CustomRuleProps

class aws_cdk.aws_config.CustomRuleProps(*, config_rule_name=None, description=None, evaluation_modes=None, input_parameters=None, maximum_execution_frequency=None, rule_scope=None, lambda_function, configuration_changes=None, periodic=None)

Bases: RuleProps

Construction properties for a CustomRule.

Parameters:

  • config_rule_name (Optional[str]) – A name for the AWS Config rule. Default: - CloudFormation generated name

  • description (Optional[str]) – A description about this AWS Config rule. Default: - No description

  • evaluation_modes (Optional[EvaluationMode]) – The modes the AWS Config rule can be evaluated in. The valid values are distinct objects. Default: - Detective evaluation mode only

  • input_parameters (Optional[Mapping[str, Any]]) – Input parameter values that are passed to the AWS Config rule. Default: - No input parameters

  • maximum_execution_frequency (Optional[MaximumExecutionFrequency]) – The maximum frequency at which the AWS Config rule runs evaluations. Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS

  • rule_scope (Optional[RuleScope]) – Defines which resources trigger an evaluation for an AWS Config rule. Default: - evaluations for the rule are triggered when any resource in the recording group changes.

  • lambda_function (IFunction) – The Lambda function to run.

  • configuration_changes (Optional[bool]) – Whether to run the rule on configuration changes. Default: false

  • periodic (Optional[bool]) – Whether to run the rule on a fixed frequency. Default: false

ExampleMetadata:

infused

Example:

# fn: lambda.Function
# sample_policy_text: str


config.ManagedRule(self, "ManagedRule",
    identifier=config.ManagedRuleIdentifiers.API_GW_XRAY_ENABLED,
    evaluation_modes=config.EvaluationMode.DETECTIVE_AND_PROACTIVE
)

config.CustomRule(self, "CustomRule",
    lambda_function=fn,
    evaluation_modes=config.EvaluationMode.PROACTIVE
)

config.CustomPolicy(self, "CustomPolicy",
    policy_text=sample_policy_text,
    evaluation_modes=config.EvaluationMode.DETECTIVE
)

Attributes

config_rule_name

A name for the AWS Config rule.

Default:

  • CloudFormation generated name

configuration_changes

Whether to run the rule on configuration changes.

Default:

false

description

A description about this AWS Config rule.

Default:

  • No description

evaluation_modes

The modes the AWS Config rule can be evaluated in.

The valid values are distinct objects.

Default:

  • Detective evaluation mode only

input_parameters

Input parameter values that are passed to the AWS Config rule.

Default:

  • No input parameters

lambda_function

The Lambda function to run.

maximum_execution_frequency

The maximum frequency at which the AWS Config rule runs evaluations.

Default:

MaximumExecutionFrequency.TWENTY_FOUR_HOURS

periodic

Whether to run the rule on a fixed frequency.

Default:

false

rule_scope

Defines which resources trigger an evaluation for an AWS Config rule.

Default:

  • evaluations for the rule are triggered when any resource in the recording group changes.