interface CloudFormationStackDriftDetectionCheckProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Config.CloudFormationStackDriftDetectionCheckProps |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsconfig#CloudFormationStackDriftDetectionCheckProps |
 Java | software.amazon.awscdk.services.config.CloudFormationStackDriftDetectionCheckProps |
 Python | aws_cdk.aws_config.CloudFormationStackDriftDetectionCheckProps |
 TypeScript (source) | aws-cdk-lib » aws_config » CloudFormationStackDriftDetectionCheckProps |
Construction properties for a CloudFormationStackDriftDetectionCheck.
Example
// compliant if stack's status is 'IN_SYNC'
// non-compliant if the stack's drift status is 'DRIFTED'
new config.CloudFormationStackDriftDetectionCheck(this, 'Drift', {
ownStackOnly: true, // checks only the stack containing the rule
});
Properties
| Name | Type | Description |
|---|---|---|
| config | string | A name for the AWS Config rule. |
| description? | string | A description about this AWS Config rule. |
| evaluation | Evaluation | The modes the AWS Config rule can be evaluated in. |
| input | { [string]: any } | Input parameter values that are passed to the AWS Config rule. |
| maximum | Maximum | The maximum frequency at which the AWS Config rule runs evaluations. |
| own | boolean | Whether to check only the stack where this rule is deployed. |
| role? | IRole | The IAM role to use for this rule. |
| rule | Rule | Defines which resources trigger an evaluation for an AWS Config rule. |
configRuleName?
Type:
string
(optional, default: CloudFormation generated name)
A name for the AWS Config rule.
description?
Type:
string
(optional, default: No description)
A description about this AWS Config rule.
evaluationModes?
Type:
Evaluation
(optional, default: Detective evaluation mode only)
The modes the AWS Config rule can be evaluated in.
The valid values are distinct objects.
inputParameters?
Type:
{ [string]: any }
(optional, default: No input parameters)
Input parameter values that are passed to the AWS Config rule.
maximumExecutionFrequency?
Type:
Maximum
(optional, default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS)
The maximum frequency at which the AWS Config rule runs evaluations.
ownStackOnly?
Type:
boolean
(optional, default: false)
Whether to check only the stack where this rule is deployed.
role?
Type:
IRole
(optional, default: A role will be created)
The IAM role to use for this rule.
It must have permissions to detect drift
for AWS CloudFormation stacks. Ensure to attach config.amazonaws.com trusted
permissions and ReadOnlyAccess policy permissions. For specific policy permissions,
refer to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html.
ruleScope?
Type:
Rule
(optional, default: evaluations for the rule are triggered when any resource in the recording group changes.)
Defines which resources trigger an evaluation for an AWS Config rule.