aws.cfg.OrganizationCustomRule
Explore with Pulumi AI
Manages a Config Organization Custom Rule. More information about these rules can be found in the Enabling AWS Config Rules Across all Accounts in Your Organization and AWS Config Managed Rules documentation. For working with Organization Managed Rules (those invoking an AWS managed rule), see the aws_config_organization_managed__rule
resource.
NOTE: This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the
excluded_accounts
argument.
NOTE: The proper Lambda permission to allow the AWS Config service invoke the Lambda Function must be in place before the rule will successfully create or update. See also the
aws.lambda.Permission
resource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lambda.Permission("example", {
action: "lambda:InvokeFunction",
"function": exampleAwsLambdaFunction.arn,
principal: "config.amazonaws.com",
statementId: "AllowExecutionFromConfig",
});
const exampleOrganization = new aws.organizations.Organization("example", {
awsServiceAccessPrincipals: ["config-multiaccountsetup.amazonaws.com"],
featureSet: "ALL",
});
const exampleOrganizationCustomRule = new aws.cfg.OrganizationCustomRule("example", {
lambdaFunctionArn: exampleAwsLambdaFunction.arn,
name: "example",
triggerTypes: ["ConfigurationItemChangeNotification"],
}, {
dependsOn: [
example,
exampleOrganization,
],
});
import pulumi
import pulumi_aws as aws
example = aws.lambda_.Permission("example",
action="lambda:InvokeFunction",
function=example_aws_lambda_function["arn"],
principal="config.amazonaws.com",
statement_id="AllowExecutionFromConfig")
example_organization = aws.organizations.Organization("example",
aws_service_access_principals=["config-multiaccountsetup.amazonaws.com"],
feature_set="ALL")
example_organization_custom_rule = aws.cfg.OrganizationCustomRule("example",
lambda_function_arn=example_aws_lambda_function["arn"],
name="example",
trigger_types=["ConfigurationItemChangeNotification"],
opts = pulumi.ResourceOptions(depends_on=[
example,
example_organization,
]))
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := lambda.NewPermission(ctx, "example", &lambda.PermissionArgs{
Action: pulumi.String("lambda:InvokeFunction"),
Function: pulumi.Any(exampleAwsLambdaFunction.Arn),
Principal: pulumi.String("config.amazonaws.com"),
StatementId: pulumi.String("AllowExecutionFromConfig"),
})
if err != nil {
return err
}
exampleOrganization, err := organizations.NewOrganization(ctx, "example", &organizations.OrganizationArgs{
AwsServiceAccessPrincipals: pulumi.StringArray{
pulumi.String("config-multiaccountsetup.amazonaws.com"),
},
FeatureSet: pulumi.String("ALL"),
})
if err != nil {
return err
}
_, err = cfg.NewOrganizationCustomRule(ctx, "example", &cfg.OrganizationCustomRuleArgs{
LambdaFunctionArn: pulumi.Any(exampleAwsLambdaFunction.Arn),
Name: pulumi.String("example"),
TriggerTypes: pulumi.StringArray{
pulumi.String("ConfigurationItemChangeNotification"),
},
}, pulumi.DependsOn([]pulumi.Resource{
example,
exampleOrganization,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Lambda.Permission("example", new()
{
Action = "lambda:InvokeFunction",
Function = exampleAwsLambdaFunction.Arn,
Principal = "config.amazonaws.com",
StatementId = "AllowExecutionFromConfig",
});
var exampleOrganization = new Aws.Organizations.Organization("example", new()
{
AwsServiceAccessPrincipals = new[]
{
"config-multiaccountsetup.amazonaws.com",
},
FeatureSet = "ALL",
});
var exampleOrganizationCustomRule = new Aws.Cfg.OrganizationCustomRule("example", new()
{
LambdaFunctionArn = exampleAwsLambdaFunction.Arn,
Name = "example",
TriggerTypes = new[]
{
"ConfigurationItemChangeNotification",
},
}, new CustomResourceOptions
{
DependsOn =
{
example,
exampleOrganization,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.Permission;
import com.pulumi.aws.lambda.PermissionArgs;
import com.pulumi.aws.organizations.Organization;
import com.pulumi.aws.organizations.OrganizationArgs;
import com.pulumi.aws.cfg.OrganizationCustomRule;
import com.pulumi.aws.cfg.OrganizationCustomRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Permission("example", PermissionArgs.builder()
.action("lambda:InvokeFunction")
.function(exampleAwsLambdaFunction.arn())
.principal("config.amazonaws.com")
.statementId("AllowExecutionFromConfig")
.build());
var exampleOrganization = new Organization("exampleOrganization", OrganizationArgs.builder()
.awsServiceAccessPrincipals("config-multiaccountsetup.amazonaws.com")
.featureSet("ALL")
.build());
var exampleOrganizationCustomRule = new OrganizationCustomRule("exampleOrganizationCustomRule", OrganizationCustomRuleArgs.builder()
.lambdaFunctionArn(exampleAwsLambdaFunction.arn())
.name("example")
.triggerTypes("ConfigurationItemChangeNotification")
.build(), CustomResourceOptions.builder()
