AWS::Config::OrganizationConfigRule OrganizationCustomRuleMetadata
An object that specifies organization custom rule metadata such as resource type, resource ID of AWS resource, Lambda function ARN, and organization trigger types that trigger AWS Config to evaluate your AWS resources against a rule. It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Description" :String, "InputParameters" :String, "LambdaFunctionArn" :String, "MaximumExecutionFrequency" :String, "OrganizationConfigRuleTriggerTypes" :[ String, ... ], "ResourceIdScope" :String, "ResourceTypesScope" :[ String, ... ], "TagKeyScope" :String, "TagValueScope" :String}
YAML
Description:StringInputParameters:StringLambdaFunctionArn:StringMaximumExecutionFrequency:StringOrganizationConfigRuleTriggerTypes:- StringResourceIdScope:StringResourceTypesScope:- StringTagKeyScope:StringTagValueScope:String
Properties
Description-
The description that you provide for your organization AWS Config rule.
Required: No
Type: String
Minimum:
0Maximum:
256Update requires: No interruption
InputParameters-
A string, in JSON format, that is passed to your organization AWS Config rule Lambda function.
Required: No
Type: String
Minimum:
1Maximum:
2048Update requires: No interruption
LambdaFunctionArn-
The lambda function ARN.
Required: Yes
Type: String
Minimum:
1Maximum:
256Update requires: No interruption
MaximumExecutionFrequency-
The maximum frequency with which AWS Config runs evaluations for a rule. Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
Note
By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the
MaximumExecutionFrequencyparameter.Required: No
Type: String
Allowed values:
One_Hour | Three_Hours | Six_Hours | Twelve_Hours | TwentyFour_HoursUpdate requires: No interruption
OrganizationConfigRuleTriggerTypes-
The type of notification that triggers AWS Config to run an evaluation for a rule. You can specify the following notification types:
-
ConfigurationItemChangeNotification- Triggers an evaluation when AWS Config delivers a configuration item as a result of a resource change. -
OversizedConfigurationItemChangeNotification- Triggers an evaluation when AWS Config delivers an oversized configuration item. AWS Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS. -
ScheduledNotification- Triggers a periodic evaluation at the frequency specified forMaximumExecutionFrequency.
Required: Yes
Type: Array of String
Update requires: No interruption
-
ResourceIdScope-
The ID of the AWS resource that was evaluated.
Required: No
Type: String
Minimum:
1Maximum:
768Update requires: No interruption
ResourceTypesScope-
The type of the AWS resource that was evaluated.
Required: No
Type: Array of String
Minimum:
0Maximum:
100Update requires: No interruption
TagKeyScope-
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
Required: No
Type: String
Minimum:
1Maximum:
128Update requires: No interruption
TagValueScope-
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
Required: No
Type: String
Minimum:
1Maximum:
256Update requires: No interruption
