    Indicates whether AWS or the customer owns and manages the CC rule. CC Managed Rules are predefined rules owned by AWS. For more information, see Managed Rules in the developer guide. CC Custom Rules are rules that you can develop either with Guard (CUSTOM_POLICY) or LAMlong (CUSTOM_LAMBDA). For more information, see Custom Rules in the developer guide.
    customPolicyDetails ConfigRuleCustomPolicyDetails
    Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set to CUSTOM_POLICY.
    sourceDetails List<ConfigRuleSourceDetail>
    Provides the source and the message types that cause CC to evaluate your AWS resources against a rule. It also provides the frequency with which you want CC to run evaluations for the rule if the trigger type is periodic. If the owner is set to CUSTOM_POLICY, the only acceptable values for the CC rule trigger message type are ConfigurationItemChangeNotification and OversizedConfigurationItemChangeNotification.
    sourceIdentifier String
    For CC Managed rules, a predefined identifier from a list. For example, IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see List of Managed Rules. For CC Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's LAMlong function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name. For CC Custom Policy rules, this field will be ignored.
    owner string
    Indicates whether AWS or the customer owns and manages the CC rule. CC Managed Rules are predefined rules owned by AWS. For more information, see Managed Rules in the developer guide. CC Custom Rules are rules that you can develop either with Guard (CUSTOM_POLICY) or LAMlong (CUSTOM_LAMBDA). For more information, see Custom Rules in the developer guide.
    customPolicyDetails ConfigRuleCustomPolicyDetails
    Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set to CUSTOM_POLICY.
    sourceDetails ConfigRuleSourceDetail[]
    Provides the source and the message types that cause CC to evaluate your AWS resources against a rule. It also provides the frequency with which you want CC to run evaluations for the rule if the trigger type is periodic. If the owner is set to CUSTOM_POLICY, the only acceptable values for the CC rule trigger message type are ConfigurationItemChangeNotification and OversizedConfigurationItemChangeNotification.
    sourceIdentifier string
    For CC Managed rules, a predefined identifier from a list. For example, IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see List of Managed Rules. For CC Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's LAMlong function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name. For CC Custom Policy rules, this field will be ignored.
    owner str
    Indicates whether AWS or the customer owns and manages the CC rule. CC Managed Rules are predefined rules owned by AWS. For more information, see Managed Rules in the developer guide. CC Custom Rules are rules that you can develop either with Guard (CUSTOM_POLICY) or LAMlong (CUSTOM_LAMBDA). For more information, see Custom Rules in the developer guide.
    custom_policy_details ConfigRuleCustomPolicyDetails
    Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set to CUSTOM_POLICY.
    source_details Sequence[ConfigRuleSourceDetail]
    Provides the source and the message types that cause CC to evaluate your AWS resources against a rule. It also provides the frequency with which you want CC to run evaluations for the rule if the trigger type is periodic. If the owner is set to CUSTOM_POLICY, the only acceptable values for the CC rule trigger message type are ConfigurationItemChangeNotification and OversizedConfigurationItemChangeNotification.
    source_identifier str
    For CC Managed rules, a predefined identifier from a list. For example, IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see List of Managed Rules. For CC Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's LAMlong function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name. For CC Custom Policy rules, this field will be ignored.
    owner String
    Indicates whether AWS or the customer owns and manages the CC rule. CC Managed Rules are predefined rules owned by AWS. For more information, see Managed Rules in the developer guide. CC Custom Rules are rules that you can develop either with Guard (CUSTOM_POLICY) or LAMlong (CUSTOM_LAMBDA). For more information, see Custom Rules in the developer guide.
    customPolicyDetails Property Map
    Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set to CUSTOM_POLICY.
    sourceDetails List<Property Map>
    Provides the source and the message types that cause CC to evaluate your AWS resources against a rule. It also provides the frequency with which you want CC to run evaluations for the rule if the trigger type is periodic. If the owner is set to CUSTOM_POLICY, the only acceptable values for the CC rule trigger message type are ConfigurationItemChangeNotification and OversizedConfigurationItemChangeNotification.
    sourceIdentifier String
    For CC Managed rules, a predefined identifier from a list. For example, IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see List of Managed Rules. For CC Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's LAMlong function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name. For CC Custom Policy rules, this field will be ignored.

