Package software.amazon.awscdk.services.config

package software.amazon.awscdk.services.config

AWS Config Construct Library

AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.

This module is part of the AWS Cloud Development Kit project.

Initial Setup

Before using the constructs provided in this module, you need to set up AWS Config in the region in which it will be used. This setup includes the one-time creation of the following resources per region:

• ConfigurationRecorder: Configure which resources will be recorded for config changes.
• DeliveryChannel: Configure where to store the recorded data.

The following guides provide the steps for getting started with AWS Config:

• Using the AWS Console
• Using the AWS CLI

Rules

AWS Config can evaluate the configuration settings of your AWS resources by creating AWS Config rules, which represent your ideal configuration settings.

See Evaluating Resources with AWS Config Rules to learn more about AWS Config rules.

AWS Managed Rules

AWS Config provides AWS managed rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices.

For example, you could create a managed rule that checks whether active access keys are rotated within the number of days specified.

 // https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
 // https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
 ManagedRule.Builder.create(this, "AccessKeysRotated")
         .identifier(ManagedRuleIdentifiers.ACCESS_KEYS_ROTATED)
         .inputParameters(Map.of(
                 "maxAccessKeyAge", 60))
 
         // default is 24 hours
         .maximumExecutionFrequency(MaximumExecutionFrequency.TWELVE_HOURS)
         .build();
 

Identifiers for AWS managed rules are available through static constants in the ManagedRuleIdentifiers class. You can find supported input parameters in the List of AWS Config Managed Rules.

The following higher level constructs for AWS managed rules are available.

Access Key rotation

Checks whether your active access keys are rotated within the number of days specified.

 // compliant if access keys have been rotated within the last 90 days
 // compliant if access keys have been rotated within the last 90 days
 new AccessKeysRotated(this, "AccessKeyRotated");
 

CloudFormation Stack drift detection

Checks whether your CloudFormation stack's actual configuration differs, or has drifted, from it's expected configuration.

 // compliant if stack's status is 'IN_SYNC'
 // non-compliant if the stack's drift status is 'DRIFTED'
 // compliant if stack's status is 'IN_SYNC'
 // non-compliant if the stack's drift status is 'DRIFTED'
 CloudFormationStackDriftDetectionCheck.Builder.create(this, "Drift")
         .ownStackOnly(true)
         .build();
 

CloudFormation Stack notifications

Checks whether your CloudFormation stacks are sending event notifications to a SNS topic.

 // topics to which CloudFormation stacks may send event notifications
 Topic topic1 = new Topic(this, "AllowedTopic1");
 Topic topic2 = new Topic(this, "AllowedTopic2");
 
 // non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
 // non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
 CloudFormationStackNotificationCheck.Builder.create(this, "NotificationCheck")
         .topics(List.of(topic1, topic2))
         .build();
 

Custom rules

You can develop custom rules and add them to AWS Config. You associate each custom rule with an AWS Lambda function and Guard.

Custom Lambda Rules

Lambda function which contains the logic that evaluates whether your AWS resources comply with the rule.

 // Lambda function containing logic that evaluates compliance with the rule.
 Function evalComplianceFn = Function.Builder.create(this, "CustomFunction")
         .code(AssetCode.fromInline("exports.handler = (event) => console.log(event);"))
         .handler("index.handler")
         .runtime(Runtime.NODEJS_18_X)
         .build();
 
 // A custom rule that runs on configuration changes of EC2 instances
 CustomRule customRule = CustomRule.Builder.create(this, "Custom")
         .configurationChanges(true)
         .lambdaFunction(evalComplianceFn)
         .ruleScope(RuleScope.fromResource(ResourceType.EC2_INSTANCE))
         .build();
 

Custom Policy Rules

Guard which contains the logic that evaluates whether your AWS resources comply with the rule.

