Docs Home
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi
aws.cfg.RemediationConfiguration
Explore with Pulumi AI
Provides an AWS Config Remediation Configuration.
Note: Config Remediation Configuration requires an existing Config Rule to be present.
Example Usage
AWS managed rules can be used by setting the source owner to AWS and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the AWS Config Developer Guide.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const _this = new aws.cfg.Rule("this", {
name: "example",
source: {
owner: "AWS",
sourceIdentifier: "S3_BUCKET_VERSIONING_ENABLED",
},
});
const thisRemediationConfiguration = new aws.cfg.RemediationConfiguration("this", {
configRuleName: _this.name,
resourceType: "AWS::S3::Bucket",
targetType: "SSM_DOCUMENT",
targetId: "AWS-EnableS3BucketEncryption",
targetVersion: "1",
parameters: [
{
name: "AutomationAssumeRole",
staticValue: "arn:aws:iam::875924563244:role/security_config",
},
{
name: "BucketName",
resourceValue: "RESOURCE_ID",
},
{
name: "SSEAlgorithm",
staticValue: "AES256",
},
],
automatic: true,
maximumAutomaticAttempts: 10,
retryAttemptSeconds: 600,
executionControls: {
ssmControls: {
concurrentExecutionRatePercentage: 25,
errorPercentage: 20,
},
},
});
import pulumi
import pulumi_aws as aws
this = aws.cfg.Rule("this",
name="example",
source={
"owner": "AWS",
"source_identifier": "S3_BUCKET_VERSIONING_ENABLED",
})
this_remediation_configuration = aws.cfg.RemediationConfiguration("this",
config_rule_name=this.name,
resource_type="AWS::S3::Bucket",
target_type="SSM_DOCUMENT",
target_id="AWS-EnableS3BucketEncryption",
target_version="1",
parameters=[
{
"name": "AutomationAssumeRole",
"static_value": "arn:aws:iam::875924563244:role/security_config",
},
{
"name": "BucketName",
"resource_value": "RESOURCE_ID",
},
{
"name": "SSEAlgorithm",
"static_value": "AES256",
},
],
automatic=True,
maximum_automatic_attempts=10,
retry_attempt_seconds=600,
execution_controls={
"ssm_controls": {
"concurrent_execution_rate_percentage": 25,
"error_percentage": 20,
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
this, err := cfg.NewRule(ctx, "this", &cfg.RuleArgs{
Name: pulumi.String("example"),
Source: &cfg.RuleSourceArgs{
Owner: pulumi.String("AWS"),
SourceIdentifier: pulumi.String("S3_BUCKET_VERSIONING_ENABLED"),
},
})
if err != nil {
return err
}
_, err = cfg.NewRemediationConfiguration(ctx, "this", &cfg.RemediationConfigurationArgs{
ConfigRuleName: this.Name,
ResourceType: pulumi.String("AWS::S3::Bucket"),
TargetType: pulumi.String("SSM_DOCUMENT"),
TargetId: pulumi.String("AWS-EnableS3BucketEncryption"),
TargetVersion: pulumi.String("1"),
Parameters: cfg.RemediationConfigurationParameterArray{
&cfg.RemediationConfigurationParameterArgs{
Name: pulumi.String("AutomationAssumeRole"),
StaticValue: pulumi.String("arn:aws:iam::875924563244:role/security_config"),
},
&cfg.RemediationConfigurationParameterArgs{
Name: pulumi.String("BucketName"),
ResourceValue: pulumi.String("RESOURCE_ID"),
},
&cfg.RemediationConfigurationParameterArgs{
Name: pulumi.String("SSEAlgorithm"),
StaticValue: pulumi.String("AES256"),
},
},
Automatic: pulumi.Bool(true),
MaximumAutomaticAttempts: pulumi.Int(10),
RetryAttemptSeconds: pulumi.Int(600),
ExecutionControls: &cfg.RemediationConfigurationExecutionControlsArgs{
SsmControls: &cfg.RemediationConfigurationExecutionControlsSsmControlsArgs{
ConcurrentExecutionRatePercentage: pulumi.Int(25),
ErrorPercentage: pulumi.Int(20),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var @this = new Aws.Cfg.Rule("this", new()
{
Name = "example",
Source = new Aws.Cfg.Inputs.RuleSourceArgs
{