    ConfigRuleSourceDetail

    EventSource string
    The source of the event, such as an AWS service, that triggers CC to evaluate your AWS resources.
    MessageType string

    The type of notification that triggers CC to run an evaluation for a rule. You can specify the following notification types:

    • ConfigurationItemChangeNotification - Triggers an evaluation when CC delivers a configuration item as a result of a resource change.
    • OversizedConfigurationItemChangeNotification - Triggers an evaluation when CC delivers an oversized configuration item. CC may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
    • ScheduledNotification - Triggers a periodic evaluation at the frequency specified for MaximumExecutionFrequency.
    • ConfigurationSnapshotDeliveryCompleted - Triggers a periodic evaluation when CC delivers a configuration snapshot.

    If you want your custom rule to be triggered by configuration changes, specify two SourceDetail objects, one for ConfigurationItemChangeNotification and one for OversizedConfigurationItemChangeNotification.

    MaximumExecutionFrequency string
    The frequency at which you want CC to run evaluations for a custom rule with a periodic trigger. If you specify a value for MaximumExecutionFrequency, then MessageType must use the ScheduledNotification value. By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter. Based on the valid value you choose, CC runs evaluations once for each valid value. For example, if you choose Three_Hours, CC runs evaluations once every three hours. In this case, Three_Hours is the frequency of this rule.
    EventSource string
    The source of the event, such as an AWS service, that triggers CC to evaluate your AWS resources.
    MessageType string

    The type of notification that triggers CC to run an evaluation for a rule. You can specify the following notification types:

    • ConfigurationItemChangeNotification - Triggers an evaluation when CC delivers a configuration item as a result of a resource change.
    • OversizedConfigurationItemChangeNotification - Triggers an evaluation when CC delivers an oversized configuration item. CC may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
    • ScheduledNotification - Triggers a periodic evaluation at the frequency specified for MaximumExecutionFrequency.
    • ConfigurationSnapshotDeliveryCompleted - Triggers a periodic evaluation when CC delivers a configuration snapshot.

    If you want your custom rule to be triggered by configuration changes, specify two SourceDetail objects, one for ConfigurationItemChangeNotification and one for OversizedConfigurationItemChangeNotification.

    MaximumExecutionFrequency string
    The frequency at which you want CC to run evaluations for a custom rule with a periodic trigger. If you specify a value for MaximumExecutionFrequency, then MessageType must use the ScheduledNotification value. By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter. Based on the valid value you choose, CC runs evaluations once for each valid value. For example, if you choose Three_Hours, CC runs evaluations once every three hours. In this case, Three_Hours is the frequency of this rule.
    eventSource String
    The source of the event, such as an AWS service, that triggers CC to evaluate your AWS resources.
    messageType String

    The type of notification that triggers CC to run an evaluation for a rule. You can specify the following notification types:

    • ConfigurationItemChangeNotification - Triggers an evaluation when CC delivers a configuration item as a result of a resource change.
    • OversizedConfigurationItemChangeNotification - Triggers an evaluation when CC delivers an oversized configuration item. CC may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
    • ScheduledNotification - Triggers a periodic evaluation at the frequency specified for MaximumExecutionFrequency.
    • ConfigurationSnapshotDeliveryCompleted - Triggers a periodic evaluation when CC delivers a configuration snapshot.

