AWS::Config::OrganizationConfigRule OrganizationCustomPolicyRuleMetadata
An object that specifies metadata for your organization's AWS Config Custom Policy rule. The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of AWS resource, and organization trigger types that initiate AWS Config to evaluate AWS resources against a rule.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "DebugLogDeliveryAccounts" :[ String, ... ], "Description" :String, "InputParameters" :String, "MaximumExecutionFrequency" :String, "OrganizationConfigRuleTriggerTypes" :[ String, ... ], "PolicyText" :String, "ResourceIdScope" :String, "ResourceTypesScope" :[ String, ... ], "Runtime" :String, "TagKeyScope" :String, "TagValueScope" :String}
YAML
DebugLogDeliveryAccounts:- StringDescription:StringInputParameters:StringMaximumExecutionFrequency:StringOrganizationConfigRuleTriggerTypes:- StringPolicyText:StringResourceIdScope:StringResourceTypesScope:- StringRuntime:StringTagKeyScope:StringTagValueScope:String
Properties
DebugLogDeliveryAccounts-
A list of accounts that you can enable debug logging for your organization AWS Config Custom Policy rule. List is null when debug logging is enabled for all accounts.
Required: No
Type: Array of String
Minimum:
0Maximum:
1000Update requires: No interruption
Description-
The description that you provide for your organization AWS Config Custom Policy rule.
Required: No
Type: String
Minimum:
0Maximum:
256Update requires: No interruption
InputParameters-
A string, in JSON format, that is passed to your organization AWS Config Custom Policy rule.
Required: No
Type: String
Minimum:
1Maximum:
2048Update requires: No interruption
MaximumExecutionFrequency-
The maximum frequency with which AWS Config runs evaluations for a rule. Your AWS Config Custom Policy rule is triggered when AWS Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.
Required: No
Type: String
Allowed values:
One_Hour | Three_Hours | Six_Hours | Twelve_Hours | TwentyFour_HoursUpdate requires: No interruption
OrganizationConfigRuleTriggerTypes-
The type of notification that initiates AWS Config to run an evaluation for a rule. For AWS Config Custom Policy rules, AWS Config supports change-initiated notification types:
-
ConfigurationItemChangeNotification- Initiates an evaluation when AWS Config delivers a configuration item as a result of a resource change. -
OversizedConfigurationItemChangeNotification- Initiates an evaluation when AWS Config delivers an oversized configuration item. AWS Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
Required: No
Type: Array of String
Update requires: No interruption
-
PolicyText-
The policy definition containing the logic for your organization AWS Config Custom Policy rule.
Required: Yes
Type: String
Minimum:
0Maximum:
10000Update requires: No interruption
ResourceIdScope-
The ID of the AWS resource that was evaluated.
Required: No
Type: String
Minimum:
1Maximum:
768Update requires: No interruption
ResourceTypesScope-
The type of the AWS resource that was evaluated.
Required: No
Type: Array of String
Minimum:
0Maximum:
100Update requires: No interruption
Runtime-
The runtime system for your organization AWS Config Custom Policy rules. Guard is a policy-as-code language that allows you to write policies that are enforced by AWS Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository
. Required: Yes
Type: String
Pattern:
guard\-2\.x\.xMinimum:
1Maximum:
64Update requires: No interruption
TagKeyScope-
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.
Required: No
Type: String
Minimum:
1Maximum:
128Update requires: No interruption
TagValueScope-
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).
Required: No
Type: String
Minimum:
1Maximum:
256Update requires: No interruption