Owner = "AWS",
SourceIdentifier = "S3_BUCKET_VERSIONING_ENABLED",
},
});
var thisRemediationConfiguration = new Aws.Cfg.RemediationConfiguration("this", new()
{
ConfigRuleName = @this.Name,
ResourceType = "AWS::S3::Bucket",
TargetType = "SSM_DOCUMENT",
TargetId = "AWS-EnableS3BucketEncryption",
TargetVersion = "1",
Parameters = new[]
{
new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs
{
Name = "AutomationAssumeRole",
StaticValue = "arn:aws:iam::875924563244:role/security_config",
},
new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs
{
Name = "BucketName",
ResourceValue = "RESOURCE_ID",
},
new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs
{
Name = "SSEAlgorithm",
StaticValue = "AES256",
},
},
Automatic = true,
MaximumAutomaticAttempts = 10,
RetryAttemptSeconds = 600,
ExecutionControls = new Aws.Cfg.Inputs.RemediationConfigurationExecutionControlsArgs
{
SsmControls = new Aws.Cfg.Inputs.RemediationConfigurationExecutionControlsSsmControlsArgs
{
ConcurrentExecutionRatePercentage = 25,
ErrorPercentage = 20,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cfg.Rule;
import com.pulumi.aws.cfg.RuleArgs;
import com.pulumi.aws.cfg.inputs.RuleSourceArgs;
import com.pulumi.aws.cfg.RemediationConfiguration;
import com.pulumi.aws.cfg.RemediationConfigurationArgs;
import com.pulumi.aws.cfg.inputs.RemediationConfigurationParameterArgs;
import com.pulumi.aws.cfg.inputs.RemediationConfigurationExecutionControlsArgs;
import com.pulumi.aws.cfg.inputs.RemediationConfigurationExecutionControlsSsmControlsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var this_ = new Rule("this", RuleArgs.builder()
.name("example")
.source(RuleSourceArgs.builder()
.owner("AWS")
.sourceIdentifier("S3_BUCKET_VERSIONING_ENABLED")
.build())
.build());
var thisRemediationConfiguration = new RemediationConfiguration("thisRemediationConfiguration", RemediationConfigurationArgs.builder()
.configRuleName(this_.name())
.resourceType("AWS::S3::Bucket")
.targetType("SSM_DOCUMENT")
.targetId("AWS-EnableS3BucketEncryption")
.targetVersion("1")
.parameters(
RemediationConfigurationParameterArgs.builder()
.name("AutomationAssumeRole")
.staticValue("arn:aws:iam::875924563244:role/security_config")
.build(),
RemediationConfigurationParameterArgs.builder()
.name("BucketName")
.resourceValue("RESOURCE_ID")
.build(),
RemediationConfigurationParameterArgs.builder()
.name("SSEAlgorithm")
.staticValue("AES256")
.build())
.automatic(true)
.maximumAutomaticAttempts(10)
.retryAttemptSeconds(600)
.executionControls(RemediationConfigurationExecutionControlsArgs.builder()
.ssmControls(RemediationConfigurationExecutionControlsSsmControlsArgs.builder()
.concurrentExecutionRatePercentage(25)
.errorPercentage(20)
.build())
.build())
.build());
}
}
resources:
this:
type: aws:cfg:Rule
properties:
name: example
source:
owner: AWS
sourceIdentifier: S3_BUCKET_VERSIONING_ENABLED
thisRemediationConfiguration:
type: aws:cfg:RemediationConfiguration
name: this
properties:
configRuleName: ${this.name}
resourceType: AWS::S3::Bucket
targetType: SSM_DOCUMENT
targetId: AWS-EnableS3BucketEncryption
targetVersion: '1'
parameters:
- name: AutomationAssumeRole
staticValue: arn:aws:iam::875924563244:role/security_config
- name: BucketName
resourceValue: RESOURCE_ID
- name: SSEAlgorithm
staticValue: AES256
automatic: true
maximumAutomaticAttempts: 10
retryAttemptSeconds: 600
executionControls:
ssmControls:
concurrentExecutionRatePercentage: 25
errorPercentage: 20
Create RemediationConfiguration Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RemediationConfiguration(name: string, args: RemediationConfigurationArgs, opts?: CustomResourceOptions);@overload
