{ "author": { "name": "Amazon Web Services", "organization": true, "roles": [ "author" ], "url": "https://aws.amazon.com" }, "dependencies": { "@aws-cdk/aws-events": "1.204.0", "@aws-cdk/aws-iam": "1.204.0", "@aws-cdk/aws-lambda": "1.204.0", "@aws-cdk/aws-sns": "1.204.0", "@aws-cdk/core": "1.204.0", "constructs": "^3.3.69" }, "dependencyClosure": { "@aws-cdk/assets": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.Assets", "packageId": "Amazon.CDK.Assets" }, "java": { "maven": { "artifactId": "cdk-assets", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.assets" }, "js": { "npm": "@aws-cdk/assets" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.assets", "module": "aws_cdk.assets" } } }, "@aws-cdk/aws-applicationautoscaling": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.ApplicationAutoScaling", "packageId": "Amazon.CDK.AWS.ApplicationAutoScaling" }, "java": { "maven": { "artifactId": "applicationautoscaling", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.applicationautoscaling" }, "js": { "npm": "@aws-cdk/aws-applicationautoscaling" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-applicationautoscaling", "module": "aws_cdk.aws_applicationautoscaling" } } }, "@aws-cdk/aws-autoscaling-common": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.AutoScaling.Common", "packageId": "Amazon.CDK.AWS.AutoScaling.Common" }, "java": { "maven": { "artifactId": "autoscaling-common", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.autoscaling.common" }, "js": { "npm": "@aws-cdk/aws-autoscaling-common" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-autoscaling-common", "module": "aws_cdk.aws_autoscaling_common" } } }, "@aws-cdk/aws-cloudwatch": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.CloudWatch", "packageId": "Amazon.CDK.AWS.CloudWatch" }, "java": { "maven": { "artifactId": "cloudwatch", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.cloudwatch" }, "js": { "npm": "@aws-cdk/aws-cloudwatch" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-cloudwatch", "module": "aws_cdk.aws_cloudwatch" } } }, "@aws-cdk/aws-codeguruprofiler": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.CodeGuruProfiler", "packageId": "Amazon.CDK.AWS.CodeGuruProfiler" }, "java": { "maven": { "artifactId": "codeguruprofiler", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.codeguruprofiler" }, "js": { "npm": "@aws-cdk/aws-codeguruprofiler" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-codeguruprofiler", "module": "aws_cdk.aws_codeguruprofiler" } } }, "@aws-cdk/aws-codestarnotifications": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.CodeStarNotifications", "packageId": "Amazon.CDK.AWS.CodeStarNotifications" }, "java": { "maven": { "artifactId": "codestarnotifications", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.codestarnotifications" }, "js": { "npm": "@aws-cdk/aws-codestarnotifications" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-codestarnotifications", "module": "aws_cdk.aws_codestarnotifications" } } }, "@aws-cdk/aws-ec2": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.EC2", "packageId": "Amazon.CDK.AWS.EC2" }, "java": { "maven": { "artifactId": "ec2", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.ec2" }, "js": { "npm": "@aws-cdk/aws-ec2" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-ec2", "module": "aws_cdk.aws_ec2" } } }, "@aws-cdk/aws-ecr": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.ECR", "packageId": "Amazon.CDK.AWS.ECR" }, "java": { "maven": { "artifactId": "ecr", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.ecr" }, "js": { "npm": "@aws-cdk/aws-ecr" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-ecr", "module": "aws_cdk.aws_ecr" } } }, "@aws-cdk/aws-ecr-assets": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.Ecr.Assets", "packageId": "Amazon.CDK.ECR.Assets" }, "java": { "maven": { "artifactId": "ecr-assets", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.ecr.assets" }, "js": { "npm": "@aws-cdk/aws-ecr-assets" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-ecr-assets", "module": "aws_cdk.aws_ecr_assets" } } }, "@aws-cdk/aws-efs": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.EFS", "packageId": "Amazon.CDK.AWS.EFS" }, "java": { "maven": { "artifactId": "efs", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.efs" }, "js": { "npm": "@aws-cdk/aws-efs" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-efs", "module": "aws_cdk.aws_efs" } } }, "@aws-cdk/aws-events": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.Events", "packageId": "Amazon.CDK.AWS.Events" }, "java": { "maven": { "artifactId": "events", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.events" }, "js": { "npm": "@aws-cdk/aws-events" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-events", "module": "aws_cdk.aws_events" } } }, "@aws-cdk/aws-iam": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.IAM", "packageId": "Amazon.CDK.AWS.IAM" }, "java": { "maven": { "artifactId": "iam", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.iam" }, "js": { "npm": "@aws-cdk/aws-iam" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-iam", "module": "aws_cdk.aws_iam" } } }, "@aws-cdk/aws-kms": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.KMS", "packageId": "Amazon.CDK.AWS.KMS" }, "java": { "maven": { "artifactId": "kms", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.kms" }, "js": { "npm": "@aws-cdk/aws-kms" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-kms", "module": "aws_cdk.aws_kms" } } }, "@aws-cdk/aws-lambda": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.Lambda", "packageId": "Amazon.CDK.AWS.Lambda" }, "java": { "maven": { "artifactId": "lambda", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.lambda" }, "js": { "npm": "@aws-cdk/aws-lambda" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-lambda", "module": "aws_cdk.aws_lambda" } } }, "@aws-cdk/aws-logs": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.Logs", "packageId": "Amazon.CDK.AWS.Logs" }, "java": { "maven": { "artifactId": "logs", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.logs" }, "js": { "npm": "@aws-cdk/aws-logs" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-logs", "module": "aws_cdk.aws_logs" } } }, "@aws-cdk/aws-s3": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.S3", "packageId": "Amazon.CDK.AWS.S3" }, "java": { "maven": { "artifactId": "s3", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.s3" }, "js": { "npm": "@aws-cdk/aws-s3" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-s3", "module": "aws_cdk.aws_s3" } } }, "@aws-cdk/aws-s3-assets": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.S3.Assets", "packageId": "Amazon.CDK.AWS.S3.Assets" }, "java": { "maven": { "artifactId": "s3-assets", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.s3.assets" }, "js": { "npm": "@aws-cdk/aws-s3-assets" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-s3-assets", "module": "aws_cdk.aws_s3_assets" } } }, "@aws-cdk/aws-signer": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.Signer", "packageId": "Amazon.CDK.AWS.Signer" }, "java": { "maven": { "artifactId": "signer", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.signer" }, "js": { "npm": "@aws-cdk/aws-signer" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-signer", "module": "aws_cdk.aws_signer" } } }, "@aws-cdk/aws-sns": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.SNS", "packageId": "Amazon.CDK.AWS.SNS" }, "java": { "maven": { "artifactId": "sns", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.sns" }, "js": { "npm": "@aws-cdk/aws-sns" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-sns", "module": "aws_cdk.aws_sns" } } }, "@aws-cdk/aws-sqs": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.SQS", "packageId": "Amazon.CDK.AWS.SQS" }, "java": { "maven": { "artifactId": "sqs", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.sqs" }, "js": { "npm": "@aws-cdk/aws-sqs" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-sqs", "module": "aws_cdk.aws_sqs" } } }, "@aws-cdk/aws-ssm": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.SSM", "packageId": "Amazon.CDK.AWS.SSM" }, "java": { "maven": { "artifactId": "ssm", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.ssm" }, "js": { "npm": "@aws-cdk/aws-ssm" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-ssm", "module": "aws_cdk.aws_ssm" } } }, "@aws-cdk/cloud-assembly-schema": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.CloudAssembly.Schema", "packageId": "Amazon.CDK.CloudAssembly.Schema" }, "java": { "maven": { "artifactId": "cdk-cloud-assembly-schema", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.cloudassembly.schema" }, "js": { "npm": "@aws-cdk/cloud-assembly-schema" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.cloud-assembly-schema", "module": "aws_cdk.cloud_assembly_schema" } } }, "@aws-cdk/core": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK", "packageId": "Amazon.CDK" }, "java": { "maven": { "artifactId": "core", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.core" }, "js": { "npm": "@aws-cdk/core" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.core", "module": "aws_cdk.core" } } }, "@aws-cdk/cx-api": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.CXAPI", "packageId": "Amazon.CDK.CXAPI" }, "java": { "maven": { "artifactId": "cdk-cx-api", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.cxapi" }, "js": { "npm": "@aws-cdk/cx-api" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.cx-api", "module": "aws_cdk.cx_api" } } }, "@aws-cdk/region-info": { "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.RegionInfo", "packageId": "Amazon.CDK.RegionInfo" }, "java": { "maven": { "artifactId": "cdk-region-info", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.regioninfo" }, "js": { "npm": "@aws-cdk/region-info" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.region-info", "module": "aws_cdk.region_info" } } }, "constructs": { "targets": { "dotnet": { "namespace": "Constructs", "packageId": "Constructs" }, "go": { "moduleName": "github.com/aws/constructs-go" }, "java": { "maven": { "artifactId": "constructs", "groupId": "software.constructs" }, "package": "software.constructs" }, "js": { "npm": "constructs" }, "python": { "distName": "constructs", "module": "constructs" } } } }, "description": "The CDK Construct Library for AWS::Config", "docs": { "deprecated": "AWS CDK v1 has reached End-of-Support on 2023-06-01.\nThis package is no longer being updated, and users should migrate to AWS CDK v2.\n\nFor more information on how to migrate, see https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html", "stability": "stable" }, "homepage": "https://github.com/aws/aws-cdk", "jsiiVersion": "1.84.0 (build 5404dcf)", "keywords": [ "aws", "cdk", "constructs", "config" ], "license": "Apache-2.0", "metadata": { "jsii": { "compiledWithDeprecationWarnings": true, "pacmak": { "hasDefaultInterfaces": true }, "rosetta": { "strict": true } } }, "name": "@aws-cdk/aws-config", "readme": { "markdown": "# AWS Config Construct Library\n\n\n---\n\n![End-of-Support](https://img.shields.io/badge/End--of--Support-critical.svg?style=for-the-badge)\n\n> AWS CDK v1 has reached End-of-Support on 2023-06-01.\n> This package is no longer being updated, and users should migrate to AWS CDK v2.\n>\n> For more information on how to migrate, see the [_Migrating to AWS CDK v2_ guide][doc].\n>\n> [doc]: https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html\n\n---\n\nFeatures | Stability\n---------------------------------------------------------------------------------------|------------\nCFN Resources | ![Stable](https://img.shields.io/badge/stable-success.svg?style=for-the-badge)\nHigher level constructs for Config Rules | ![Stable](https://img.shields.io/badge/stable-success.svg?style=for-the-badge)\nHigher level constructs for initial set-up (delivery channel & configuration recorder) | ![Not Implemented](https://img.shields.io/badge/not--implemented-black.svg?style=for-the-badge)\n\n> **CFN Resources:** All classes with the `Cfn` prefix in this module ([CFN Resources]) are always\n> stable and safe to use.