RuleScope

class aws_cdk.aws_config.RuleScope(*args: Any, **kwargs)

Bases: object

Determines which resources trigger an evaluation of an AWS Config rule.

ExampleMetadata:

infused

Example:

# Lambda function containing logic that evaluates compliance with the rule.
eval_compliance_fn = lambda_.Function(self, "CustomFunction",
    code=lambda_.AssetCode.from_inline("exports.handler = (event) => console.log(event);"),
    handler="index.handler",
    runtime=lambda_.Runtime.NODEJS_18_X
)

# A custom rule that runs on configuration changes of EC2 instances
custom_rule = config.CustomRule(self, "Custom",
    configuration_changes=True,
    lambda_function=eval_compliance_fn,
    rule_scope=config.RuleScope.from_resource(config.ResourceType.EC2_INSTANCE)
)

Attributes

key

tag key applied to resources that will trigger evaluation of a rule.

resource_id

ID of the only AWS resource that will trigger evaluation of a rule.

resource_types

Resource types that will trigger evaluation of a rule.

value

tag value applied to resources that will trigger evaluation of a rule.

Static Methods

classmethod from_resource(resource_type, resource_id=None)

restricts scope of changes to a specific resource type or resource identifier.

Parameters:

• resource_type (ResourceType) –

• resource_id (Optional[str]) –

Return type:

RuleScope

classmethod from_resources(resource_types)

restricts scope of changes to specific resource types.

Parameters:

resource_types (Sequence[ResourceType]) –

Return type:

RuleScope

classmethod from_tag(key, value=None)

restricts scope of changes to a specific tag.

Parameters:

• key (str) –

• value (Optional[str]) –

Return type:

RuleScope