CustomPolicyProps
- class aws_cdk.aws_config.CustomPolicyProps(*, config_rule_name=None, description=None, evaluation_modes=None, input_parameters=None, maximum_execution_frequency=None, rule_scope=None, policy_text, enable_debug_log=None)
Bases:
RulePropsConstruction properties for a CustomPolicy.
- Parameters:
config_rule_name (
Optional[str]) – A name for the AWS Config rule. Default: - CloudFormation generated namedescription (
Optional[str]) – A description about this AWS Config rule. Default: - No descriptionevaluation_modes (
Optional[EvaluationMode]) – The modes the AWS Config rule can be evaluated in. The valid values are distinct objects. Default: - Detective evaluation mode onlyinput_parameters (
Optional[Mapping[str,Any]]) – Input parameter values that are passed to the AWS Config rule. Default: - No input parametersmaximum_execution_frequency (
Optional[MaximumExecutionFrequency]) – The maximum frequency at which the AWS Config rule runs evaluations. Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURSrule_scope (
Optional[RuleScope]) – Defines which resources trigger an evaluation for an AWS Config rule. Default: - evaluations for the rule are triggered when any resource in the recording group changes.policy_text (
str) – The policy definition containing the logic for your AWS Config Custom Policy rule.enable_debug_log (
Optional[bool]) – The boolean expression for enabling debug logging for your AWS Config Custom Policy rule. Default: false
- ExampleMetadata:
infused
Example:
sample_policy_text = """ # This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables let status = ['ACTIVE'] rule tableisactive when resourceType == "AWS::DynamoDB::Table" { configuration.tableStatus == %status } rule checkcompliance when resourceType == "AWS::DynamoDB::Table" tableisactive { let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus %pitr == "ENABLED" } """ config.CustomPolicy(self, "Custom", policy_text=sample_policy_text, enable_debug_log=True, rule_scope=config.RuleScope.from_resources([config.ResourceType.DYNAMODB_TABLE ]) )
Attributes
- config_rule_name
A name for the AWS Config rule.
- Default:
CloudFormation generated name
- description
A description about this AWS Config rule.
- Default:
No description
- enable_debug_log
The boolean expression for enabling debug logging for your AWS Config Custom Policy rule.
- Default:
false
- evaluation_modes
The modes the AWS Config rule can be evaluated in.
The valid values are distinct objects.
- Default:
Detective evaluation mode only
- input_parameters
Input parameter values that are passed to the AWS Config rule.
- Default:
No input parameters
- maximum_execution_frequency
The maximum frequency at which the AWS Config rule runs evaluations.
- Default:
MaximumExecutionFrequency.TWENTY_FOUR_HOURS
- policy_text
The policy definition containing the logic for your AWS Config Custom Policy rule.
- rule_scope
Defines which resources trigger an evaluation for an AWS Config rule.
- Default:
evaluations for the rule are triggered when any resource in the recording group changes.