\n>\n> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib\n\n\n\n> **Stable:** Higher level constructs in this module that are marked stable will not undergo any\n> breaking changes. They will strictly follow the [Semantic Versioning](https://semver.org/) model.\n\n---\n\n\n\n[AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html) provides a detailed view of the configuration of AWS resources in your AWS account.\nThis includes how the resources are related to one another and how they were configured in the\npast so that you can see how the configurations and relationships change over time.\n\nThis module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.\n\n## Initial Setup\n\nBefore using the constructs provided in this module, you need to set up AWS Config\nin the region in which it will be used. This setup includes the one-time creation of the\nfollowing resources per region:\n\n- `ConfigurationRecorder`: Configure which resources will be recorded for config changes.\n- `DeliveryChannel`: Configure where to store the recorded data.\n\nThe following guides provide the steps for getting started with AWS Config:\n\n- [Using the AWS Console](https://docs.aws.amazon.com/config/latest/developerguide/gs-console.html)\n- [Using the AWS CLI](https://docs.aws.amazon.com/config/latest/developerguide/gs-cli.html)\n\n## Rules\n\nAWS Config can evaluate the configuration settings of your AWS resources by creating AWS Config rules,\nwhich represent your ideal configuration settings.\n\nSee [Evaluating Resources with AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) to learn more about AWS Config rules.\n\n### AWS Managed Rules\n\nAWS Config provides AWS managed rules, which are predefined, customizable rules that AWS Config\nuses to evaluate whether your AWS resources comply with common best practices.\n\nFor example, you could create a managed rule that checks whether active access keys are rotated\nwithin the number of days specified.\n\n```ts\n// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html\nnew config.ManagedRule(this, 'AccessKeysRotated', {\n identifier: config.ManagedRuleIdentifiers.ACCESS_KEYS_ROTATED,\n inputParameters: {\n maxAccessKeyAge: 60, // default is 90 days\n },\n\n // default is 24 hours\n maximumExecutionFrequency: config.MaximumExecutionFrequency.TWELVE_HOURS,\n});\n```\n\nIdentifiers for AWS managed rules are available through static constants in the `ManagedRuleIdentifiers` class.\nYou can find supported input parameters in the [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html).\n\nThe following higher level constructs for AWS managed rules are available.\n\n#### Access Key rotation\n\nChecks whether your active access keys are rotated within the number of days specified.\n\n```ts\n// compliant if access keys have been rotated within the last 90 days\nnew config.AccessKeysRotated(this, 'AccessKeyRotated');\n```\n\n#### CloudFormation Stack drift detection\n\nChecks whether your CloudFormation stack's actual configuration differs, or has drifted,\nfrom it's expected configuration.\n\n```ts\n// compliant if stack's status is 'IN_SYNC'\n// non-compliant if the stack's drift status is 'DRIFTED'\nnew config.CloudFormationStackDriftDetectionCheck(this, 'Drift', {\n ownStackOnly: true, // checks only the stack containing the rule\n});\n```\n\n#### CloudFormation Stack notifications\n\nChecks whether your CloudFormation stacks are sending event notifications to a SNS topic.\n\n```ts\n// topics to which CloudFormation stacks may send event notifications\nconst topic1 = new sns.Topic(this, 'AllowedTopic1');\nconst topic2 = new sns.Topic(this, 'AllowedTopic2');\n\n// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'\nnew config.CloudFormationStackNotificationCheck(this, 'NotificationCheck', {\n topics: [topic1, topic2],\n});\n```\n\n### Custom rules\n\nYou can develop custom rules and add them to AWS Config. You associate each custom rule with an\nAWS Lambda function, which contains the logic that evaluates whether your AWS resources comply\nwith the rule.\n\n### Triggers\n\nAWS Lambda executes functions in response to events that are published by AWS Services.\nThe function for a custom Config rule receives an event that is published by AWS Config,\nand is responsible for evaluating the compliance of the rule.\n\nEvaluations can be triggered by configuration changes, periodically, or both.\nTo create a custom rule, define a `CustomRule` and specify the Lambda Function\nto run and the trigger types.\n\n```ts\ndeclare const evalComplianceFn: lambda.Function;\n\nnew config.CustomRule(this, 'CustomRule', {\n lambdaFunction: evalComplianceFn,\n configurationChanges: true,\n periodic: true,\n\n // default is 24 hours\n maximumExecutionFrequency: config.MaximumExecutionFrequency.SIX_HOURS,\n});\n```\n\nWhen the trigger for a rule occurs, the Lambda function is invoked by publishing an event.\nSee [example events for AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_example-events.html)\n\nThe AWS documentation has examples of Lambda functions for evaluations that are\n[triggered by configuration changes](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_nodejs-sample.html#event-based-example-rule) and [triggered periodically](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_nodejs-sample.html#periodic-example-rule)\n\n\n### Scope\n\nBy default rules are triggered by changes to all [resources](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources).\n\nUse the `RuleScope` APIs (`fromResource()`, `fromResources()` or `fromTag()`) to restrict\nthe scope of both managed and custom rules:\n\n```ts\nconst sshRule = new config.ManagedRule(this, 'SSH', {\n identifier: config.ManagedRuleIdentifiers.EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED,\n ruleScope: config.RuleScope.fromResource(config.ResourceType.EC2_SECURITY_GROUP, 'sg-1234567890abcdefgh'), // restrict to specific security group\n});\n\ndeclare const evalComplianceFn: lambda.Function;\nconst customRule = new config.CustomRule(this, 'Lambda', {\n lambdaFunction: evalComplianceFn,\n configurationChanges: true,\n ruleScope: config.RuleScope.fromResources([config.ResourceType.CLOUDFORMATION_STACK, config.ResourceType.S3_BUCKET]), // restrict to all CloudFormation stacks and S3 buckets\n});\n\nconst tagRule = new config.CustomRule(this, 'CostCenterTagRule', {\n lambdaFunction: evalComplianceFn,\n configurationChanges: true,\n ruleScope: config.RuleScope.fromTag('Cost Center', 'MyApp'), // restrict to a specific tag\n});\n```\n\n### Events\n\nYou can define Amazon EventBridge event rules which trigger when a compliance check fails\nor when a rule is re-evaluated.\n\nUse the `onComplianceChange()` APIs to trigger an EventBridge event when a compliance check\nof your AWS Config Rule fails:\n\n```ts\n// Topic to which compliance notification events will be published\nconst complianceTopic = new sns.Topic(this, 'ComplianceTopic');\n\nconst rule = new config.CloudFormationStackDriftDetectionCheck(this, 'Drift');\nrule.onComplianceChange('TopicEvent', {\n target: new targets.SnsTopic(complianceTopic),\n});\n```\n\nUse the `onReEvaluationStatus()` status to trigger an EventBridge event when an AWS Config\nrule is re-evaluated.\n\n```ts\n// Topic to which re-evaluation notification events will be published\nconst reEvaluationTopic = new sns.Topic(this, 'ComplianceTopic');\n\nconst rule = new config.CloudFormationStackDriftDetectionCheck(this, 'Drift');\nrule.onReEvaluationStatus('ReEvaluationEvent', {\n target: new targets.SnsTopic(reEvaluationTopic),\n});\n```\n\n### Example\n\nThe following example creates a custom rule that evaluates whether EC2 instances are compliant.\nCompliance events are published to an SNS topic.\n\n```ts\n// Lambda function containing logic that evaluates compliance with the rule.\nconst evalComplianceFn = new lambda.Function(this, 'CustomFunction', {\n code: lambda.AssetCode.fromInline('exports.handler = (event) => console.log(event);'),\n handler: 'index.handler',\n runtime: lambda.Runtime.NODEJS_14_X,\n});\n\n// A custom rule that runs on configuration changes of EC2 instances\nconst customRule = new config.CustomRule(this, 'Custom', {\n configurationChanges: true,\n lambdaFunction: evalComplianceFn,\n ruleScope: config.RuleScope.fromResource(config.ResourceType.EC2_INSTANCE),\n});\n\n// A rule to detect stack drifts\nconst driftRule = new config.CloudFormationStackDriftDetectionCheck(this, 'Drift');\n\n// Topic to which compliance notification events will be published\nconst complianceTopic = new sns.Topic(this, 'ComplianceTopic');\n\n// Send notification on compliance change events\ndriftRule.onComplianceChange('ComplianceChange', {\n target: new targets.SnsTopic(complianceTopic),\n});\n```\n" }, "repository": { "directory": "packages/@aws-cdk/aws-config", "type": "git", "url": "https://github.com/aws/aws-cdk.git" }, "schema": "jsii/0.10.0", "targets": { "dotnet": { "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.Config", "packageId": "Amazon.CDK.AWS.Config" }, "java": { "maven": { "artifactId": "config", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.config" }, "js": { "npm": "@aws-cdk/aws-config" }, "python": { "classifiers": [ "Framework :: AWS CDK", "Framework :: AWS CDK :: 1" ], "distName": "aws-cdk.aws-config", "module": "aws_cdk.aws_config" } }, "types": { "@aws-cdk/aws-config.AccessKeysRotated": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/aws-config.ManagedRule", "docs": { "custom": { "resource": "AWS::Config::ConfigRule", "exampleMetadata": "infused" }, "see": "https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html", "stability": "stable", "summary": "Checks whether the active access keys are rotated within the number of days specified in `maxAge`.", "example": "// compliant if access keys have been rotated within the last 90 days\nnew config.AccessKeysRotated(this, 'AccessKeyRotated');" }, "fqn": "@aws-cdk/aws-config.AccessKeysRotated", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/managed-rules.ts", "line": 28 }, "parameters": [ { "name": "scope", "type": { "fqn": "constructs.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "props", "optional": true, "type": { "fqn": "@aws-cdk/aws-config.AccessKeysRotatedProps" } } ] }, "kind": "class", "locationInModule": { "filename": "lib/managed-rules.ts", "line": 27 }, "name": "AccessKeysRotated", "symbolId": "lib/managed-rules:AccessKeysRotated" }, "@aws-cdk/aws-config.AccessKeysRotatedProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "stability": "stable", "summary": "Construction properties for a AccessKeysRotated.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nimport * as cdk from '@aws-cdk/core';\n\ndeclare const inputParameters: any;\ndeclare const ruleScope: config.RuleScope;\nconst accessKeysRotatedProps: config.AccessKeysRotatedProps = {\n configRuleName: 'configRuleName',\n description: 'description',\n inputParameters: {\n inputParametersKey: inputParameters,\n },\n maxAge: cdk.Duration.minutes(30),\n maximumExecutionFrequency: config.MaximumExecutionFrequency.ONE_HOUR,\n ruleScope: ruleScope,\n};", "custom": { "exampleMetadata": "fixture=_generated" } }, "fqn": "@aws-cdk/aws-config.AccessKeysRotatedProps", "interfaces": [ "@aws-cdk/aws-config.RuleProps" ], "kind": "interface", "locationInModule": { "filename": "lib/managed-rules.ts", "line": 10 }, "name": "AccessKeysRotatedProps", "properties": [ { "abstract": true, "docs": { "default": "Duration.days(90)", "stability": "stable", "summary": "The maximum number of days within which the access keys must be rotated." }, "immutable": true, "locationInModule": { "filename": "lib/managed-rules.ts", "line": 16 }, "name": "maxAge", "optional": true, "type": { "fqn": "@aws-cdk/core.Duration" } } ], "symbolId": "lib/managed-rules:AccessKeysRotatedProps" }, "@aws-cdk/aws-config.CfnAggregationAuthorization": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::Config::AggregationAuthorization", "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html", "exampleMetadata": "fixture=_generated" }, "remarks": "An object that represents the authorizations granted to aggregator accounts and regions.", "stability": "external", "summary": "A CloudFormation `AWS::Config::AggregationAuthorization`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst cfnAggregationAuthorization = new config.CfnAggregationAuthorization(this, 'MyCfnAggregationAuthorization', {\n authorizedAccountId: 'authorizedAccountId',\n authorizedAwsRegion: 'authorizedAwsRegion',\n\n // the properties below are optional\n tags: [{\n key: 'key',\n value: 'value',\n }],\n});" }, "fqn": "@aws-cdk/aws-config.CfnAggregationAuthorization", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::Config::AggregationAuthorization`." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 165 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-config.CfnAggregationAuthorizationProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/config.generated.ts", "line": 106 }, "methods": [ { "docs": { "stability": "external", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 182 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 195 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnAggregationAuthorization", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 110 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "AggregationAuthorizationArn" }, "stability": "external", "summary": "The Amazon Resource Name (ARN) of the aggregation object." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 135 }, "name": "attrAggregationAuthorizationArn", "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 187 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html#cfn-config-aggregationauthorization-tags" }, "stability": "external", "summary": "An array of tag object." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 156 }, "name": "tags", "type": { "fqn": "@aws-cdk/core.TagManager" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html#cfn-config-aggregationauthorization-authorizedaccountid" }, "stability": "external", "summary": "The 12-digit account ID of the account authorized to aggregate data." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 142 }, "name": "authorizedAccountId", "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html#cfn-config-aggregationauthorization-authorizedawsregion" }, "stability": "external", "summary": "The region authorized to collect aggregated data." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 149 }, "name": "authorizedAwsRegion", "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnAggregationAuthorization" }, "@aws-cdk/aws-config.CfnAggregationAuthorizationProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "Properties for defining a `CfnAggregationAuthorization`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst cfnAggregationAuthorizationProps: config.CfnAggregationAuthorizationProps = {\n authorizedAccountId: 'authorizedAccountId',\n authorizedAwsRegion: 'authorizedAwsRegion',\n\n // the properties below are optional\n tags: [{\n key: 'key',\n value: 'value',\n }],\n};" }, "fqn": "@aws-cdk/aws-config.CfnAggregationAuthorizationProps", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 19 }, "name": "CfnAggregationAuthorizationProps", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html#cfn-config-aggregationauthorization-authorizedaccountid" }, "stability": "external", "summary": "The 12-digit account ID of the account authorized to aggregate data." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 26 }, "name": "authorizedAccountId", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html#cfn-config-aggregationauthorization-authorizedawsregion" }, "stability": "external", "summary": "The region authorized to collect aggregated data." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 33 }, "name": "authorizedAwsRegion", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html#cfn-config-aggregationauthorization-tags" }, "stability": "external", "summary": "An array of tag object." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 40 }, "name": "tags", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/core.CfnTag" }, "kind": "array" } } } ], "symbolId": "lib/config.generated:CfnAggregationAuthorizationProps" }, "@aws-cdk/aws-config.CfnConfigRule": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::Config::ConfigRule", "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html", "exampleMetadata": "fixture=_generated" }, "remarks": "Adds or updates an AWS Config rule to evaluate if your AWS resources comply with your desired configurations. For information on how many AWS Config rules you can have per account, see [*Service Limits*](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in the *AWS Config Developer Guide* .\n\nThere are two types of rules: *AWS Config Managed Rules* and *AWS Config Custom Rules* . You can use the `ConfigRule` resource to create both AWS Config Managed Rules and AWS Config Custom Rules.\n\nAWS Config Managed Rules are predefined, customizable rules created by AWS Config . For a list of managed rules, see [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) . If you are adding an AWS Config managed rule, you must specify the rule's identifier for the `SourceIdentifier` key.\n\nAWS Config Custom Rules are rules that you create from scratch. There are two ways to create AWS Config custom rules: with Lambda functions ( [AWS Lambda Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/gettingstarted-concepts.html#gettingstarted-concepts-function) ) and with Guard ( [Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard) ), a policy-as-code language. AWS Config custom rules created with AWS Lambda are called *AWS Config Custom Lambda Rules* and AWS Config custom rules created with Guard are called *AWS Config Custom Policy Rules* .\n\nIf you are adding a new AWS Config Custom Lambda rule, you first need to create an AWS Lambda function that the rule invokes to evaluate your resources. When you use the `ConfigRule` resource to add a Custom Lambda rule to AWS Config , you must specify the Amazon Resource Name (ARN) that AWS Lambda assigns to the function. You specify the ARN in the `SourceIdentifier` key. This key is part of the `Source` object, which is part of the `ConfigRule` object.\n\nFor any new AWS Config rule that you add, specify the `ConfigRuleName` in the `ConfigRule` object. Do not specify the `ConfigRuleArn` or the `ConfigRuleId` . These values are generated by AWS Config for new rules.\n\nIf you are updating a rule that you added previously, you can specify the rule by `ConfigRuleName` , `ConfigRuleId` , or `ConfigRuleArn` in the `ConfigRule` data type that you use in this request.\n\nFor more information about developing and using AWS Config rules, see [Evaluating Resources with AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) in the *AWS Config Developer Guide* .", "stability": "external", "summary": "A CloudFormation `AWS::Config::ConfigRule`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\n\ndeclare const inputParameters: any;\nconst cfnConfigRule = new config.CfnConfigRule(this, 'MyCfnConfigRule', {\n source: {\n owner: 'owner',\n\n // the properties below are optional\n customPolicyDetails: {\n enableDebugLogDelivery: false,\n policyRuntime: 'policyRuntime',\n policyText: 'policyText',\n },\n sourceDetails: [{\n eventSource: 'eventSource',\n messageType: 'messageType',\n\n // the properties below are optional\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n }],\n sourceIdentifier: 'sourceIdentifier',\n },\n\n // the properties below are optional\n configRuleName: 'configRuleName',\n description: 'description',\n inputParameters: inputParameters,\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n scope: {\n complianceResourceId: 'complianceResourceId',\n complianceResourceTypes: ['complianceResourceTypes'],\n tagKey: 'tagKey',\n tagValue: 'tagValue',\n },\n});" }, "fqn": "@aws-cdk/aws-config.CfnConfigRule", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::Config::ConfigRule`." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 444 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-config.CfnConfigRuleProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/config.generated.ts", "line": 345 }, "methods": [ { "docs": { "stability": "external", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 465 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 481 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnConfigRule", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 349 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "Arn" }, "stability": "external", "summary": "The Amazon Resource Name (ARN) of the AWS Config rule, such as `arn:aws:config:us-east-1:123456789012:config-rule/config-rule-a1bzhi` ." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 374 }, "name": "attrArn", "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "Compliance.Type" }, "stability": "external", "summary": "The compliance status of an AWS Config rule, such as `COMPLIANT` or `NON_COMPLIANT` ." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 380 }, "name": "attrComplianceType", "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "ConfigRuleId" }, "stability": "external", "summary": "The ID of the AWS Config rule, such as `config-rule-a1bzhi` ." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 386 }, "name": "attrConfigRuleId", "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 470 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-inputparameters" }, "stability": "external", "summary": "A string, in JSON format, that is passed to the AWS Config rule Lambda function." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 414 }, "name": "inputParameters", "type": { "primitive": "any" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-source" }, "stability": "external", "summary": "Provides the rule owner ( `AWS` for managed rules, `CUSTOM_POLICY` for Custom Policy rules, and `CUSTOM_LAMBDA` for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 393 }, "name": "source", "type": { "union": { "types": [ { "fqn": "@aws-cdk/aws-config.CfnConfigRule.SourceProperty" }, { "fqn": "@aws-cdk/core.IResolvable" } ] } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-configrulename" }, "remarks": "If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .", "stability": "external", "summary": "A name for the AWS Config rule." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 400 }, "name": "configRuleName", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-description" }, "stability": "external", "summary": "The description that you provide for the AWS Config rule." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 407 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-maximumexecutionfrequency" }, "remarks": "You can specify a value for `MaximumExecutionFrequency` when:\n\n- You are using an AWS managed rule that is triggered at a periodic frequency.\n- Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see [ConfigSnapshotDeliveryProperties](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html) .\n\n> By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.", "stability": "external", "summary": "The maximum frequency with which AWS Config runs evaluations for a rule." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 426 }, "name": "maximumExecutionFrequency", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-scope" }, "remarks": "The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.\n\n> The scope can be empty.", "stability": "external", "summary": "Defines which resources can trigger an evaluation for the rule." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 435 }, "name": "scope", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnConfigRule.ScopeProperty" } ] } } } ], "symbolId": "lib/config.generated:CfnConfigRule" }, "@aws-cdk/aws-config.CfnConfigRule.CustomPolicyDetailsProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-custompolicydetails.html", "exampleMetadata": "fixture=_generated" }, "remarks": "You can specify the following CustomPolicyDetails parameter values only for AWS Config Custom Policy rules.", "stability": "external", "summary": "Provides the runtime system, policy definition, and whether debug logging enabled.