 String samplePolicyText = "\n# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables\nlet status = ['ACTIVE']\n\nrule tableisactive when\n    resourceType == \"AWS::DynamoDB::Table\" {\n    configuration.tableStatus == %status\n}\n\nrule checkcompliance when\n    resourceType == \"AWS::DynamoDB::Table\"\n    tableisactive {\n        let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus\n        %pitr == \"ENABLED\"\n}\n";
 
 CustomPolicy.Builder.create(this, "Custom")
         .policyText(samplePolicyText)
         .enableDebugLog(true)
         .ruleScope(RuleScope.fromResources(List.of(ResourceType.DYNAMODB_TABLE)))
         .build();
 

Triggers

AWS Lambda executes functions in response to events that are published by AWS Services. The function for a custom Config rule receives an event that is published by AWS Config, and is responsible for evaluating the compliance of the rule.

Evaluations can be triggered by configuration changes, periodically, or both. To create a custom rule, define a CustomRule and specify the Lambda Function to run and the trigger types.

 Function evalComplianceFn;
 
 
 CustomRule.Builder.create(this, "CustomRule")
         .lambdaFunction(evalComplianceFn)
         .configurationChanges(true)
         .periodic(true)
 
         // default is 24 hours
         .maximumExecutionFrequency(MaximumExecutionFrequency.SIX_HOURS)
         .build();
 

When the trigger for a rule occurs, the Lambda function is invoked by publishing an event. See example events for AWS Config Rules

The AWS documentation has examples of Lambda functions for evaluations that are triggered by configuration changes and triggered periodically

Scope

By default rules are triggered by changes to all resources.

Use the RuleScope APIs (fromResource(), fromResources() or fromTag()) to restrict the scope of both managed and custom rules:

 Function evalComplianceFn;
 ManagedRule sshRule = ManagedRule.Builder.create(this, "SSH")
         .identifier(ManagedRuleIdentifiers.EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED)
         .ruleScope(RuleScope.fromResource(ResourceType.EC2_SECURITY_GROUP, "sg-1234567890abcdefgh"))
         .build();
 CustomRule customRule = CustomRule.Builder.create(this, "Lambda")
         .lambdaFunction(evalComplianceFn)
         .configurationChanges(true)
         .ruleScope(RuleScope.fromResources(List.of(ResourceType.CLOUDFORMATION_STACK, ResourceType.S3_BUCKET)))
         .build();
 
 CustomRule tagRule = CustomRule.Builder.create(this, "CostCenterTagRule")
         .lambdaFunction(evalComplianceFn)
         .configurationChanges(true)
         .ruleScope(RuleScope.fromTag("Cost Center", "MyApp"))
         .build();
 

Evaluation Mode

You can specify the evaluation mode for a rule to determine when AWS Config runs evaluations.

Use the evaluationModes property to specify the evaluation mode:

 Function fn;
 String samplePolicyText;
 
 
 ManagedRule.Builder.create(this, "ManagedRule")
         .identifier(ManagedRuleIdentifiers.API_GW_XRAY_ENABLED)
         .evaluationModes(EvaluationMode.DETECTIVE_AND_PROACTIVE)
         .build();
 
 CustomRule.Builder.create(this, "CustomRule")
         .lambdaFunction(fn)
         .evaluationModes(EvaluationMode.PROACTIVE)
         .build();
 
 CustomPolicy.Builder.create(this, "CustomPolicy")
         .policyText(samplePolicyText)
         .evaluationModes(EvaluationMode.DETECTIVE)
         .build();
 

Note: Proactive evaluation mode is not supported for all rules. See AWS Config documentation for more information.

Events

You can define Amazon EventBridge event rules which trigger when a compliance check fails or when a rule is re-evaluated.

Use the onComplianceChange() APIs to trigger an EventBridge event when a compliance check of your AWS Config Rule fails:

 // Topic to which compliance notification events will be published
 Topic complianceTopic = new Topic(this, "ComplianceTopic");
 
 CloudFormationStackDriftDetectionCheck rule = new CloudFormationStackDriftDetectionCheck(this, "Drift");
 rule.onComplianceChange("TopicEvent", OnEventOptions.builder()
         .target(new SnsTopic(complianceTopic))
         .build());
 

Use the onReEvaluationStatus() status to trigger an EventBridge event when an AWS Config rule is re-evaluated.