def RemediationConfiguration(resource_name: str,
args: RemediationConfigurationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def RemediationConfiguration(resource_name: str,
opts: Optional[ResourceOptions] = None,
config_rule_name: Optional[str] = None,
target_id: Optional[str] = None,
target_type: Optional[str] = None,
automatic: Optional[bool] = None,
execution_controls: Optional[RemediationConfigurationExecutionControlsArgs] = None,
maximum_automatic_attempts: Optional[int] = None,
parameters: Optional[Sequence[RemediationConfigurationParameterArgs]] = None,
resource_type: Optional[str] = None,
retry_attempt_seconds: Optional[int] = None,
target_version: Optional[str] = None)func NewRemediationConfiguration(ctx *Context, name string, args RemediationConfigurationArgs, opts ...ResourceOption) (*RemediationConfiguration, error)public RemediationConfiguration(string name, RemediationConfigurationArgs args, CustomResourceOptions? opts = null)
public RemediationConfiguration(String name, RemediationConfigurationArgs args)
public RemediationConfiguration(String name, RemediationConfigurationArgs args, CustomResourceOptions options)
type: aws:cfg:RemediationConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RemediationConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RemediationConfigurationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RemediationConfigurationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RemediationConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RemediationConfigurationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var remediationConfigurationResource = new Aws.Cfg.RemediationConfiguration("remediationConfigurationResource", new()
{
ConfigRuleName = "string",
TargetId = "string",
TargetType = "string",
Automatic = false,
ExecutionControls = new Aws.Cfg.Inputs.RemediationConfigurationExecutionControlsArgs
{
SsmControls = new Aws.Cfg.Inputs.RemediationConfigurationExecutionControlsSsmControlsArgs
{
ConcurrentExecutionRatePercentage = 0,
ErrorPercentage = 0,
},
},
MaximumAutomaticAttempts = 0,
Parameters = new[]
{
new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs
{
Name = "string",
ResourceValue = "string",
StaticValue = "string",
StaticValues = new[]
{
"string",
},
},
},
ResourceType = "string",
RetryAttemptSeconds = 0,
TargetVersion = "string",
});
example, err := cfg.NewRemediationConfiguration(ctx, "remediationConfigurationResource", &cfg.RemediationConfigurationArgs{
ConfigRuleName: pulumi.String("string"),
TargetId: pulumi.String("string"),
TargetType: pulumi.String("string"),
Automatic: pulumi.Bool(false),
ExecutionControls: &cfg.RemediationConfigurationExecutionControlsArgs{
SsmControls: &cfg.RemediationConfigurationExecutionControlsSsmControlsArgs{
ConcurrentExecutionRatePercentage: pulumi.Int(0),
ErrorPercentage: pulumi.Int(0),
},
},
MaximumAutomaticAttempts: pulumi.Int(0),
Parameters: cfg.RemediationConfigurationParameterArray{
&cfg.RemediationConfigurationParameterArgs{
Name: pulumi.String("string"),
ResourceValue: pulumi.String("string"),
StaticValue: pulumi.String("string"),
StaticValues: pulumi.StringArray{
pulumi.String("string"),
},
},
},
ResourceType: pulumi.String("string"),
RetryAttemptSeconds: pulumi.Int(0),
TargetVersion: pulumi.String("string"),
})
var remediationConfigurationResource = new RemediationConfiguration("remediationConfigurationResource", RemediationConfigurationArgs.builder()
.configRuleName("string")
.targetId("string")
.targetType("string")
.automatic(false)
.executionControls(RemediationConfigurationExecutionControlsArgs.builder()