.dependsOn(
example,
exampleOrganization)
.build());
}
}
resources:
example:
type: aws:lambda:Permission
properties:
action: lambda:InvokeFunction
function: ${exampleAwsLambdaFunction.arn}
principal: config.amazonaws.com
statementId: AllowExecutionFromConfig
exampleOrganization:
type: aws:organizations:Organization
name: example
properties:
awsServiceAccessPrincipals:
- config-multiaccountsetup.amazonaws.com
featureSet: ALL
exampleOrganizationCustomRule:
type: aws:cfg:OrganizationCustomRule
name: example
properties:
lambdaFunctionArn: ${exampleAwsLambdaFunction.arn}
name: example
triggerTypes:
- ConfigurationItemChangeNotification
options:
dependson:
- ${example}
- ${exampleOrganization}
Create OrganizationCustomRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OrganizationCustomRule(name: string, args: OrganizationCustomRuleArgs, opts?: CustomResourceOptions);
@overload
def OrganizationCustomRule(resource_name: str,
args: OrganizationCustomRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def OrganizationCustomRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
lambda_function_arn: Optional[str] = None,
trigger_types: Optional[Sequence[str]] = None,
description: Optional[str] = None,
excluded_accounts: Optional[Sequence[str]] = None,
input_parameters: Optional[str] = None,
maximum_execution_frequency: Optional[str] = None,
name: Optional[str] = None,
resource_id_scope: Optional[str] = None,
resource_types_scopes: Optional[Sequence[str]] = None,
tag_key_scope: Optional[str] = None,
tag_value_scope: Optional[str] = None)
func NewOrganizationCustomRule(ctx *Context, name string, args OrganizationCustomRuleArgs, opts ...ResourceOption) (*OrganizationCustomRule, error)
public OrganizationCustomRule(string name, OrganizationCustomRuleArgs args, CustomResourceOptions? opts = null)
public OrganizationCustomRule(String name, OrganizationCustomRuleArgs args)
public OrganizationCustomRule(String name, OrganizationCustomRuleArgs args, CustomResourceOptions options)
type: aws:cfg:OrganizationCustomRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args OrganizationCustomRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationCustomRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationCustomRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationCustomRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationCustomRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var organizationCustomRuleResource = new Aws.Cfg.OrganizationCustomRule("organizationCustomRuleResource", new()
{
LambdaFunctionArn = "string",
TriggerTypes = new[]
{
"string",
},
Description = "string",
ExcludedAccounts = new[]
{
"string",
},
InputParameters = "string",
MaximumExecutionFrequency = "string",
Name = "string",
ResourceIdScope = "string",
ResourceTypesScopes = new[]
{
"string",
},
TagKeyScope = "string",
TagValueScope = "string",
});
example, err := cfg.NewOrganizationCustomRule(ctx, "organizationCustomRuleResource", &cfg.OrganizationCustomRuleArgs{
LambdaFunctionArn: pulumi.String("string"),
TriggerTypes: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
ExcludedAccounts: pulumi.StringArray{
pulumi.String("string"),
},
InputParameters: pulumi.String("string"),
MaximumExecutionFrequency: pulumi.String("string"),
Name: pulumi.String("string"),
ResourceIdScope: pulumi.String("string"),
ResourceTypesScopes: pulumi.StringArray{
pulumi.String("string"),
},
TagKeyScope: pulumi.String("string"),
TagValueScope: pulumi.String("string"),
})
var organizationCustomRuleResource = new OrganizationCustomRule("organizationCustomRuleResource", OrganizationCustomRuleArgs.builder()
.lambdaFunctionArn("string")
.triggerTypes("string")
.description("string")
.excludedAccounts("string")
.inputParameters("string")
.maximumExecutionFrequency("string")
.name("string")
.resourceIdScope("string")
.resourceTypesScopes("string")
.tagKeyScope("string")
.tagValueScope("string")
.build());
organization_custom_rule_resource = aws.cfg.OrganizationCustomRule("organizationCustomRuleResource",
lambda_function_arn="string",
trigger_types=["string"],
description="string",
excluded_accounts=["string"],
input_parameters="string",
maximum_execution_frequency="string",
name="string",
resource_id_scope="string",
resource_types_scopes=["string"],
tag_key_scope="string",
tag_value_scope="string")
const organizationCustomRuleResource = new aws.cfg.OrganizationCustomRule("organizationCustomRuleResource", {
lambdaFunctionArn: "string",
triggerTypes: ["string"],
description: "string",
excludedAccounts: ["string"],
inputParameters: "string",
maximumExecutionFrequency: "string",
name: "string",
resourceIdScope: "string",
resourceTypesScopes: ["string"],
tagKeyScope: "string",
tagValueScope: "string",
});
type: aws:cfg:OrganizationCustomRule
properties:
description: string