 // Topic to which re-evaluation notification events will be published
 Topic reEvaluationTopic = new Topic(this, "ComplianceTopic");
 
 CloudFormationStackDriftDetectionCheck rule = new CloudFormationStackDriftDetectionCheck(this, "Drift");
 rule.onReEvaluationStatus("ReEvaluationEvent", OnEventOptions.builder()
         .target(new SnsTopic(reEvaluationTopic))
         .build());
 

Example

The following example creates a custom rule that evaluates whether EC2 instances are compliant. Compliance events are published to an SNS topic.

 // Lambda function containing logic that evaluates compliance with the rule.
 Function evalComplianceFn = Function.Builder.create(this, "CustomFunction")
         .code(AssetCode.fromInline("exports.handler = (event) => console.log(event);"))
         .handler("index.handler")
         .runtime(Runtime.NODEJS_18_X)
         .build();
 
 // A custom rule that runs on configuration changes of EC2 instances
 CustomRule customRule = CustomRule.Builder.create(this, "Custom")
         .configurationChanges(true)
         .lambdaFunction(evalComplianceFn)
         .ruleScope(RuleScope.fromResource(ResourceType.EC2_INSTANCE))
         .build();
 
 // A rule to detect stack drifts
 CloudFormationStackDriftDetectionCheck driftRule = new CloudFormationStackDriftDetectionCheck(this, "Drift");
 
 // Topic to which compliance notification events will be published
 Topic complianceTopic = new Topic(this, "ComplianceTopic");
 
 // Send notification on compliance change events
 driftRule.onComplianceChange("ComplianceChange", OnEventOptions.builder()
         .target(new SnsTopic(complianceTopic))
         .build());
 