.ssmControls(RemediationConfigurationExecutionControlsSsmControlsArgs.builder()
.concurrentExecutionRatePercentage(0)
.errorPercentage(0)
.build())
.build())
.maximumAutomaticAttempts(0)
.parameters(RemediationConfigurationParameterArgs.builder()
.name("string")
.resourceValue("string")
.staticValue("string")
.staticValues("string")
.build())
.resourceType("string")
.retryAttemptSeconds(0)
.targetVersion("string")
.build());
remediation_configuration_resource = aws.cfg.RemediationConfiguration("remediationConfigurationResource",
config_rule_name="string",
target_id="string",
target_type="string",
automatic=False,
execution_controls={
"ssm_controls": {
"concurrent_execution_rate_percentage": 0,
"error_percentage": 0,
},
},
maximum_automatic_attempts=0,
parameters=[{
"name": "string",
"resource_value": "string",
"static_value": "string",
"static_values": ["string"],
}],
resource_type="string",
retry_attempt_seconds=0,
target_version="string")
const remediationConfigurationResource = new aws.cfg.RemediationConfiguration("remediationConfigurationResource", {
configRuleName: "string",
targetId: "string",
targetType: "string",
automatic: false,
executionControls: {
ssmControls: {
concurrentExecutionRatePercentage: 0,
errorPercentage: 0,
},
},
maximumAutomaticAttempts: 0,
parameters: [{
name: "string",
resourceValue: "string",
staticValue: "string",
staticValues: ["string"],
}],
resourceType: "string",
retryAttemptSeconds: 0,
targetVersion: "string",
});
type: aws:cfg:RemediationConfiguration
properties:
automatic: false
configRuleName: string
executionControls:
ssmControls:
concurrentExecutionRatePercentage: 0
errorPercentage: 0
maximumAutomaticAttempts: 0
parameters:
- name: string
resourceValue: string
staticValue: string
staticValues:
- string
resourceType: string
retryAttemptSeconds: 0
targetId: string
targetType: string
targetVersion: string
RemediationConfiguration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The RemediationConfiguration resource accepts the following input properties:
- Config
Rule stringName - Name of the AWS Config rule.
- Target
Id string - Target ID is the name of the public document.
- Target
Type string Type of the target. Target executes remediation. For example, SSM document.
The following arguments are optional:
- Automatic bool
- Remediation is triggered automatically if
true. - Execution
Controls RemediationConfiguration Execution Controls - Configuration block for execution controls. See below.
- Maximum
Automatic intAttempts - Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
- Parameters
List<Remediation
Configuration Parameter> - Can be specified multiple times for each parameter. Each parameter block supports arguments below.
- Resource
Type string - Type of resource.
- Retry
Attempt intSeconds - Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
- Target
Version string - Version of the target. For example, version of the SSM document
- Config
Rule stringName - Name of the AWS Config rule.
- Target
Id string - Target ID is the name of the public document.
- Target
Type string Type of the target. Target executes remediation. For example, SSM document.
The following arguments are optional:
- Automatic bool
- Remediation is triggered automatically if
true. - Execution
Controls RemediationConfiguration Execution Controls Args - Configuration block for execution controls. See below.
- Maximum
Automatic intAttempts - Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
- Parameters
[]Remediation
Configuration Parameter Args - Can be specified multiple times for each parameter. Each parameter block supports arguments below.