excludedAccounts:
- string
inputParameters: string
lambdaFunctionArn: string
maximumExecutionFrequency: string
name: string
resourceIdScope: string
resourceTypesScopes:
- string
tagKeyScope: string
tagValueScope: string
triggerTypes:
- string
OrganizationCustomRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OrganizationCustomRule resource accepts the following input properties:
- Lambda
Function stringArn - Amazon Resource Name (ARN) of the rule Lambda Function
- Trigger
Types List<string> - List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification
,OversizedConfigurationItemChangeNotification
, andScheduledNotification
- Description string
- Description of the rule
- Excluded
Accounts List<string> - List of AWS account identifiers to exclude from the rule
- Input
Parameters string - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- Maximum
Execution stringFrequency - The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hours
for periodic frequency triggered rules. Valid values:One_Hour
,Three_Hours
,Six_Hours
,Twelve_Hours
, orTwentyFour_Hours
. - Name string
- The name of the rule
- Resource
Id stringScope - Identifier of the AWS resource to evaluate
- Resource
Types List<string>Scopes - List of types of AWS resources to evaluate
- Tag
Key stringScope - Tag key of AWS resources to evaluate
- Tag
Value stringScope - Tag value of AWS resources to evaluate
- Lambda
Function stringArn - Amazon Resource Name (ARN) of the rule Lambda Function
- Trigger
Types []string - List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification
,OversizedConfigurationItemChangeNotification
, andScheduledNotification
- Description string
- Description of the rule
- Excluded
Accounts []string - List of AWS account identifiers to exclude from the rule
- Input
Parameters string - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- Maximum
Execution stringFrequency - The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hours
for periodic frequency triggered rules. Valid values:One_Hour
,Three_Hours
,Six_Hours
,Twelve_Hours
, orTwentyFour_Hours
. - Name string
- The name of the rule
- Resource
Id stringScope - Identifier of the AWS resource to evaluate
- Resource
Types []stringScopes - List of types of AWS resources to evaluate
- Tag
Key stringScope - Tag key of AWS resources to evaluate
- Tag
Value stringScope - Tag value of AWS resources to evaluate
- lambda
Function StringArn - Amazon Resource Name (ARN) of the rule Lambda Function
- trigger
Types List<String> - List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification
,OversizedConfigurationItemChangeNotification
, andScheduledNotification
- description String
- Description of the rule
- excluded
Accounts List<String> - List of AWS account identifiers to exclude from the rule
- input
Parameters String - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- maximum
Execution StringFrequency - The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hours
for periodic frequency triggered rules. Valid values:One_Hour
,Three_Hours
,Six_Hours
,Twelve_Hours
, orTwentyFour_Hours
. - name String
- The name of the rule
- resource
Id StringScope - Identifier of the AWS resource to evaluate
- resource
Types List<String>Scopes - List of types of AWS resources to evaluate
- tag
Key StringScope - Tag key of AWS resources to evaluate
- tag
Value StringScope - Tag value of AWS resources to evaluate
- lambda
Function stringArn - Amazon Resource Name (ARN) of the rule Lambda Function
- trigger
Types string[] - List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification
,OversizedConfigurationItemChangeNotification
, andScheduledNotification
- description string
- Description of the rule
- excluded
Accounts string[] - List of AWS account identifiers to exclude from the rule
- input
Parameters string - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- maximum
Execution stringFrequency - The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hours
for periodic frequency triggered rules. Valid values:One_Hour
,Three_Hours
,Six_Hours
,Twelve_Hours
, orTwentyFour_Hours
. - name string
- The name of the rule
- resource
Id stringScope - Identifier of the AWS resource to evaluate
- resource
Types string[]Scopes - List of types of AWS resources to evaluate
- tag
Key stringScope - Tag key of AWS resources to evaluate
- tag
Value stringScope - Tag value of AWS resources to evaluate
- lambda_
function_ strarn - Amazon Resource Name (ARN) of the rule Lambda Function
- trigger_
types Sequence[str] - List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification
,OversizedConfigurationItemChangeNotification
, andScheduledNotification
- description str
- Description of the rule
- excluded_
accounts Sequence[str] - List of AWS account identifiers to exclude from the rule