Class	Description
AccessKeysRotated	Checks whether the active access keys are rotated within the number of days specified in maxAge.
AccessKeysRotated.Builder	A fluent builder for AccessKeysRotated.
AccessKeysRotatedProps	Construction properties for a AccessKeysRotated.
AccessKeysRotatedProps.Builder	A builder for AccessKeysRotatedProps
AccessKeysRotatedProps.Jsii$Proxy	An implementation for AccessKeysRotatedProps
CfnAggregationAuthorization	An object that represents the authorizations granted to aggregator accounts and regions.
CfnAggregationAuthorization.Builder	A fluent builder for CfnAggregationAuthorization.
CfnAggregationAuthorizationProps	Properties for defining a CfnAggregationAuthorization.
CfnAggregationAuthorizationProps.Builder	A builder for CfnAggregationAuthorizationProps
CfnAggregationAuthorizationProps.Jsii$Proxy	An implementation for CfnAggregationAuthorizationProps
CfnConfigRule
CfnConfigRule.Builder	A fluent builder for CfnConfigRule.
CfnConfigRule.ComplianceProperty	Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.
CfnConfigRule.ComplianceProperty.Builder	A builder for CfnConfigRule.ComplianceProperty
CfnConfigRule.ComplianceProperty.Jsii$Proxy	An implementation for CfnConfigRule.ComplianceProperty
CfnConfigRule.CustomPolicyDetailsProperty	Provides the CustomPolicyDetails, the rule owner ( AWS for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your AWS resources.
CfnConfigRule.CustomPolicyDetailsProperty.Builder	A builder for CfnConfigRule.CustomPolicyDetailsProperty
CfnConfigRule.CustomPolicyDetailsProperty.Jsii$Proxy	An implementation for CfnConfigRule.CustomPolicyDetailsProperty
CfnConfigRule.EvaluationModeConfigurationProperty	The configuration object for AWS Config rule evaluation mode.
CfnConfigRule.EvaluationModeConfigurationProperty.Builder	A builder for CfnConfigRule.EvaluationModeConfigurationProperty
CfnConfigRule.EvaluationModeConfigurationProperty.Jsii$Proxy	An implementation for CfnConfigRule.EvaluationModeConfigurationProperty
CfnConfigRule.ScopeProperty	Defines which resources trigger an evaluation for an AWS Config rule.
CfnConfigRule.ScopeProperty.Builder	A builder for CfnConfigRule.ScopeProperty
CfnConfigRule.ScopeProperty.Jsii$Proxy	An implementation for CfnConfigRule.ScopeProperty
CfnConfigRule.SourceDetailProperty	Provides the source and the message types that trigger AWS Config to evaluate your AWS resources against a rule.
CfnConfigRule.SourceDetailProperty.Builder	A builder for CfnConfigRule.SourceDetailProperty
CfnConfigRule.SourceDetailProperty.Jsii$Proxy	An implementation for CfnConfigRule.SourceDetailProperty
CfnConfigRule.SourceProperty	Provides the CustomPolicyDetails, the rule owner ( AWS for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your AWS resources.
CfnConfigRule.SourceProperty.Builder	A builder for CfnConfigRule.SourceProperty
CfnConfigRule.SourceProperty.Jsii$Proxy	An implementation for CfnConfigRule.SourceProperty
CfnConfigRuleProps	Properties for defining a CfnConfigRule.
CfnConfigRuleProps.Builder	A builder for CfnConfigRuleProps
CfnConfigRuleProps.Jsii$Proxy	An implementation for CfnConfigRuleProps
CfnConfigurationAggregator	The details about the configuration aggregator, including information about source accounts, regions, and metadata of the aggregator.
CfnConfigurationAggregator.AccountAggregationSourceProperty	A collection of accounts and regions.
CfnConfigurationAggregator.AccountAggregationSourceProperty.Builder	A builder for CfnConfigurationAggregator.AccountAggregationSourceProperty
CfnConfigurationAggregator.AccountAggregationSourceProperty.Jsii$Proxy	An implementation for CfnConfigurationAggregator.AccountAggregationSourceProperty
CfnConfigurationAggregator.Builder	A fluent builder for CfnConfigurationAggregator.
CfnConfigurationAggregator.OrganizationAggregationSourceProperty	This object contains regions to set up the aggregator and an IAM role to retrieve organization details.
CfnConfigurationAggregator.OrganizationAggregationSourceProperty.Builder	A builder for CfnConfigurationAggregator.OrganizationAggregationSourceProperty
CfnConfigurationAggregator.OrganizationAggregationSourceProperty.Jsii$Proxy	An implementation for CfnConfigurationAggregator.OrganizationAggregationSourceProperty
CfnConfigurationAggregatorProps	Properties for defining a CfnConfigurationAggregator.
