AWS::Config::ConformancePack
A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed in an account and a region. ConformancePack creates a service linked role in your account. The service linked role is created only when the role does not exist in your account.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Config::ConformancePack", "Properties" : { "ConformancePackInputParameters" :[ ConformancePackInputParameter, ... ], "ConformancePackName" :String, "DeliveryS3Bucket" :String, "DeliveryS3KeyPrefix" :String, "TemplateBody" :String, "TemplateS3Uri" :String, "TemplateSSMDocumentDetails" :TemplateSSMDocumentDetails} }
YAML
Type: AWS::Config::ConformancePack Properties: ConformancePackInputParameters:- ConformancePackInputParameterConformancePackName:StringDeliveryS3Bucket:StringDeliveryS3KeyPrefix:StringTemplateBody:StringTemplateS3Uri:StringTemplateSSMDocumentDetails:TemplateSSMDocumentDetails
Properties
ConformancePackInputParameters-
A list of ConformancePackInputParameter objects.
Required: No
Type: Array of ConformancePackInputParameter
Minimum:
0Maximum:
60Update requires: No interruption
ConformancePackName-
Name of the conformance pack you want to create.
Required: Yes
Type: String
Pattern:
[a-zA-Z][-a-zA-Z0-9]*Minimum:
1Maximum:
256Update requires: Replacement
DeliveryS3Bucket-
The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.
Required: No
Type: String
Minimum:
0Maximum:
63Update requires: No interruption
DeliveryS3KeyPrefix-
The prefix for the Amazon S3 bucket.
Required: No
Type: String
Minimum:
0Maximum:
1024Update requires: No interruption
TemplateBody-
A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
Note
You can only use a YAML template with two resource types: config rule (
AWS::Config::ConfigRule) and a remediation action (AWS::Config::RemediationConfiguration).Required: No
Type: String
Minimum:
1Maximum:
51200Update requires: No interruption
TemplateS3Uri-
Location of file containing the template body (s3://bucketname/prefix). The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket.
Note
You must have access to read Amazon S3 bucket.
Required: No
Type: String
Pattern:
s3://.*Minimum:
1Maximum:
1024Update requires: No interruption
TemplateSSMDocumentDetails-
An object that contains the name or Amazon Resource Name (ARN) of the AWS Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.
Required: No
Type: TemplateSSMDocumentDetails
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the name of the conformance pack.
For more information about using the Ref function, see Ref.
Examples
Conformance Pack
The following example creates a conformance pack.
JSON
{ "Resources": { "ConformancePack": { "Type": "AWS::Config::ConformancePack", "Properties": { "ConformancePackName": "ConformancePackName", "DeliveryS3Bucket": "DeliveryS3Bucket", "TemplateS3Uri": "s3://bucketname/prefix" } } } }
YAML
--- AWSTemplateFormatVersion: 2010-09-09 Resources: CloudFormationCanaryPack: Type: AWS::Config::ConformancePack Properties: ConformancePackName: ConformancePackName DeliveryS3Bucket: DeliveryS3Bucket TemplateS3Uri: s3://bucketname/prefix