- Resource
Type string - Type of resource.
- Retry
Attempt intSeconds - Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
- Target
Version string - Version of the target. For example, version of the SSM document
- config
Rule StringName - Name of the AWS Config rule.
- target
Id String - Target ID is the name of the public document.
- target
Type String Type of the target. Target executes remediation. For example, SSM document.
The following arguments are optional:
- automatic Boolean
- Remediation is triggered automatically if
true. - execution
Controls RemediationConfiguration Execution Controls - Configuration block for execution controls. See below.
- maximum
Automatic IntegerAttempts - Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
- parameters
List<Remediation
Configuration Parameter> - Can be specified multiple times for each parameter. Each parameter block supports arguments below.
- resource
Type String - Type of resource.
- retry
Attempt IntegerSeconds - Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
- target
Version String - Version of the target. For example, version of the SSM document
- config
Rule stringName - Name of the AWS Config rule.
- target
Id string - Target ID is the name of the public document.
- target
Type string Type of the target. Target executes remediation. For example, SSM document.
The following arguments are optional:
- automatic boolean
- Remediation is triggered automatically if
true. - execution
Controls RemediationConfiguration Execution Controls - Configuration block for execution controls. See below.
- maximum
Automatic numberAttempts - Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
- parameters
Remediation
Configuration Parameter[] - Can be specified multiple times for each parameter. Each parameter block supports arguments below.
- resource
Type string - Type of resource.
- retry
Attempt numberSeconds - Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
- target
Version string - Version of the target. For example, version of the SSM document
- config_
rule_ strname - Name of the AWS Config rule.
- target_
id str - Target ID is the name of the public document.
- target_
type str Type of the target. Target executes remediation. For example, SSM document.
The following arguments are optional:
- automatic bool
- Remediation is triggered automatically if
true. - execution_
controls RemediationConfiguration Execution Controls Args - Configuration block for execution controls. See below.
- maximum_
automatic_ intattempts - Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
- parameters
Sequence[Remediation
Configuration Parameter Args] - Can be specified multiple times for each parameter. Each parameter block supports arguments below.
- resource_
type str - Type of resource.
- retry_
attempt_ intseconds - Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
- target_
version str - Version of the target. For example, version of the SSM document
- config
Rule StringName - Name of the AWS Config rule.
- target
Id String - Target ID is the name of the public document.
- target
Type String Type of the target. Target executes remediation. For example, SSM document.
The following arguments are optional:
- automatic Boolean
- Remediation is triggered automatically if
true. - execution
Controls Property Map - Configuration block for execution controls. See below.
- maximum
Automatic NumberAttempts - Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
- parameters List<Property Map>
- Can be specified multiple times for each parameter. Each parameter block supports arguments below.
- resource
Type String - Type of resource.
- retry
Attempt NumberSeconds - Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
- target
Version String - Version of the target. For example, version of the SSM document
Outputs
All input properties are implicitly available as output properties. Additionally, the RemediationConfiguration resource produces the following output properties:
Look up Existing RemediationConfiguration Resource
Get an existing RemediationConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RemediationConfigurationState, opts?: CustomResourceOptions): RemediationConfiguration@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
automatic: Optional[bool] = None,
config_rule_name: Optional[str] = None,
execution_controls: Optional[RemediationConfigurationExecutionControlsArgs] = None,
maximum_automatic_attempts: Optional[int] = None,
parameters: Optional[Sequence[RemediationConfigurationParameterArgs]] = None,
resource_type: Optional[str] = None,
retry_attempt_seconds: Optional[int] = None,
target_id: Optional[str] = None,
target_type: Optional[str] = None,
target_version: Optional[str] = None) -> RemediationConfigurationfunc GetRemediationConfiguration(ctx *Context, name string, id IDInput, state *RemediationConfigurationState, opts ...ResourceOption) (*RemediationConfiguration, error)public static RemediationConfiguration Get(string name, Input<string> id, RemediationConfigurationState? state, CustomResourceOptions? opts = null)public static RemediationConfiguration get(String name, Output<String> id, RemediationConfigurationState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- ARN of the Config Remediation Configuration.