- input_
parameters str - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- maximum_
execution_ strfrequency - The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hours
for periodic frequency triggered rules. Valid values:One_Hour
,Three_Hours
,Six_Hours
,Twelve_Hours
, orTwentyFour_Hours
. - name str
- The name of the rule
- resource_
id_ strscope - Identifier of the AWS resource to evaluate
- resource_
types_ Sequence[str]scopes - List of types of AWS resources to evaluate
- tag_
key_ strscope - Tag key of AWS resources to evaluate
- tag_
value_ strscope - Tag value of AWS resources to evaluate
- lambda
Function StringArn - Amazon Resource Name (ARN) of the rule Lambda Function
- trigger
Types List<String> - List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification
,OversizedConfigurationItemChangeNotification
, andScheduledNotification
- description String
- Description of the rule
- excluded
Accounts List<String> - List of AWS account identifiers to exclude from the rule
- input
Parameters String - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- maximum
Execution StringFrequency - The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hours
for periodic frequency triggered rules. Valid values:One_Hour
,Three_Hours
,Six_Hours
,Twelve_Hours
, orTwentyFour_Hours
. - name String
- The name of the rule
- resource
Id StringScope - Identifier of the AWS resource to evaluate
- resource
Types List<String>Scopes - List of types of AWS resources to evaluate
- tag
Key StringScope - Tag key of AWS resources to evaluate
- tag
Value StringScope - Tag value of AWS resources to evaluate
Outputs
All input properties are implicitly available as output properties. Additionally, the OrganizationCustomRule resource produces the following output properties:
Look up Existing OrganizationCustomRule Resource
Get an existing OrganizationCustomRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrganizationCustomRuleState, opts?: CustomResourceOptions): OrganizationCustomRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
description: Optional[str] = None,
excluded_accounts: Optional[Sequence[str]] = None,
input_parameters: Optional[str] = None,
lambda_function_arn: Optional[str] = None,
maximum_execution_frequency: Optional[str] = None,
name: Optional[str] = None,
resource_id_scope: Optional[str] = None,
resource_types_scopes: Optional[Sequence[str]] = None,
tag_key_scope: Optional[str] = None,
tag_value_scope: Optional[str] = None,
trigger_types: Optional[Sequence[str]] = None) -> OrganizationCustomRule
func GetOrganizationCustomRule(ctx *Context, name string, id IDInput, state *OrganizationCustomRuleState, opts ...ResourceOption) (*OrganizationCustomRule, error)
public static OrganizationCustomRule Get(string name, Input<string> id, OrganizationCustomRuleState? state, CustomResourceOptions? opts = null)
public static OrganizationCustomRule get(String name, Output<String> id, OrganizationCustomRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- Amazon Resource Name (ARN) of the rule
- Description string
- Description of the rule
- Excluded
Accounts List<string> - List of AWS account identifiers to exclude from the rule
- Input
Parameters string - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- Lambda
Function stringArn - Amazon Resource Name (ARN) of the rule Lambda Function
- Maximum
Execution stringFrequency - The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hours
for periodic frequency triggered rules. Valid values:One_Hour
,Three_Hours
,Six_Hours
,Twelve_Hours
, orTwentyFour_Hours
. - Name string
- The name of the rule
- Resource
Id stringScope - Identifier of the AWS resource to evaluate
- Resource
Types List<string>Scopes - List of types of AWS resources to evaluate
- Tag
Key stringScope - Tag key of AWS resources to evaluate
- Tag
Value stringScope - Tag value of AWS resources to evaluate
- Trigger
Types List<string> - List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification
,OversizedConfigurationItemChangeNotification
, andScheduledNotification
- Arn string
- Amazon Resource Name (ARN) of the rule
- Description string
- Description of the rule
- Excluded
Accounts []string - List of AWS account identifiers to exclude from the rule
- Input
Parameters string - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- Lambda
Function stringArn - Amazon Resource Name (ARN) of the rule Lambda Function
- Maximum
Execution stringFrequency - The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hours
for periodic frequency triggered rules. Valid values:One_Hour
,Three_Hours
,Six_Hours
,Twelve_Hours
, orTwentyFour_Hours
. - Name string
- The name of the rule
- Resource
Id stringScope - Identifier of the AWS resource to evaluate
- Resource
Types []stringScopes - List of types of AWS resources to evaluate