CfnConfigurationAggregatorProps.Builder	A builder for CfnConfigurationAggregatorProps
CfnConfigurationAggregatorProps.Jsii$Proxy	An implementation for CfnConfigurationAggregatorProps
CfnConfigurationRecorder	The AWS::Config::ConfigurationRecorder resource type describes the AWS resource types that AWS Config records for configuration changes.
CfnConfigurationRecorder.Builder	A fluent builder for CfnConfigurationRecorder.
CfnConfigurationRecorder.ExclusionByResourceTypesProperty	Specifies whether the configuration recorder excludes certain resource types from being recorded.
CfnConfigurationRecorder.ExclusionByResourceTypesProperty.Builder	A builder for CfnConfigurationRecorder.ExclusionByResourceTypesProperty
CfnConfigurationRecorder.ExclusionByResourceTypesProperty.Jsii$Proxy	An implementation for CfnConfigurationRecorder.ExclusionByResourceTypesProperty
CfnConfigurationRecorder.RecordingGroupProperty	Specifies which resource types AWS Config records for configuration changes.
CfnConfigurationRecorder.RecordingGroupProperty.Builder	A builder for CfnConfigurationRecorder.RecordingGroupProperty
CfnConfigurationRecorder.RecordingGroupProperty.Jsii$Proxy	An implementation for CfnConfigurationRecorder.RecordingGroupProperty
CfnConfigurationRecorder.RecordingModeOverrideProperty	An object for you to specify your overrides for the recording mode.
CfnConfigurationRecorder.RecordingModeOverrideProperty.Builder	A builder for CfnConfigurationRecorder.RecordingModeOverrideProperty
CfnConfigurationRecorder.RecordingModeOverrideProperty.Jsii$Proxy	An implementation for CfnConfigurationRecorder.RecordingModeOverrideProperty
CfnConfigurationRecorder.RecordingModeProperty	Specifies the default recording frequency that AWS Config uses to record configuration changes.
CfnConfigurationRecorder.RecordingModeProperty.Builder	A builder for CfnConfigurationRecorder.RecordingModeProperty
CfnConfigurationRecorder.RecordingModeProperty.Jsii$Proxy	An implementation for CfnConfigurationRecorder.RecordingModeProperty
CfnConfigurationRecorder.RecordingStrategyProperty	Specifies the recording strategy of the configuration recorder.
CfnConfigurationRecorder.RecordingStrategyProperty.Builder	A builder for CfnConfigurationRecorder.RecordingStrategyProperty
CfnConfigurationRecorder.RecordingStrategyProperty.Jsii$Proxy	An implementation for CfnConfigurationRecorder.RecordingStrategyProperty
CfnConfigurationRecorderProps	Properties for defining a CfnConfigurationRecorder.
CfnConfigurationRecorderProps.Builder	A builder for CfnConfigurationRecorderProps
CfnConfigurationRecorderProps.Jsii$Proxy	An implementation for CfnConfigurationRecorderProps
CfnConformancePack	A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed in an account and a region.
CfnConformancePack.Builder	A fluent builder for CfnConformancePack.
CfnConformancePack.ConformancePackInputParameterProperty	Input parameters in the form of key-value pairs for the conformance pack, both of which you define.
CfnConformancePack.ConformancePackInputParameterProperty.Builder	A builder for CfnConformancePack.ConformancePackInputParameterProperty
CfnConformancePack.ConformancePackInputParameterProperty.Jsii$Proxy	An implementation for CfnConformancePack.ConformancePackInputParameterProperty
CfnConformancePack.TemplateSSMDocumentDetailsProperty	This API allows you to create a conformance pack template with an AWS Systems Manager document (SSM document).
CfnConformancePack.TemplateSSMDocumentDetailsProperty.Builder	A builder for CfnConformancePack.TemplateSSMDocumentDetailsProperty
CfnConformancePack.TemplateSSMDocumentDetailsProperty.Jsii$Proxy	An implementation for CfnConformancePack.TemplateSSMDocumentDetailsProperty
CfnConformancePackProps	Properties for defining a CfnConformancePack.
CfnConformancePackProps.Builder	A builder for CfnConformancePackProps
CfnConformancePackProps.Jsii$Proxy	An implementation for CfnConformancePackProps
CfnDeliveryChannel	Specifies a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic.
CfnDeliveryChannel.Builder	A fluent builder for CfnDeliveryChannel.
CfnDeliveryChannel.ConfigSnapshotDeliveryPropertiesProperty	Provides options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket in your delivery channel.
CfnDeliveryChannel.ConfigSnapshotDeliveryPropertiesProperty.Builder	A builder for CfnDeliveryChannel.ConfigSnapshotDeliveryPropertiesProperty