- Automatic bool
- Remediation is triggered automatically if
true. - Config
Rule stringName - Name of the AWS Config rule.
- Execution
Controls RemediationConfiguration Execution Controls - Configuration block for execution controls. See below.
- Maximum
Automatic intAttempts - Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
- Parameters
List<Remediation
Configuration Parameter> - Can be specified multiple times for each parameter. Each parameter block supports arguments below.
- Resource
Type string - Type of resource.
- Retry
Attempt intSeconds - Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
- Target
Id string - Target ID is the name of the public document.
- Target
Type string Type of the target. Target executes remediation. For example, SSM document.
The following arguments are optional:
- Target
Version string - Version of the target. For example, version of the SSM document
- Arn string
- ARN of the Config Remediation Configuration.
- Automatic bool
- Remediation is triggered automatically if
true. - Config
Rule stringName - Name of the AWS Config rule.
- Execution
Controls RemediationConfiguration Execution Controls Args - Configuration block for execution controls. See below.
- Maximum
Automatic intAttempts - Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
- Parameters
[]Remediation
Configuration Parameter Args - Can be specified multiple times for each parameter. Each parameter block supports arguments below.
- Resource
Type string - Type of resource.
- Retry
Attempt intSeconds - Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
- Target
Id string - Target ID is the name of the public document.
- Target
Type string Type of the target. Target executes remediation. For example, SSM document.
The following arguments are optional:
- Target
Version string - Version of the target. For example, version of the SSM document
- arn String
- ARN of the Config Remediation Configuration.
- automatic Boolean
- Remediation is triggered automatically if
true. - config
Rule StringName - Name of the AWS Config rule.
- execution
Controls RemediationConfiguration Execution Controls - Configuration block for execution controls. See below.
- maximum
Automatic IntegerAttempts - Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
- parameters
List<Remediation
Configuration Parameter> - Can be specified multiple times for each parameter. Each parameter block supports arguments below.
- resource
Type String - Type of resource.
- retry
Attempt IntegerSeconds - Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
- target
Id String - Target ID is the name of the public document.
- target
Type String Type of the target. Target executes remediation. For example, SSM document.
The following arguments are optional:
- target
Version String - Version of the target. For example, version of the SSM document
- arn string
- ARN of the Config Remediation Configuration.
- automatic boolean
- Remediation is triggered automatically if
true. - config
Rule stringName - Name of the AWS Config rule.
- execution
Controls RemediationConfiguration Execution Controls - Configuration block for execution controls. See below.
- maximum
Automatic numberAttempts - Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
- parameters
Remediation
Configuration Parameter[] - Can be specified multiple times for each parameter. Each parameter block supports arguments below.
- resource
Type string - Type of resource.
- retry
Attempt numberSeconds - Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
- target
Id string - Target ID is the name of the public document.
- target
Type string Type of the target. Target executes remediation. For example, SSM document.
The following arguments are optional:
- target
Version string - Version of the target. For example, version of the SSM document
- arn str
- ARN of the Config Remediation Configuration.
- automatic bool
- Remediation is triggered automatically if
true. - config_
rule_ strname - Name of the AWS Config rule.
- execution_
controls RemediationConfiguration Execution Controls Args - Configuration block for execution controls. See below.
- maximum_
automatic_ intattempts - Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
- parameters
Sequence[Remediation
Configuration Parameter Args] - Can be specified multiple times for each parameter. Each parameter block supports arguments below.
- resource_
type str - Type of resource.
- retry_
attempt_ intseconds - Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
- target_
id str - Target ID is the name of the public document.
- target_
type str Type of the target. Target executes remediation. For example, SSM document.