- Tag
Key stringScope - Tag key of AWS resources to evaluate
- Tag
Value stringScope - Tag value of AWS resources to evaluate
- Trigger
Types []string - List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification
,OversizedConfigurationItemChangeNotification
, andScheduledNotification
- arn String
- Amazon Resource Name (ARN) of the rule
- description String
- Description of the rule
- excluded
Accounts List<String> - List of AWS account identifiers to exclude from the rule
- input
Parameters String - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- lambda
Function StringArn - Amazon Resource Name (ARN) of the rule Lambda Function
- maximum
Execution StringFrequency - The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hours
for periodic frequency triggered rules. Valid values:One_Hour
,Three_Hours
,Six_Hours
,Twelve_Hours
, orTwentyFour_Hours
. - name String
- The name of the rule
- resource
Id StringScope - Identifier of the AWS resource to evaluate
- resource
Types List<String>Scopes - List of types of AWS resources to evaluate
- tag
Key StringScope - Tag key of AWS resources to evaluate
- tag
Value StringScope - Tag value of AWS resources to evaluate
- trigger
Types List<String> - List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification
,OversizedConfigurationItemChangeNotification
, andScheduledNotification
- arn string
- Amazon Resource Name (ARN) of the rule
- description string
- Description of the rule
- excluded
Accounts string[] - List of AWS account identifiers to exclude from the rule
- input
Parameters string - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- lambda
Function stringArn - Amazon Resource Name (ARN) of the rule Lambda Function
- maximum
Execution stringFrequency - The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hours
for periodic frequency triggered rules. Valid values:One_Hour
,Three_Hours
,Six_Hours
,Twelve_Hours
, orTwentyFour_Hours
. - name string
- The name of the rule
- resource
Id stringScope - Identifier of the AWS resource to evaluate
- resource
Types string[]Scopes - List of types of AWS resources to evaluate
- tag
Key stringScope - Tag key of AWS resources to evaluate
- tag
Value stringScope - Tag value of AWS resources to evaluate
- trigger
Types string[] - List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification
,OversizedConfigurationItemChangeNotification
, andScheduledNotification
- arn str
- Amazon Resource Name (ARN) of the rule
- description str
- Description of the rule
- excluded_
accounts Sequence[str] - List of AWS account identifiers to exclude from the rule
- input_
parameters str - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- lambda_
function_ strarn - Amazon Resource Name (ARN) of the rule Lambda Function
- maximum_
execution_ strfrequency - The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hours
for periodic frequency triggered rules. Valid values:One_Hour
,Three_Hours
,Six_Hours
,Twelve_Hours
, orTwentyFour_Hours
. - name str
- The name of the rule
- resource_
id_ strscope - Identifier of the AWS resource to evaluate
- resource_
types_ Sequence[str]scopes - List of types of AWS resources to evaluate
- tag_
key_ strscope - Tag key of AWS resources to evaluate
- tag_
value_ strscope - Tag value of AWS resources to evaluate
- trigger_
types Sequence[str] - List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification
,OversizedConfigurationItemChangeNotification
, andScheduledNotification
- arn String
- Amazon Resource Name (ARN) of the rule
- description String
- Description of the rule
- excluded
Accounts List<String> - List of AWS account identifiers to exclude from the rule
- input
Parameters String - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- lambda
Function StringArn - Amazon Resource Name (ARN) of the rule Lambda Function
- maximum
Execution StringFrequency - The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hours
for periodic frequency triggered rules. Valid values:One_Hour
,Three_Hours
,Six_Hours
,Twelve_Hours
, orTwentyFour_Hours
. - name String
- The name of the rule
- resource
Id StringScope - Identifier of the AWS resource to evaluate
- resource
Types List<String>Scopes - List of types of AWS resources to evaluate
- tag
Key StringScope - Tag key of AWS resources to evaluate
- tag
Value StringScope - Tag value of AWS resources to evaluate
- trigger
Types List<String> - List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification
,OversizedConfigurationItemChangeNotification
, andScheduledNotification
Import
Using pulumi import
, import Config Organization Custom Rules using the name. For example:
$ pulumi import aws:cfg/organizationCustomRule:OrganizationCustomRule example example
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.