CfnDeliveryChannel.ConfigSnapshotDeliveryPropertiesProperty.Jsii$Proxy	An implementation for CfnDeliveryChannel.ConfigSnapshotDeliveryPropertiesProperty
CfnDeliveryChannelProps	Properties for defining a CfnDeliveryChannel.
CfnDeliveryChannelProps.Builder	A builder for CfnDeliveryChannelProps
CfnDeliveryChannelProps.Jsii$Proxy	An implementation for CfnDeliveryChannelProps
CfnOrganizationConfigRule	Adds or updates an AWS Config rule for your entire organization to evaluate if your AWS resources comply with your desired configurations.
CfnOrganizationConfigRule.Builder	A fluent builder for CfnOrganizationConfigRule.
CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty	An object that specifies metadata for your organization's AWS Config Custom Policy rule.
CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty.Builder	A builder for CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty
CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty.Jsii$Proxy	An implementation for CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty
CfnOrganizationConfigRule.OrganizationCustomRuleMetadataProperty	An object that specifies organization custom rule metadata such as resource type, resource ID of AWS resource, Lambda function ARN, and organization trigger types that trigger AWS Config to evaluate your AWS resources against a rule.
CfnOrganizationConfigRule.OrganizationCustomRuleMetadataProperty.Builder	A builder for CfnOrganizationConfigRule.OrganizationCustomRuleMetadataProperty
CfnOrganizationConfigRule.OrganizationCustomRuleMetadataProperty.Jsii$Proxy	An implementation for CfnOrganizationConfigRule.OrganizationCustomRuleMetadataProperty
CfnOrganizationConfigRule.OrganizationManagedRuleMetadataProperty	An object that specifies organization managed rule metadata such as resource type and ID of AWS resource along with the rule identifier.
CfnOrganizationConfigRule.OrganizationManagedRuleMetadataProperty.Builder	A builder for CfnOrganizationConfigRule.OrganizationManagedRuleMetadataProperty
CfnOrganizationConfigRule.OrganizationManagedRuleMetadataProperty.Jsii$Proxy	An implementation for CfnOrganizationConfigRule.OrganizationManagedRuleMetadataProperty
CfnOrganizationConfigRuleProps	Properties for defining a CfnOrganizationConfigRule.
CfnOrganizationConfigRuleProps.Builder	A builder for CfnOrganizationConfigRuleProps
CfnOrganizationConfigRuleProps.Jsii$Proxy	An implementation for CfnOrganizationConfigRuleProps
CfnOrganizationConformancePack	OrganizationConformancePack deploys conformance packs across member accounts in an AWS Organizations .
CfnOrganizationConformancePack.Builder	A fluent builder for CfnOrganizationConformancePack.
CfnOrganizationConformancePack.ConformancePackInputParameterProperty	Input parameters in the form of key-value pairs for the conformance pack, both of which you define.
CfnOrganizationConformancePack.ConformancePackInputParameterProperty.Builder	A builder for CfnOrganizationConformancePack.ConformancePackInputParameterProperty
CfnOrganizationConformancePack.ConformancePackInputParameterProperty.Jsii$Proxy	An implementation for CfnOrganizationConformancePack.ConformancePackInputParameterProperty
CfnOrganizationConformancePackProps	Properties for defining a CfnOrganizationConformancePack.
CfnOrganizationConformancePackProps.Builder	A builder for CfnOrganizationConformancePackProps
CfnOrganizationConformancePackProps.Jsii$Proxy	An implementation for CfnOrganizationConformancePackProps
CfnRemediationConfiguration	An object that represents the details about the remediation configuration that includes the remediation action, parameters, and data to execute the action.
CfnRemediationConfiguration.Builder	A fluent builder for CfnRemediationConfiguration.
CfnRemediationConfiguration.ExecutionControlsProperty	An ExecutionControls object.
CfnRemediationConfiguration.ExecutionControlsProperty.Builder	A builder for CfnRemediationConfiguration.ExecutionControlsProperty
CfnRemediationConfiguration.ExecutionControlsProperty.Jsii$Proxy	An implementation for CfnRemediationConfiguration.ExecutionControlsProperty
CfnRemediationConfiguration.RemediationParameterValueProperty	The value is either a dynamic (resource) value or a static value.
CfnRemediationConfiguration.RemediationParameterValueProperty.Builder	A builder for CfnRemediationConfiguration.RemediationParameterValueProperty