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst customPolicyDetailsProperty: config.CfnConfigRule.CustomPolicyDetailsProperty = {\n enableDebugLogDelivery: false,\n policyRuntime: 'policyRuntime',\n policyText: 'policyText',\n};" }, "fqn": "@aws-cdk/aws-config.CfnConfigRule.CustomPolicyDetailsProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 495 }, "name": "CustomPolicyDetailsProperty", "namespace": "CfnConfigRule", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-custompolicydetails.html#cfn-config-configrule-custompolicydetails-enabledebuglogdelivery" }, "remarks": "The default value is `false` .", "stability": "external", "summary": "The boolean expression for enabling debug logging for your AWS Config Custom Policy rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 501 }, "name": "enableDebugLogDelivery", "optional": true, "type": { "union": { "types": [ { "primitive": "boolean" }, { "fqn": "@aws-cdk/core.IResolvable" } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-custompolicydetails.html#cfn-config-configrule-custompolicydetails-policyruntime" }, "remarks": "Guard is a policy-as-code language that allows you to write policies that are enforced by AWS Config Custom Policy rules. For more information about Guard, see the [Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard) .", "stability": "external", "summary": "The runtime system for your AWS Config Custom Policy rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 507 }, "name": "policyRuntime", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-custompolicydetails.html#cfn-config-configrule-custompolicydetails-policytext" }, "stability": "external", "summary": "The policy definition containing the logic for your AWS Config Custom Policy rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 513 }, "name": "policyText", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnConfigRule.CustomPolicyDetailsProperty" }, "@aws-cdk/aws-config.CfnConfigRule.ScopeProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html", "exampleMetadata": "fixture=_generated" }, "remarks": "The scope can include one or more resource types, a combination of a tag key and value, or a combination of one resource type and one resource ID. Specify a scope to constrain which resources trigger an evaluation for a rule. Otherwise, evaluations for the rule are triggered when any resource in your recording group changes in configuration.", "stability": "external", "summary": "Defines which resources trigger an evaluation for an AWS Config rule.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst scopeProperty: config.CfnConfigRule.ScopeProperty = {\n complianceResourceId: 'complianceResourceId',\n complianceResourceTypes: ['complianceResourceTypes'],\n tagKey: 'tagKey',\n tagValue: 'tagValue',\n};" }, "fqn": "@aws-cdk/aws-config.CfnConfigRule.ScopeProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 580 }, "name": "ScopeProperty", "namespace": "CfnConfigRule", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html#cfn-config-configrule-scope-complianceresourceid" }, "remarks": "If you specify a resource ID, you must specify one resource type for `ComplianceResourceTypes` .", "stability": "external", "summary": "The ID of the only AWS resource that you want to trigger an evaluation for the rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 586 }, "name": "complianceResourceId", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html#cfn-config-configrule-scope-complianceresourcetypes" }, "remarks": "You can only specify one type if you also specify a resource ID for `ComplianceResourceId` .", "stability": "external", "summary": "The resource types of only those AWS resources that you want to trigger an evaluation for the rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 592 }, "name": "complianceResourceTypes", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html#cfn-config-configrule-scope-tagkey" }, "stability": "external", "summary": "The tag key that is applied to only those AWS resources that you want to trigger an evaluation for the rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 598 }, "name": "tagKey", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html#cfn-config-configrule-scope-tagvalue" }, "remarks": "If you specify a value for `TagValue` , you must also specify a value for `TagKey` .", "stability": "external", "summary": "The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 604 }, "name": "tagValue", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnConfigRule.ScopeProperty" }, "@aws-cdk/aws-config.CfnConfigRule.SourceDetailProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source-sourcedetails.html", "exampleMetadata": "fixture=_generated" }, "remarks": "It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic. You can specify the parameter values for `SourceDetail` only for custom rules.", "stability": "external", "summary": "Provides the source and the message types that trigger AWS Config to evaluate your AWS resources against a rule.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst sourceDetailProperty: config.CfnConfigRule.SourceDetailProperty = {\n eventSource: 'eventSource',\n messageType: 'messageType',\n\n // the properties below are optional\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n};" }, "fqn": "@aws-cdk/aws-config.CfnConfigRule.SourceDetailProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 779 }, "name": "SourceDetailProperty", "namespace": "CfnConfigRule", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source-sourcedetails.html#cfn-config-configrule-source-sourcedetail-eventsource" }, "stability": "external", "summary": "The source of the event, such as an AWS service, that triggers AWS Config to evaluate your AWS resources." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 785 }, "name": "eventSource", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source-sourcedetails.html#cfn-config-configrule-source-sourcedetail-messagetype" }, "remarks": "You can specify the following notification types:\n\n- `ConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers a configuration item as a result of a resource change.\n- `OversizedConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers an oversized configuration item. AWS Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.\n- `ScheduledNotification` - Triggers a periodic evaluation at the frequency specified for `MaximumExecutionFrequency` .\n- `ConfigurationSnapshotDeliveryCompleted` - Triggers a periodic evaluation when AWS Config delivers a configuration snapshot.\n\nIf you want your custom rule to be triggered by configuration changes, specify two SourceDetail objects, one for `ConfigurationItemChangeNotification` and one for `OversizedConfigurationItemChangeNotification` .", "stability": "external", "summary": "The type of notification that triggers AWS Config to run an evaluation for a rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 808 }, "name": "messageType", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source-sourcedetails.html#cfn-config-configrule-sourcedetail-maximumexecutionfrequency" }, "remarks": "If you specify a value for `MaximumExecutionFrequency` , then `MessageType` must use the `ScheduledNotification` value.\n\n> By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.\n>\n> Based on the valid value you choose, AWS Config runs evaluations once for each valid value. For example, if you choose `Three_Hours` , AWS Config runs evaluations once every three hours. In this case, `Three_Hours` is the frequency of this rule.", "stability": "external", "summary": "The frequency at which you want AWS Config to run evaluations for a custom rule with a periodic trigger." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 795 }, "name": "maximumExecutionFrequency", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnConfigRule.SourceDetailProperty" }, "@aws-cdk/aws-config.CfnConfigRule.SourceProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "Provides the CustomPolicyDetails, the rule owner ( `AWS` for managed rules, `CUSTOM_POLICY` for Custom Policy rules, and `CUSTOM_LAMBDA` for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your AWS resources.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst sourceProperty: config.CfnConfigRule.SourceProperty = {\n owner: 'owner',\n\n // the properties below are optional\n customPolicyDetails: {\n enableDebugLogDelivery: false,\n policyRuntime: 'policyRuntime',\n policyText: 'policyText',\n },\n sourceDetails: [{\n eventSource: 'eventSource',\n messageType: 'messageType',\n\n // the properties below are optional\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n }],\n sourceIdentifier: 'sourceIdentifier',\n};" }, "fqn": "@aws-cdk/aws-config.CfnConfigRule.SourceProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 674 }, "name": "SourceProperty", "namespace": "CfnConfigRule", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html#cfn-config-configrule-source-owner" }, "remarks": "AWS Config Managed Rules are predefined rules owned by AWS . For more information, see [AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) in the *AWS Config developer guide* .\n\nAWS Config Custom Rules are rules that you can develop either with Guard ( `CUSTOM_POLICY` ) or AWS Lambda ( `CUSTOM_LAMBDA` ). For more information, see [AWS Config Custom Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html) in the *AWS Config developer guide* .", "stability": "external", "summary": "Indicates whether AWS or the customer owns and manages the AWS Config rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 690 }, "name": "owner", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html#cfn-config-configrule-source-custompolicydetails" }, "remarks": "Required when owner is set to `CUSTOM_POLICY` .", "stability": "external", "summary": "Provides the runtime system, policy definition, and whether debug logging is enabled." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 680 }, "name": "customPolicyDetails", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnConfigRule.CustomPolicyDetailsProperty" } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html#cfn-config-configrule-source-sourcedetails" }, "remarks": "It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.\n\nIf the owner is set to `CUSTOM_POLICY` , the only acceptable values for the AWS Config rule trigger message type are `ConfigurationItemChangeNotification` and `OversizedConfigurationItemChangeNotification` .", "stability": "external", "summary": "Provides the source and the message types that cause AWS Config to evaluate your AWS resources against a rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 698 }, "name": "sourceDetails", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "collection": { "elementtype": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnConfigRule.SourceDetailProperty" } ] } }, "kind": "array" } } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html#cfn-config-configrule-source-sourceidentifier" }, "remarks": "For example, `IAM_PASSWORD_POLICY` is a managed rule. To reference a managed rule, see [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) .\n\nFor AWS Config Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's AWS Lambda function, such as `arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name` .\n\nFor AWS Config Custom Policy rules, this field will be ignored.", "stability": "external", "summary": "For AWS Config Managed rules, a predefined identifier from a list." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 708 }, "name": "sourceIdentifier", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnConfigRule.SourceProperty" }, "@aws-cdk/aws-config.CfnConfigRuleProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "Properties for defining a `CfnConfigRule`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\n\ndeclare const inputParameters: any;\nconst cfnConfigRuleProps: config.CfnConfigRuleProps = {\n source: {\n owner: 'owner',\n\n // the properties below are optional\n customPolicyDetails: {\n enableDebugLogDelivery: false,\n policyRuntime: 'policyRuntime',\n policyText: 'policyText',\n },\n sourceDetails: [{\n eventSource: 'eventSource',\n messageType: 'messageType',\n\n // the properties below are optional\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n }],\n sourceIdentifier: 'sourceIdentifier',\n },\n\n // the properties below are optional\n configRuleName: 'configRuleName',\n description: 'description',\n inputParameters: inputParameters,\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n scope: {\n complianceResourceId: 'complianceResourceId',\n complianceResourceTypes: ['complianceResourceTypes'],\n tagKey: 'tagKey',\n tagValue: 'tagValue',\n },\n};" }, "fqn": "@aws-cdk/aws-config.CfnConfigRuleProps", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 208 }, "name": "CfnConfigRuleProps", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-source" }, "stability": "external", "summary": "Provides the rule owner ( `AWS` for managed rules, `CUSTOM_POLICY` for Custom Policy rules, and `CUSTOM_LAMBDA` for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 215 }, "name": "source", "type": { "union": { "types": [ { "fqn": "@aws-cdk/aws-config.CfnConfigRule.SourceProperty" }, { "fqn": "@aws-cdk/core.IResolvable" } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-configrulename" }, "remarks": "If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .", "stability": "external", "summary": "A name for the AWS Config rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 222 }, "name": "configRuleName", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-description" }, "stability": "external", "summary": "The description that you provide for the AWS Config rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 229 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-inputparameters" }, "stability": "external", "summary": "A string, in JSON format, that is passed to the AWS Config rule Lambda function." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 236 }, "name": "inputParameters", "optional": true, "type": { "primitive": "any" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-maximumexecutionfrequency" }, "remarks": "You can specify a value for `MaximumExecutionFrequency` when:\n\n- You are using an AWS managed rule that is triggered at a periodic frequency.\n- Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see [ConfigSnapshotDeliveryProperties](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html) .\n\n> By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.", "stability": "external", "summary": "The maximum frequency with which AWS Config runs evaluations for a rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 248 }, "name": "maximumExecutionFrequency", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-scope" }, "remarks": "The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.\n\n> The scope can be empty.", "stability": "external", "summary": "Defines which resources can trigger an evaluation for the rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 257 }, "name": "scope", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnConfigRule.ScopeProperty" } ] } } } ], "symbolId": "lib/config.generated:CfnConfigRuleProps" }, "@aws-cdk/aws-config.CfnConfigurationAggregator": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::Config::ConfigurationAggregator", "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html", "exampleMetadata": "fixture=_generated" }, "remarks": "The details about the configuration aggregator, including information about source accounts, regions, and metadata of the aggregator.", "stability": "external", "summary": "A CloudFormation `AWS::Config::ConfigurationAggregator`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst cfnConfigurationAggregator = new config.CfnConfigurationAggregator(this, 'MyCfnConfigurationAggregator', /* all optional props */ {\n accountAggregationSources: [{\n accountIds: ['accountIds'],\n\n // the properties below are optional\n allAwsRegions: false,\n awsRegions: ['awsRegions'],\n }],\n configurationAggregatorName: 'configurationAggregatorName',\n organizationAggregationSource: {\n roleArn: 'roleArn',\n\n // the properties below are optional\n allAwsRegions: false,\n awsRegions: ['awsRegions'],\n },\n tags: [{\n key: 'key',\n value: 'value',\n }],\n});" }, "fqn": "@aws-cdk/aws-config.CfnConfigurationAggregator", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::Config::ConfigurationAggregator`." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1037 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "optional": true, "type": { "fqn": "@aws-cdk/aws-config.CfnConfigurationAggregatorProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/config.generated.ts", "line": 971 }, "methods": [ { "docs": { "stability": "external", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1053 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1067 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnConfigurationAggregator", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 975 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "ConfigurationAggregatorArn" }, "stability": "external", "summary": "The Amazon Resource Name (ARN) of the aggregator." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1000 }, "name": "attrConfigurationAggregatorArn", "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1058 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-tags" }, "stability": "external", "summary": "An array of tag object." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1028 }, "name": "tags", "type": { "fqn": "@aws-cdk/core.TagManager" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-accountaggregationsources" }, "stability": "external", "summary": "Provides a list of source accounts and regions to be aggregated." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1007 }, "name": "accountAggregationSources", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "collection": { "elementtype": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnConfigurationAggregator.AccountAggregationSourceProperty" } ] } }, "kind": "array" } } ] } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-configurationaggregatorname" }, "stability": "external", "summary": "The name of the aggregator." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1014 }, "name": "configurationAggregatorName", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-organizationaggregationsource" }, "stability": "external", "summary": "Provides an organization and list of regions to be aggregated." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1021 }, "name": "organizationAggregationSource", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnConfigurationAggregator.OrganizationAggregationSourceProperty" } ] } } } ], "symbolId": "lib/config.generated:CfnConfigurationAggregator" }, "@aws-cdk/aws-config.CfnConfigurationAggregator.AccountAggregationSourceProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-accountaggregationsource.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "A collection of accounts and regions.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst accountAggregationSourceProperty: config.CfnConfigurationAggregator.AccountAggregationSourceProperty = {\n accountIds: ['accountIds'],\n\n // the properties below are optional\n allAwsRegions: false,\n awsRegions: ['awsRegions'],\n};" }, "fqn": "@aws-cdk/aws-config.CfnConfigurationAggregator.AccountAggregationSourceProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 1081 }, "name": "AccountAggregationSourceProperty", "namespace": "CfnConfigurationAggregator", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-accountaggregationsource.html#cfn-config-configurationaggregator-accountaggregationsource-accountids" }, "stability": "external", "summary": "The 12-digit account ID of the account being aggregated." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1087 }, "name": "accountIds", "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-accountaggregationsource.html#cfn-config-configurationaggregator-accountaggregationsource-allawsregions" }, "stability": "external", "summary": "If true, aggregate existing AWS Config regions and future regions." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1093 }, "name": "allAwsRegions", "optional": true, "type": { "union": { "types": [ { "primitive": "boolean" }, { "fqn": "@aws-cdk/core.IResolvable" } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-accountaggregationsource.html#cfn-config-configurationaggregator-accountaggregationsource-awsregions" }, "stability": "external", "summary": "The source regions being aggregated." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1099 }, "name": "awsRegions", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } ], "symbolId": "lib/config.generated:CfnConfigurationAggregator.AccountAggregationSourceProperty" }, "@aws-cdk/aws-config.CfnConfigurationAggregator.OrganizationAggregationSourceProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-organizationaggregationsource.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "This object contains regions to set up the aggregator and an IAM role to retrieve organization details.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst organizationAggregationSourceProperty: config.CfnConfigurationAggregator.OrganizationAggregationSourceProperty = {\n roleArn: 'roleArn',\n\n // the properties below are optional\n allAwsRegions: false,\n awsRegions: ['awsRegions'],\n};" }, "fqn": "@aws-cdk/aws-config.CfnConfigurationAggregator.OrganizationAggregationSourceProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 1167 }, "name": "OrganizationAggregationSourceProperty", "namespace": "CfnConfigurationAggregator", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-organizationaggregationsource.html#cfn-config-configurationaggregator-organizationaggregationsource-rolearn" }, "stability": "external", "summary": "ARN of the IAM role used to retrieve AWS Organizations details associated with the aggregator account." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1185 }, "name": "roleArn", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-organizationaggregationsource.html#cfn-config-configurationaggregator-organizationaggregationsource-allawsregions" }, "stability": "external", "summary": "If true, aggregate existing AWS Config regions and future regions." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1173 }, "name": "allAwsRegions", "optional": true, "type": { "union": { "types": [ { "primitive": "boolean" }, { "fqn": "@aws-cdk/core.IResolvable" } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-organizationaggregationsource.html#cfn-config-configurationaggregator-organizationaggregationsource-awsregions" }, "stability": "external", "summary": "The source regions being aggregated." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1179 }, "name": "awsRegions", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } ], "symbolId": "lib/config.generated:CfnConfigurationAggregator.OrganizationAggregationSourceProperty" }, "@aws-cdk/aws-config.CfnConfigurationAggregatorProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "Properties for defining a `CfnConfigurationAggregator`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst cfnConfigurationAggregatorProps: config.CfnConfigurationAggregatorProps = {\n accountAggregationSources: [{\n accountIds: ['accountIds'],\n\n // the properties below are optional\n allAwsRegions: false,\n awsRegions: ['awsRegions'],\n }],\n configurationAggregatorName: 'configurationAggregatorName',\n organizationAggregationSource: {\n roleArn: 'roleArn',\n\n // the properties below are optional\n allAwsRegions: false,\n awsRegions: ['awsRegions'],\n },\n tags: [{\n key: 'key',\n value: 'value',\n }],\n};" }, "fqn": "@aws-cdk/aws-config.CfnConfigurationAggregatorProps", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 876 }, "name": "CfnConfigurationAggregatorProps", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-accountaggregationsources" }, "stability": "external", "summary": "Provides a list of source accounts and regions to be aggregated." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 883 }, "name": "accountAggregationSources", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "collection": { "elementtype": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnConfigurationAggregator.AccountAggregationSourceProperty" } ] } }, "kind": "array" } } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-configurationaggregatorname" }, "stability": "external", "summary": "The name of the aggregator." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 890 }, "name": "configurationAggregatorName", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-organizationaggregationsource" }, "stability": "external", "summary": "Provides an organization and list of regions to be aggregated." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 897 }, "name": "organizationAggregationSource", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnConfigurationAggregator.OrganizationAggregationSourceProperty" } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-tags" }, "stability": "external", "summary": "An array of tag object." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 904 }, "name": "tags", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/core.CfnTag" }, "kind": "array" } } } ], "symbolId": "lib/config.generated:CfnConfigurationAggregatorProps" }, "@aws-cdk/aws-config.CfnConfigurationRecorder": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::Config::ConfigurationRecorder", "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html", "exampleMetadata": "fixture=_generated" }, "remarks": "The AWS::Config::ConfigurationRecorder resource describes the AWS resource types for which AWS Config records configuration changes. The configuration recorder stores the configurations of the supported resources in your account as configuration items.\n\n> To enable AWS Config , you must create a configuration recorder and a delivery channel. AWS Config uses the delivery channel to deliver the configuration changes to your Amazon S3 bucket or Amazon SNS topic. For more information, see [AWS::Config::DeliveryChannel](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html) .\n\nAWS CloudFormation starts the recorder as soon as the delivery channel is available.\n\nTo stop the recorder and delete it, delete the configuration recorder from your stack. To stop the recorder without deleting it, call the [StopConfigurationRecorder](https://docs.aws.amazon.com/config/latest/APIReference/API_StopConfigurationRecorder.html) action of the AWS Config API directly.\n\nFor more information, see [Configuration Recorder](https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-recorder) in the AWS Config Developer Guide.", "stability": "external", "summary": "A CloudFormation `AWS::Config::ConfigurationRecorder`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst cfnConfigurationRecorder = new config.CfnConfigurationRecorder(this, 'MyCfnConfigurationRecorder', {\n roleArn: 'roleArn',\n\n // the properties below are optional\n name: 'name',\n recordingGroup: {\n allSupported: false,\n includeGlobalResourceTypes: false,\n resourceTypes: ['resourceTypes'],\n },\n});" }, "fqn": "@aws-cdk/aws-config.CfnConfigurationRecorder", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::Config::ConfigurationRecorder`." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1407 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-config.CfnConfigurationRecorderProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/config.generated.ts", "line": 1350 }, "methods": [ { "docs": { "stability": "external", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1422 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1435 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnConfigurationRecorder", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1354 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1427 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html#cfn-config-configurationrecorder-rolearn" }, "remarks": "For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.", "stability": "external", "summary": "The Amazon Resource Name (ARN) of the IAM (IAM) role that is used to make read or write requests to the delivery channel that you specify and to get configuration details for supported AWS resources." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1380 }, "name": "roleArn", "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html#cfn-config-configurationrecorder-name" }, "remarks": "If you don't specify a name, AWS CloudFormation CloudFormation generates a unique physical ID and uses that ID for the configuration recorder name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .\n\n> After you create a configuration recorder, you cannot rename it. If you don't want a name that AWS CloudFormation generates, specify a value for this property.\n\nUpdates are not supported.", "stability": "external", "summary": "A name for the configuration recorder." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1391 }, "name": "name", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html#cfn-config-configurationrecorder-recordinggroup" }, "remarks": "The resource types that you list must be supported by AWS Config .", "stability": "external", "summary": "Indicates whether to record configurations for all supported resources or for a list of resource types." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1398 }, "name": "recordingGroup", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnConfigurationRecorder.RecordingGroupProperty" } ] } } } ], "symbolId": "lib/config.generated:CfnConfigurationRecorder" }, "@aws-cdk/aws-config.CfnConfigurationRecorder.RecordingGroupProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html", "exampleMetadata": "fixture=_generated" }, "remarks": "In the recording group, you specify whether you want to record all supported resource types or to include or exclude specific types of resources.\n\nBy default, AWS Config records configuration changes for all supported types of *Regional resources* that AWS Config discovers in the AWS Region in which it is running. Regional resources are tied to a Region and can be used only in that Region. Examples of Regional resources are Amazon EC2 instances and Amazon EBS volumes.\n\nYou can also have AWS Config record supported types of *globally recorded resources* . Globally recorded resource types are not tied to a specific Region and can be used in all Regions. The globally recorded resource types that AWS Config supports are IAM users, groups, roles, and customer managed policies. These resource types are recorded in all enabled AWS Config regions. AWS Config also supports some global resources types for Amazon Elastic Container Registry Public, AWS Global Accelerator , and Amazon Route 53; however, these resource types are not globally recorded in all enabled AWS Config regions.\n\n> Global resource types onboarded to AWS Config recording after February 2022 will be recorded only in the service's home Region for the commercial partition and AWS GovCloud (US-West) for the AWS GovCloud (US) partition. You can view the Configuration Items for these new global resource types only in their home Region and AWS GovCloud (US-West).\n\nIf you don't want AWS Config to record all resources, you can specify which types of resources AWS Config records with the `resourceTypes` parameter.\n\nFor a list of supported resource types, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .\n\nFor more information and a table of the Home Regions for Global Resource Types Onboarded after February 2022, see [Selecting Which Resources AWS Config Records](https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html) in the *AWS Config developer guide* .", "stability": "external", "summary": "Specifies which resource types AWS Config records for configuration changes.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst recordingGroupProperty: config.CfnConfigurationRecorder.RecordingGroupProperty = {\n allSupported: false,\n includeGlobalResourceTypes: false,\n resourceTypes: ['resourceTypes'],\n};" }, "fqn": "@aws-cdk/aws-config.CfnConfigurationRecorder.RecordingGroupProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 1461 }, "name": "RecordingGroupProperty", "namespace": "CfnConfigurationRecorder", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-allsupported" }, "remarks": "If you set this field to `true` , when AWS Config adds support for a new type of regional resource, AWS Config starts recording resources of that type automatically.\n\nIf you set this field to `true` , you cannot enumerate specific resource types to record in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) , or to exclude in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .", "stability": "external", "summary": "Specifies whether AWS Config records configuration changes for all supported regional resource types." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1471 }, "name": "allSupported", "optional": true, "type": { "union": { "types": [ { "primitive": "boolean" }, { "fqn": "@aws-cdk/core.IResolvable" } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-includeglobalresourcetypes" }, "remarks": "Before you can set this option to `true` , you must set the `AllSupported` option to `true` .\n\nIf you set this option to `true` , when AWS Config adds support for a new type of global resource, it starts recording resources of that type automatically.\n\nThe configuration details for any global resource are the same in all regions. To prevent duplicate configuration items, you should consider customizing AWS Config in only one region to record global resources.", "stability": "external", "summary": "Specifies whether AWS Config includes all supported types of global resources (for example, IAM resources) with the resources that it records." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1483 }, "name": "includeGlobalResourceTypes", "optional": true, "type": { "union": { "types": [ { "primitive": "boolean" }, { "fqn": "@aws-cdk/core.IResolvable" } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-resourcetypes" }, "remarks": "To record all configuration changes, you must set the `AllSupported` option to `false` .\n\nIf you set the `AllSupported` option to false and populate the `ResourceTypes` option with values, when AWS Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group.\n\nFor a list of valid `resourceTypes` values, see the *resourceType Value* column in [Supported AWS Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) .", "stability": "external", "summary": "A comma-separated list that specifies the types of AWS resources for which AWS Config records configuration changes (for example, `AWS::EC2::Instance` or `AWS::CloudTrail::Trail` )." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1495 }, "name": "resourceTypes", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } ], "symbolId": "lib/config.generated:CfnConfigurationRecorder.RecordingGroupProperty" }, "@aws-cdk/aws-config.CfnConfigurationRecorderProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "Properties for defining a `CfnConfigurationRecorder`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst cfnConfigurationRecorderProps: config.CfnConfigurationRecorderProps = {\n roleArn: 'roleArn',\n\n // the properties below are optional\n name: 'name',\n recordingGroup: {\n allSupported: false,\n includeGlobalResourceTypes: false,\n resourceTypes: ['resourceTypes'],\n },\n};" }, "fqn": "@aws-cdk/aws-config.CfnConfigurationRecorderProps", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 1252 }, "name": "CfnConfigurationRecorderProps", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html#cfn-config-configurationrecorder-rolearn" }, "remarks": "For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.", "stability": "external", "summary": "The Amazon Resource Name (ARN) of the IAM (IAM) role that is used to make read or write requests to the delivery channel that you specify and to get configuration details for supported AWS resources." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1259 }, "name": "roleArn", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html#cfn-config-configurationrecorder-name" }, "remarks": "If you don't specify a name, AWS CloudFormation CloudFormation generates a unique physical ID and uses that ID for the configuration recorder name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .\n\n> After you create a configuration recorder, you cannot rename it. If you don't want a name that AWS CloudFormation generates, specify a value for this property.\n\nUpdates are not supported.", "stability": "external", "summary": "A name for the configuration recorder." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1270 }, "name": "name", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html#cfn-config-configurationrecorder-recordinggroup" }, "remarks": "The resource types that you list must be supported by AWS Config .", "stability": "external", "summary": "Indicates whether to record configurations for all supported resources or for a list of resource types." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1277 }, "name": "recordingGroup", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnConfigurationRecorder.RecordingGroupProperty" } ] } } } ], "symbolId": "lib/config.generated:CfnConfigurationRecorderProps" }, "@aws-cdk/aws-config.CfnConformancePack": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::Config::ConformancePack", "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html", "exampleMetadata": "fixture=_generated" }, "remarks": "A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed in an account and a region. ConformancePack creates a service linked role in your account. The service linked role is created only when the role does not exist in your account.", "stability": "external", "summary": "A CloudFormation `AWS::Config::ConformancePack`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\n\ndeclare const templateSsmDocumentDetails: any;\nconst cfnConformancePack = new config.CfnConformancePack(this, 'MyCfnConformancePack', {\n conformancePackName: 'conformancePackName',\n\n // the properties below are optional\n conformancePackInputParameters: [{\n parameterName: 'parameterName',\n parameterValue: 'parameterValue',\n }],\n deliveryS3Bucket: 'deliveryS3Bucket',\n deliveryS3KeyPrefix: 'deliveryS3KeyPrefix',\n templateBody: 'templateBody',\n templateS3Uri: 'templateS3Uri',\n templateSsmDocumentDetails: templateSsmDocumentDetails,\n});" }, "fqn": "@aws-cdk/aws-config.CfnConformancePack", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::Config::ConformancePack`." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1776 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-config.CfnConformancePackProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/config.generated.ts", "line": 1691 }, "methods": [ { "docs": { "stability": "external", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1795 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1812 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnConformancePack", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1695 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1800 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-conformancepackname" }, "stability": "external", "summary": "Name of the conformance pack you want to create." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1721 }, "name": "conformancePackName", "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-templatessmdocumentdetails" }, "stability": "external", "summary": "`AWS::Config::ConformancePack.TemplateSSMDocumentDetails`." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1767 }, "name": "templateSsmDocumentDetails", "type": { "primitive": "any" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-conformancepackinputparameters" }, "stability": "external", "summary": "A list of ConformancePackInputParameter objects." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1728 }, "name": "conformancePackInputParameters", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "collection": { "elementtype": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnConformancePack.ConformancePackInputParameterProperty" } ] } }, "kind": "array" } } ] } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-deliverys3bucket" }, "stability": "external", "summary": "The name of the Amazon S3 bucket where AWS Config stores conformance pack templates." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1735 }, "name": "deliveryS3Bucket", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-deliverys3keyprefix" }, "stability": "external", "summary": "The prefix for the Amazon S3 bucket." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1742 }, "name": "deliveryS3KeyPrefix", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-templatebody" }, "remarks": "Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.\n\n> You can only use a YAML template with two resource types: config rule ( `AWS::Config::ConfigRule` ) and a remediation action ( `AWS::Config::RemediationConfiguration` ).", "stability": "external", "summary": "A string containing full conformance pack template body." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1751 }, "name": "templateBody", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-templates3uri" }, "remarks": "The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket.\n\n> You must have access to read Amazon S3 bucket.", "stability": "external", "summary": "Location of file containing the template body (s3://bucketname/prefix)." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1760 }, "name": "templateS3Uri", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnConformancePack" }, "@aws-cdk/aws-config.CfnConformancePack.ConformancePackInputParameterProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-conformancepackinputparameter.html", "exampleMetadata": "fixture=_generated" }, "remarks": "Keys can have a maximum character length of 255 characters, and values can have a maximum length of 4096 characters.", "stability": "external", "summary": "Input parameters in the form of key-value pairs for the conformance pack, both of which you define.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst conformancePackInputParameterProperty: config.CfnConformancePack.ConformancePackInputParameterProperty = {\n parameterName: 'parameterName',\n parameterValue: 'parameterValue',\n};" }, "fqn": "@aws-cdk/aws-config.CfnConformancePack.ConformancePackInputParameterProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 1826 }, "name": "ConformancePackInputParameterProperty", "namespace": "CfnConformancePack", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-conformancepackinputparameter.html#cfn-config-conformancepack-conformancepackinputparameter-parametername" }, "stability": "external", "summary": "One part of a key-value pair." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1832 }, "name": "parameterName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-conformancepackinputparameter.html#cfn-config-conformancepack-conformancepackinputparameter-parametervalue" }, "stability": "external", "summary": "Another part of the key-value pair." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1838 }, "name": "parameterValue", "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnConformancePack.ConformancePackInputParameterProperty" }, "@aws-cdk/aws-config.CfnConformancePack.TemplateSSMDocumentDetailsProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-templatessmdocumentdetails.html", "exampleMetadata": "fixture=_generated" }, "remarks": "To deploy a conformance pack using an SSM document, first create an SSM document with conformance pack content, and then provide the `DocumentName` in the [PutConformancePack API](https://docs.aws.amazon.com/config/latest/APIReference/API_PutConformancePack.html) . You can also provide the `DocumentVersion` .\n\nThe `TemplateSSMDocumentDetails` object contains the name of the SSM document and the version of the SSM document.", "stability": "external", "summary": "This API allows you to create a conformance pack template with an AWS Systems Manager document (SSM document).", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst templateSSMDocumentDetailsProperty: config.CfnConformancePack.TemplateSSMDocumentDetailsProperty = {\n documentName: 'documentName',\n documentVersion: 'documentVersion',\n};" }, "fqn": "@aws-cdk/aws-config.CfnConformancePack.TemplateSSMDocumentDetailsProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 1906 }, "name": "TemplateSSMDocumentDetailsProperty", "namespace": "CfnConformancePack", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-templatessmdocumentdetails.html#cfn-config-conformancepack-templatessmdocumentdetails-documentname" }, "remarks": "If you use the document name, AWS Config checks only your account and AWS Region for the SSM document. If you want to use an SSM document from another Region or account, you must provide the ARN.", "stability": "external", "summary": "The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1912 }, "name": "documentName", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-templatessmdocumentdetails.html#cfn-config-conformancepack-templatessmdocumentdetails-documentversion" }, "remarks": "By default, AWS Config uses the latest version.\n\n> This field is optional.", "stability": "external", "summary": "The version of the SSM document to use to create a conformance pack." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1920 }, "name": "documentVersion", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnConformancePack.TemplateSSMDocumentDetailsProperty" }, "@aws-cdk/aws-config.CfnConformancePackProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "Properties for defining a `CfnConformancePack`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\n\ndeclare const templateSsmDocumentDetails: any;\nconst cfnConformancePackProps: config.CfnConformancePackProps = {\n conformancePackName: 'conformancePackName',\n\n // the properties below are optional\n conformancePackInputParameters: [{\n parameterName: 'parameterName',\n parameterValue: 'parameterValue',\n }],\n deliveryS3Bucket: 'deliveryS3Bucket',\n deliveryS3KeyPrefix: 'deliveryS3KeyPrefix',\n templateBody: 'templateBody',\n templateS3Uri: 'templateS3Uri',\n templateSsmDocumentDetails: templateSsmDocumentDetails,\n};" }, "fqn": "@aws-cdk/aws-config.CfnConformancePackProps", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 1561 }, "name": "CfnConformancePackProps", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-conformancepackname" }, "stability": "external", "summary": "Name of the conformance pack you want to create." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1568 }, "name": "conformancePackName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-conformancepackinputparameters" }, "stability": "external", "summary": "A list of ConformancePackInputParameter objects." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1575 }, "name": "conformancePackInputParameters", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "collection": { "elementtype": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnConformancePack.ConformancePackInputParameterProperty" } ] } }, "kind": "array" } } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-deliverys3bucket" }, "stability": "external", "summary": "The name of the Amazon S3 bucket where AWS Config stores conformance pack templates." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1582 }, "name": "deliveryS3Bucket", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-deliverys3keyprefix" }, "stability": "external", "summary": "The prefix for the Amazon S3 bucket." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1589 }, "name": "deliveryS3KeyPrefix", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-templatebody" }, "remarks": "Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.\n\n> You can only use a YAML template with two resource types: config rule ( `AWS::Config::ConfigRule` ) and a remediation action ( `AWS::Config::RemediationConfiguration` ).", "stability": "external", "summary": "A string containing full conformance pack template body." