interface CustomPolicyProps
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.Config.CustomPolicyProps |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awsconfig#CustomPolicyProps |
![]() | software.amazon.awscdk.services.config.CustomPolicyProps |
![]() | aws_cdk.aws_config.CustomPolicyProps |
![]() | aws-cdk-lib » aws_config » CustomPolicyProps |
Construction properties for a CustomPolicy.
Example
const samplePolicyText = `
# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables
let status = ['ACTIVE']
rule tableisactive when
resourceType == "AWS::DynamoDB::Table" {
configuration.tableStatus == %status
}
rule checkcompliance when
resourceType == "AWS::DynamoDB::Table"
tableisactive {
let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
%pitr == "ENABLED"
}
`;
new config.CustomPolicy(this, "Custom", {
policyText: samplePolicyText,
enableDebugLog: true,
ruleScope: config.RuleScope.fromResources([
config.ResourceType.DYNAMODB_TABLE,
]),
});
Properties
Name | Type | Description |
---|---|---|
policy | string | The policy definition containing the logic for your AWS Config Custom Policy rule. |
config | string | A name for the AWS Config rule. |
description? | string | A description about this AWS Config rule. |
enable | boolean | The boolean expression for enabling debug logging for your AWS Config Custom Policy rule. |
evaluation | Evaluation | The modes the AWS Config rule can be evaluated in. |
input | { [string]: any } | Input parameter values that are passed to the AWS Config rule. |
maximum | Maximum | The maximum frequency at which the AWS Config rule runs evaluations. |
rule | Rule | Defines which resources trigger an evaluation for an AWS Config rule. |
policyText
Type:
string
The policy definition containing the logic for your AWS Config Custom Policy rule.
configRuleName?
Type:
string
(optional, default: CloudFormation generated name)
A name for the AWS Config rule.
description?
Type:
string
(optional, default: No description)
A description about this AWS Config rule.
enableDebugLog?
Type:
boolean
(optional, default: false)
The boolean expression for enabling debug logging for your AWS Config Custom Policy rule.
evaluationModes?
Type:
Evaluation
(optional, default: Detective evaluation mode only)
The modes the AWS Config rule can be evaluated in.
The valid values are distinct objects.
inputParameters?
Type:
{ [string]: any }
(optional, default: No input parameters)
Input parameter values that are passed to the AWS Config rule.
maximumExecutionFrequency?
Type:
Maximum
(optional, default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS)
The maximum frequency at which the AWS Config rule runs evaluations.
ruleScope?
Type:
Rule
(optional, default: evaluations for the rule are triggered when any resource in the recording group changes.)
Defines which resources trigger an evaluation for an AWS Config rule.