class RuleScope
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Config.RuleScope |
 Java | software.amazon.awscdk.services.config.RuleScope |
 Python | aws_cdk.aws_config.RuleScope |
 TypeScript (source) | @aws-cdk/aws-config » RuleScope |
Determines which resources trigger an evaluation of an AWS Config rule.
Example
const sshRule = new config.ManagedRule(this, 'SSH', {
identifier: config.ManagedRuleIdentifiers.EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED,
ruleScope: config.RuleScope.fromResource(config.ResourceType.EC2_SECURITY_GROUP, 'sg-1234567890abcdefgh'), // restrict to specific security group
});
declare const evalComplianceFn: lambda.Function;
const customRule = new config.CustomRule(this, 'Lambda', {
lambdaFunction: evalComplianceFn,
configurationChanges: true,
ruleScope: config.RuleScope.fromResources([config.ResourceType.CLOUDFORMATION_STACK, config.ResourceType.S3_BUCKET]), // restrict to all CloudFormation stacks and S3 buckets
});
const tagRule = new config.CustomRule(this, 'CostCenterTagRule', {
lambdaFunction: evalComplianceFn,
configurationChanges: true,
ruleScope: config.RuleScope.fromTag('Cost Center', 'MyApp'), // restrict to a specific tag
});
Properties
| Name | Type | Description |
|---|---|---|
| key? | string | tag key applied to resources that will trigger evaluation of a rule. |
| resource | string | ID of the only AWS resource that will trigger evaluation of a rule. |
| resource | Resource[] | Resource types that will trigger evaluation of a rule. |
| value? | string | tag value applied to resources that will trigger evaluation of a rule. |
key?
Type:
string
(optional)
tag key applied to resources that will trigger evaluation of a rule.
resourceId?
Type:
string
(optional)
ID of the only AWS resource that will trigger evaluation of a rule.
resourceTypes?
Type:
Resource[]
(optional)
Resource types that will trigger evaluation of a rule.
value?
Type:
string
(optional)
tag value applied to resources that will trigger evaluation of a rule.
Methods
| Name | Description |
|---|---|
| static from | restricts scope of changes to a specific resource type or resource identifier. |
| static from | restricts scope of changes to specific resource types. |
| static from | restricts scope of changes to a specific tag. |
static fromResource(resourceType, resourceId?)
public static fromResource(resourceType: ResourceType, resourceId?: string): RuleScope
Parameters
- resourceType
ResourceType - resourceId
string
Returns
restricts scope of changes to a specific resource type or resource identifier.
static fromResources(resourceTypes)
public static fromResources(resourceTypes: ResourceType[]): RuleScope
Parameters
- resourceTypes
ResourceType []
Returns
restricts scope of changes to specific resource types.
static fromTag(key, value?)
public static fromTag(key: string, value?: string): RuleScope
Parameters
- key
string - value
string
Returns
restricts scope of changes to a specific tag.