CfnRemediationConfiguration.RemediationParameterValueProperty.Jsii$Proxy	An implementation for CfnRemediationConfiguration.RemediationParameterValueProperty
CfnRemediationConfiguration.ResourceValueProperty	Example:
CfnRemediationConfiguration.ResourceValueProperty.Builder	A builder for CfnRemediationConfiguration.ResourceValueProperty
CfnRemediationConfiguration.ResourceValueProperty.Jsii$Proxy	An implementation for CfnRemediationConfiguration.ResourceValueProperty
CfnRemediationConfiguration.SsmControlsProperty	AWS Systems Manager (SSM) specific remediation controls.
CfnRemediationConfiguration.SsmControlsProperty.Builder	A builder for CfnRemediationConfiguration.SsmControlsProperty
CfnRemediationConfiguration.SsmControlsProperty.Jsii$Proxy	An implementation for CfnRemediationConfiguration.SsmControlsProperty
CfnRemediationConfiguration.StaticValueProperty	Example:
CfnRemediationConfiguration.StaticValueProperty.Builder	A builder for CfnRemediationConfiguration.StaticValueProperty
CfnRemediationConfiguration.StaticValueProperty.Jsii$Proxy	An implementation for CfnRemediationConfiguration.StaticValueProperty
CfnRemediationConfigurationProps	Properties for defining a CfnRemediationConfiguration.
CfnRemediationConfigurationProps.Builder	A builder for CfnRemediationConfigurationProps
CfnRemediationConfigurationProps.Jsii$Proxy	An implementation for CfnRemediationConfigurationProps
CfnStoredQuery	Provides the details of a stored query.
CfnStoredQuery.Builder	A fluent builder for CfnStoredQuery.
CfnStoredQueryProps	Properties for defining a CfnStoredQuery.
CfnStoredQueryProps.Builder	A builder for CfnStoredQueryProps
CfnStoredQueryProps.Jsii$Proxy	An implementation for CfnStoredQueryProps
CloudFormationStackDriftDetectionCheck	Checks whether your CloudFormation stacks' actual configuration differs, or has drifted, from its expected configuration.
CloudFormationStackDriftDetectionCheck.Builder	A fluent builder for CloudFormationStackDriftDetectionCheck.
CloudFormationStackDriftDetectionCheckProps	Construction properties for a CloudFormationStackDriftDetectionCheck.
CloudFormationStackDriftDetectionCheckProps.Builder	A builder for CloudFormationStackDriftDetectionCheckProps
CloudFormationStackDriftDetectionCheckProps.Jsii$Proxy	An implementation for CloudFormationStackDriftDetectionCheckProps
CloudFormationStackNotificationCheck	Checks whether your CloudFormation stacks are sending event notifications to a SNS topic.
CloudFormationStackNotificationCheck.Builder	A fluent builder for CloudFormationStackNotificationCheck.
CloudFormationStackNotificationCheckProps	Construction properties for a CloudFormationStackNotificationCheck.
CloudFormationStackNotificationCheckProps.Builder	A builder for CloudFormationStackNotificationCheckProps
CloudFormationStackNotificationCheckProps.Jsii$Proxy	An implementation for CloudFormationStackNotificationCheckProps
CustomPolicy	A new custom policy.
CustomPolicy.Builder	A fluent builder for CustomPolicy.
CustomPolicyProps	Construction properties for a CustomPolicy.
CustomPolicyProps.Builder	A builder for CustomPolicyProps
CustomPolicyProps.Jsii$Proxy	An implementation for CustomPolicyProps
CustomRule	A new custom rule.
CustomRule.Builder	A fluent builder for CustomRule.
CustomRuleProps	Construction properties for a CustomRule.
CustomRuleProps.Builder	A builder for CustomRuleProps
CustomRuleProps.Jsii$Proxy	An implementation for CustomRuleProps
EvaluationMode	The mode of evaluation for the rule.
IRule	Interface representing an AWS Config rule.
IRule.Jsii$Default	Internal default implementation for IRule.
IRule.Jsii$Proxy	A proxy class which represents a concrete javascript instance of this type.
ManagedRule	A new managed rule.
ManagedRule.Builder	A fluent builder for ManagedRule.
ManagedRuleIdentifiers	Managed rules that are supported by AWS Config.
ManagedRuleProps	Construction properties for a ManagedRule.
ManagedRuleProps.Builder	A builder for ManagedRuleProps
ManagedRuleProps.Jsii$Proxy	An implementation for ManagedRuleProps
MaximumExecutionFrequency	The maximum frequency at which the AWS Config rule runs evaluations.
ResourceType	Resources types that are supported by AWS Config.
RuleProps	Construction properties for a new rule.
RuleProps.Builder	A builder for RuleProps
RuleProps.Jsii$Proxy	An implementation for RuleProps
RuleScope	Determines which resources trigger an evaluation of an AWS Config rule.