The following arguments are optional:
- target_
version str - Version of the target. For example, version of the SSM document
- arn String
- ARN of the Config Remediation Configuration.
- automatic Boolean
- Remediation is triggered automatically if
true. - config
Rule StringName - Name of the AWS Config rule.
- execution
Controls Property Map - Configuration block for execution controls. See below.
- maximum
Automatic NumberAttempts - Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
- parameters List<Property Map>
- Can be specified multiple times for each parameter. Each parameter block supports arguments below.
- resource
Type String - Type of resource.
- retry
Attempt NumberSeconds - Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
- target
Id String - Target ID is the name of the public document.
- target
Type String Type of the target. Target executes remediation. For example, SSM document.
The following arguments are optional:
- target
Version String - Version of the target. For example, version of the SSM document
Supporting Types
RemediationConfigurationExecutionControls, RemediationConfigurationExecutionControlsArgs
- Ssm
Controls RemediationConfiguration Execution Controls Ssm Controls - Configuration block for SSM controls. See below.
- Ssm
Controls RemediationConfiguration Execution Controls Ssm Controls - Configuration block for SSM controls. See below.
- ssm
Controls RemediationConfiguration Execution Controls Ssm Controls - Configuration block for SSM controls. See below.
- ssm
Controls RemediationConfiguration Execution Controls Ssm Controls - Configuration block for SSM controls. See below.
- ssm_
controls RemediationConfiguration Execution Controls Ssm Controls - Configuration block for SSM controls. See below.
- ssm
Controls Property Map - Configuration block for SSM controls. See below.
RemediationConfigurationExecutionControlsSsmControls, RemediationConfigurationExecutionControlsSsmControlsArgs
- Concurrent
Execution intRate Percentage - Maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. The default value is 10%.
- Error
Percentage int - Percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. The default is 50%.
- Concurrent
Execution intRate Percentage - Maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. The default value is 10%.
- Error
Percentage int - Percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. The default is 50%.
- concurrent
Execution IntegerRate Percentage - Maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. The default value is 10%.
- error
Percentage Integer - Percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. The default is 50%.
- concurrent
Execution numberRate Percentage - Maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. The default value is 10%.
- error
Percentage number - Percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. The default is 50%.
- concurrent_
execution_ intrate_ percentage - Maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. The default value is 10%.
- error_
percentage int - Percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. The default is 50%.
- concurrent
Execution NumberRate Percentage - Maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. The default value is 10%.
- error
Percentage Number - Percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. The default is 50%.
RemediationConfigurationParameter, RemediationConfigurationParameterArgs
- Name string
- Name of the attribute.
- Resource
Value string - Value is dynamic and changes at run-time.
- Static
Value string - Value is static and does not change at run-time.
- Static
Values List<string> - List of static values.
- Name string
- Name of the attribute.
- Resource
Value string - Value is dynamic and changes at run-time.
- Static
Value string - Value is static and does not change at run-time.
- Static
Values []string - List of static values.
- name String
- Name of the attribute.
- resource
Value String - Value is dynamic and changes at run-time.
- static
Value String - Value is static and does not change at run-time.
- static
Values List<String> - List of static values.
- name string
- Name of the attribute.
- resource
Value string - Value is dynamic and changes at run-time.
- static
Value string - Value is static and does not change at run-time.
- static
Values string[] - List of static values.
- name str
- Name of the attribute.
- resource_
value str - Value is dynamic and changes at run-time.
- static_
value str - Value is static and does not change at run-time.
- static_
values Sequence[str] - List of static values.
- name String
- Name of the attribute.
- resource
Value String - Value is dynamic and changes at run-time.
- static
Value String - Value is static and does not change at run-time.
- static
Values List<String> - List of static values.
Import
Using pulumi import, import Remediation Configurations using the name config_rule_name. For example:
$ pulumi import aws:cfg/remediationConfiguration:RemediationConfiguration this example
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.