CfnConfigRuleProps
- class aws_cdk.aws_config.CfnConfigRuleProps(*, source, compliance=None, config_rule_name=None, description=None, evaluation_modes=None, input_parameters=None, maximum_execution_frequency=None, scope=None)
Bases:
object
Properties for defining a
CfnConfigRule
.- Parameters:
source (
Union
[IResolvable
,SourceProperty
,Dict
[str
,Any
]]) – Provides the rule owner (AWS
for managed rules,CUSTOM_POLICY
for Custom Policy rules, andCUSTOM_LAMBDA
for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.compliance (
Union
[IResolvable
,ComplianceProperty
,Dict
[str
,Any
],None
]) – Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.config_rule_name (
Optional
[str
]) – A name for the AWS Config rule. If you don’t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type .description (
Optional
[str
]) – The description that you provide for the AWS Config rule.evaluation_modes (
Union
[IResolvable
,Sequence
[Union
[IResolvable
,EvaluationModeConfigurationProperty
,Dict
[str
,Any
]]],None
]) – The modes the AWS Config rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.input_parameters (
Any
) – A string, in JSON format, that is passed to the AWS Config rule Lambda function.maximum_execution_frequency (
Optional
[str
]) – The maximum frequency with which AWS Config runs evaluations for a rule. You can specify a value forMaximumExecutionFrequency
when: - You are using an AWS managed rule that is triggered at a periodic frequency. - Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties . .. epigraph:: By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for theMaximumExecutionFrequency
parameter.scope (
Union
[IResolvable
,ScopeProperty
,Dict
[str
,Any
],None
]) – Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. .. epigraph:: The scope can be empty.
- See:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_config as config # input_parameters: Any cfn_config_rule_props = config.CfnConfigRuleProps( source=config.CfnConfigRule.SourceProperty( owner="owner", # the properties below are optional custom_policy_details=config.CfnConfigRule.CustomPolicyDetailsProperty( enable_debug_log_delivery=False, policy_runtime="policyRuntime", policy_text="policyText" ), source_details=[config.CfnConfigRule.SourceDetailProperty( event_source="eventSource", message_type="messageType", # the properties below are optional maximum_execution_frequency="maximumExecutionFrequency" )], source_identifier="sourceIdentifier" ), # the properties below are optional compliance=config.CfnConfigRule.ComplianceProperty( type="type" ), config_rule_name="configRuleName", description="description", evaluation_modes=[config.CfnConfigRule.EvaluationModeConfigurationProperty( mode="mode" )], input_parameters=input_parameters, maximum_execution_frequency="maximumExecutionFrequency", scope=config.CfnConfigRule.ScopeProperty( compliance_resource_id="complianceResourceId", compliance_resource_types=["complianceResourceTypes"], tag_key="tagKey", tag_value="tagValue" ) )
Attributes
- compliance
Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.
- config_rule_name
A name for the AWS Config rule.
If you don’t specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type .
- description
The description that you provide for the AWS Config rule.
- evaluation_modes
The modes the AWS Config rule can be evaluated in.
The valid values are distinct objects. By default, the value is Detective evaluation mode only.
- input_parameters
A string, in JSON format, that is passed to the AWS Config rule Lambda function.
- maximum_execution_frequency
The maximum frequency with which AWS Config runs evaluations for a rule.
You can specify a value for
MaximumExecutionFrequency
when:You are using an AWS managed rule that is triggered at a periodic frequency.
Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties .
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the
MaximumExecutionFrequency
parameter.
- scope
Defines which resources can trigger an evaluation for the rule.
The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. .. epigraph:
The scope can be empty.
- source
Provides the rule owner (
AWS
for managed rules,CUSTOM_POLICY
for Custom Policy rules, andCUSTOM_LAMBDA
for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.