    If you want your custom rule to be triggered by configuration changes, specify two SourceDetail objects, one for ConfigurationItemChangeNotification and one for OversizedConfigurationItemChangeNotification.

    maximumExecutionFrequency String
    The frequency at which you want CC to run evaluations for a custom rule with a periodic trigger. If you specify a value for MaximumExecutionFrequency, then MessageType must use the ScheduledNotification value. By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter. Based on the valid value you choose, CC runs evaluations once for each valid value. For example, if you choose Three_Hours, CC runs evaluations once every three hours. In this case, Three_Hours is the frequency of this rule.
    eventSource string
    The source of the event, such as an AWS service, that triggers CC to evaluate your AWS resources.
    messageType string

    The type of notification that triggers CC to run an evaluation for a rule. You can specify the following notification types:

    • ConfigurationItemChangeNotification - Triggers an evaluation when CC delivers a configuration item as a result of a resource change.
    • OversizedConfigurationItemChangeNotification - Triggers an evaluation when CC delivers an oversized configuration item. CC may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
    • ScheduledNotification - Triggers a periodic evaluation at the frequency specified for MaximumExecutionFrequency.
    • ConfigurationSnapshotDeliveryCompleted - Triggers a periodic evaluation when CC delivers a configuration snapshot.

    If you want your custom rule to be triggered by configuration changes, specify two SourceDetail objects, one for ConfigurationItemChangeNotification and one for OversizedConfigurationItemChangeNotification.

    maximumExecutionFrequency string
    The frequency at which you want CC to run evaluations for a custom rule with a periodic trigger. If you specify a value for MaximumExecutionFrequency, then MessageType must use the ScheduledNotification value. By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter. Based on the valid value you choose, CC runs evaluations once for each valid value. For example, if you choose Three_Hours, CC runs evaluations once every three hours. In this case, Three_Hours is the frequency of this rule.
    event_source str
    The source of the event, such as an AWS service, that triggers CC to evaluate your AWS resources.
    message_type str

    The type of notification that triggers CC to run an evaluation for a rule. You can specify the following notification types:

    • ConfigurationItemChangeNotification - Triggers an evaluation when CC delivers a configuration item as a result of a resource change.
    • OversizedConfigurationItemChangeNotification - Triggers an evaluation when CC delivers an oversized configuration item. CC may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
    • ScheduledNotification - Triggers a periodic evaluation at the frequency specified for MaximumExecutionFrequency.
    • ConfigurationSnapshotDeliveryCompleted - Triggers a periodic evaluation when CC delivers a configuration snapshot.

    If you want your custom rule to be triggered by configuration changes, specify two SourceDetail objects, one for ConfigurationItemChangeNotification and one for OversizedConfigurationItemChangeNotification.

    maximum_execution_frequency str
    The frequency at which you want CC to run evaluations for a custom rule with a periodic trigger. If you specify a value for MaximumExecutionFrequency, then MessageType must use the ScheduledNotification value. By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter. Based on the valid value you choose, CC runs evaluations once for each valid value. For example, if you choose Three_Hours, CC runs evaluations once every three hours. In this case, Three_Hours is the frequency of this rule.
    eventSource String
    The source of the event, such as an AWS service, that triggers CC to evaluate your AWS resources.
    messageType String

    The type of notification that triggers CC to run an evaluation for a rule. You can specify the following notification types:

    • ConfigurationItemChangeNotification - Triggers an evaluation when CC delivers a configuration item as a result of a resource change.
    • OversizedConfigurationItemChangeNotification - Triggers an evaluation when CC delivers an oversized configuration item. CC may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
    • ScheduledNotification - Triggers a periodic evaluation at the frequency specified for MaximumExecutionFrequency.
    • ConfigurationSnapshotDeliveryCompleted - Triggers a periodic evaluation when CC delivers a configuration snapshot.

    If you want your custom rule to be triggered by configuration changes, specify two SourceDetail objects, one for ConfigurationItemChangeNotification and one for OversizedConfigurationItemChangeNotification.

    maximumExecutionFrequency String
    The frequency at which you want CC to run evaluations for a custom rule with a periodic trigger. If you specify a value for MaximumExecutionFrequency, then MessageType must use the ScheduledNotification value. By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter. Based on the valid value you choose, CC runs evaluations once for each valid value. For example, if you choose Three_Hours, CC runs evaluations once every three hours. In this case, Three_Hours is the frequency of this rule.

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi