interface SourceProperty
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.Config.CfnConfigRule.SourceProperty |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awsconfig#CfnConfigRule_SourceProperty |
![]() | software.amazon.awscdk.services.config.CfnConfigRule.SourceProperty |
![]() | aws_cdk.aws_config.CfnConfigRule.SourceProperty |
![]() | aws-cdk-lib » aws_config » CfnConfigRule » SourceProperty |
Provides the CustomPolicyDetails, the rule owner ( AWS
for managed rules, CUSTOM_POLICY
for Custom Policy rules, and CUSTOM_LAMBDA
for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your AWS resources.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_config as config } from 'aws-cdk-lib';
const sourceProperty: config.CfnConfigRule.SourceProperty = {
owner: 'owner',
// the properties below are optional
customPolicyDetails: {
enableDebugLogDelivery: false,
policyRuntime: 'policyRuntime',
policyText: 'policyText',
},
sourceDetails: [{
eventSource: 'eventSource',
messageType: 'messageType',
// the properties below are optional
maximumExecutionFrequency: 'maximumExecutionFrequency',
}],
sourceIdentifier: 'sourceIdentifier',
};
Properties
Name | Type | Description |
---|---|---|
owner | string | Indicates whether AWS or the customer owns and manages the AWS Config rule. |
custom | IResolvable | Custom | Provides the runtime system, policy definition, and whether debug logging is enabled. |
source | IResolvable | IResolvable | Source [] | Provides the source and the message types that cause AWS Config to evaluate your AWS resources against a rule. |
source | string | For AWS Config Managed rules, a predefined identifier from a list. |
owner
Type:
string
Indicates whether AWS or the customer owns and manages the AWS Config rule.
AWS Config Managed Rules are predefined rules owned by AWS . For more information, see AWS Config Managed Rules in the AWS Config developer guide .
AWS Config Custom Rules are rules that you can develop either with Guard ( CUSTOM_POLICY
) or AWS Lambda ( CUSTOM_LAMBDA
). For more information, see AWS Config Custom Rules in the AWS Config developer guide .
customPolicyDetails?
Type:
IResolvable
|
Custom
(optional)
Provides the runtime system, policy definition, and whether debug logging is enabled.
Required when owner is set to CUSTOM_POLICY
.
sourceDetails?
Type:
IResolvable
|
IResolvable
|
Source
[]
(optional)
Provides the source and the message types that cause AWS Config to evaluate your AWS resources against a rule.
It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.
If the owner is set to CUSTOM_POLICY
, the only acceptable values for the AWS Config rule trigger message type are ConfigurationItemChangeNotification
and OversizedConfigurationItemChangeNotification
.
sourceIdentifier?
Type:
string
(optional)
For AWS Config Managed rules, a predefined identifier from a list.
For example, IAM_PASSWORD_POLICY
is a managed rule. To reference a managed rule, see List of AWS Config Managed Rules .
For AWS Config Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's AWS Lambda function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name
.
For AWS Config Custom Policy rules, this field will be ignored.