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1598 }, "name": "templateBody", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-templates3uri" }, "remarks": "The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket.\n\n> You must have access to read Amazon S3 bucket.", "stability": "external", "summary": "Location of file containing the template body (s3://bucketname/prefix)." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1607 }, "name": "templateS3Uri", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-templatessmdocumentdetails" }, "stability": "external", "summary": "`AWS::Config::ConformancePack.TemplateSSMDocumentDetails`." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1614 }, "name": "templateSsmDocumentDetails", "optional": true, "type": { "primitive": "any" } } ], "symbolId": "lib/config.generated:CfnConformancePackProps" }, "@aws-cdk/aws-config.CfnDeliveryChannel": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::Config::DeliveryChannel", "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html", "exampleMetadata": "fixture=_generated" }, "remarks": "Specifies a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic.\n\nBefore you can create a delivery channel, you must create a configuration recorder. You can use this action to change the Amazon S3 bucket or an Amazon SNS topic of the existing delivery channel. To change the Amazon S3 bucket or an Amazon SNS topic, call this action and specify the changed values for the S3 bucket and the SNS topic. If you specify a different value for either the S3 bucket or the SNS topic, this action will keep the existing value for the parameter that is not changed.\n\n> In the China (Beijing) Region, when you call this action, the Amazon S3 bucket must also be in the China (Beijing) Region. In all the other regions, AWS Config supports cross-region and cross-account delivery channels.\n\nYou can have only one delivery channel per region per AWS account, and the delivery channel is required to use AWS Config .\n\n> AWS Config does not support the delivery channel to an Amazon S3 bucket bucket where object lock is enabled. For more information, see [How S3 Object Lock works](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html) .\n\nWhen you create the delivery channel, you can specify; how often AWS Config delivers configuration snapshots to your Amazon S3 bucket (for example, 24 hours), the S3 bucket to which AWS Config sends configuration snapshots and configuration history files, and the Amazon SNS topic to which AWS Config sends notifications about configuration changes, such as updated resources, AWS Config rule evaluations, and when AWS Config delivers the configuration snapshot to your S3 bucket. For more information, see [Deliver Configuration Items](https://docs.aws.amazon.com/config/latest/developerguide/how-does-config-work.html#delivery-channel) in the AWS Config Developer Guide.\n\n> To enable AWS Config , you must create a configuration recorder and a delivery channel. If you want to create the resources separately, you must create a configuration recorder before you can create a delivery channel. AWS Config uses the configuration recorder to capture configuration changes to your resources. For more information, see [AWS::Config::ConfigurationRecorder](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html) .\n\nFor more information, see [Managing the Delivery Channel](https://docs.aws.amazon.com/config/latest/developerguide/manage-delivery-channel.html) in the AWS Config Developer Guide.", "stability": "external", "summary": "A CloudFormation `AWS::Config::DeliveryChannel`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst cfnDeliveryChannel = new config.CfnDeliveryChannel(this, 'MyCfnDeliveryChannel', {\n s3BucketName: 's3BucketName',\n\n // the properties below are optional\n configSnapshotDeliveryProperties: {\n deliveryFrequency: 'deliveryFrequency',\n },\n name: 'name',\n s3KeyPrefix: 's3KeyPrefix',\n s3KmsKeyArn: 's3KmsKeyArn',\n snsTopicArn: 'snsTopicArn',\n});" }, "fqn": "@aws-cdk/aws-config.CfnDeliveryChannel", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::Config::DeliveryChannel`." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2199 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-config.CfnDeliveryChannelProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/config.generated.ts", "line": 2119 }, "methods": [ { "docs": { "stability": "external", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2217 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2233 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnDeliveryChannel", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2123 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2222 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-s3bucketname" }, "remarks": "If you specify a bucket that belongs to another AWS account , that bucket must have policies that grant access permissions to AWS Config . For more information, see [Permissions for the Amazon S3 Bucket](https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html) in the *AWS Config Developer Guide* .", "stability": "external", "summary": "The name of the Amazon S3 bucket to which AWS Config delivers configuration snapshots and configuration history files." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2151 }, "name": "s3BucketName", "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-configsnapshotdeliveryproperties" }, "stability": "external", "summary": "The options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2158 }, "name": "configSnapshotDeliveryProperties", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnDeliveryChannel.ConfigSnapshotDeliveryPropertiesProperty" } ] } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-name" }, "remarks": "If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the delivery channel name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .\n\nUpdates are not supported. To change the name, you must run two separate updates. In the first update, delete this resource, and then recreate it with a new name in the second update.", "stability": "external", "summary": "A name for the delivery channel." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2167 }, "name": "name", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-s3keyprefix" }, "stability": "external", "summary": "The prefix for the specified Amazon S3 bucket." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2174 }, "name": "s3KeyPrefix", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-s3kmskeyarn" }, "remarks": "Must belong to the same Region as the destination S3 bucket.", "stability": "external", "summary": "The Amazon Resource Name (ARN) of the AWS Key Management Service ( AWS KMS ) AWS KMS key (KMS key) used to encrypt objects delivered by AWS Config ." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2181 }, "name": "s3KmsKeyArn", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-snstopicarn" }, "remarks": "If you choose a topic from another account, the topic must have policies that grant access permissions to AWS Config . For more information, see [Permissions for the Amazon SNS Topic](https://docs.aws.amazon.com/config/latest/developerguide/sns-topic-policy.html) in the *AWS Config Developer Guide* .", "stability": "external", "summary": "The Amazon Resource Name (ARN) of the Amazon SNS topic to which AWS Config sends notifications about configuration changes." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2190 }, "name": "snsTopicArn", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnDeliveryChannel" }, "@aws-cdk/aws-config.CfnDeliveryChannel.ConfigSnapshotDeliveryPropertiesProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-deliverychannel-configsnapshotdeliveryproperties.html", "exampleMetadata": "fixture=_generated" }, "remarks": "> If you want to create a rule that triggers evaluations for your resources when AWS Config delivers the configuration snapshot, see the following:\n\nThe frequency for a rule that triggers evaluations for your resources when AWS Config delivers the configuration snapshot is set by one of two values, depending on which is less frequent:\n\n- The value for the `deliveryFrequency` parameter within the delivery channel configuration, which sets how often AWS Config delivers configuration snapshots. This value also sets how often AWS Config invokes evaluations for AWS Config rules.\n- The value for the `MaximumExecutionFrequency` parameter, which sets the maximum frequency with which AWS Config invokes evaluations for the rule. For more information, see [ConfigRule](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigRule.html) .\n\nIf the `deliveryFrequency` value is less frequent than the `MaximumExecutionFrequency` value for a rule, AWS Config invokes the rule only as often as the `deliveryFrequency` value.\n\n- For example, you want your rule to run evaluations when AWS Config delivers the configuration snapshot.\n- You specify the `MaximumExecutionFrequency` value for `Six_Hours` .\n- You then specify the delivery channel `deliveryFrequency` value for `TwentyFour_Hours` .\n- Because the value for `deliveryFrequency` is less frequent than `MaximumExecutionFrequency` , AWS Config invokes evaluations for the rule every 24 hours.\n\nYou should set the `MaximumExecutionFrequency` value to be at least as frequent as the `deliveryFrequency` value. You can view the `deliveryFrequency` value by using the `DescribeDeliveryChannnels` action.\n\nTo update the `deliveryFrequency` with which AWS Config delivers your configuration snapshots, use the `PutDeliveryChannel` action.", "stability": "external", "summary": "Provides options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket in your delivery channel.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst configSnapshotDeliveryPropertiesProperty: config.CfnDeliveryChannel.ConfigSnapshotDeliveryPropertiesProperty = {\n deliveryFrequency: 'deliveryFrequency',\n};" }, "fqn": "@aws-cdk/aws-config.CfnDeliveryChannel.ConfigSnapshotDeliveryPropertiesProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 2265 }, "name": "ConfigSnapshotDeliveryPropertiesProperty", "namespace": "CfnDeliveryChannel", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-deliverychannel-configsnapshotdeliveryproperties.html#cfn-config-deliverychannel-configsnapshotdeliveryproperties-deliveryfrequency" }, "stability": "external", "summary": "The frequency with which AWS Config delivers configuration snapshots." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2271 }, "name": "deliveryFrequency", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnDeliveryChannel.ConfigSnapshotDeliveryPropertiesProperty" }, "@aws-cdk/aws-config.CfnDeliveryChannelProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "Properties for defining a `CfnDeliveryChannel`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst cfnDeliveryChannelProps: config.CfnDeliveryChannelProps = {\n s3BucketName: 's3BucketName',\n\n // the properties below are optional\n configSnapshotDeliveryProperties: {\n deliveryFrequency: 'deliveryFrequency',\n },\n name: 'name',\n s3KeyPrefix: 's3KeyPrefix',\n s3KmsKeyArn: 's3KmsKeyArn',\n snsTopicArn: 'snsTopicArn',\n};" }, "fqn": "@aws-cdk/aws-config.CfnDeliveryChannelProps", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 1983 }, "name": "CfnDeliveryChannelProps", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-s3bucketname" }, "remarks": "If you specify a bucket that belongs to another AWS account , that bucket must have policies that grant access permissions to AWS Config . For more information, see [Permissions for the Amazon S3 Bucket](https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html) in the *AWS Config Developer Guide* .", "stability": "external", "summary": "The name of the Amazon S3 bucket to which AWS Config delivers configuration snapshots and configuration history files." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1992 }, "name": "s3BucketName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-configsnapshotdeliveryproperties" }, "stability": "external", "summary": "The options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 1999 }, "name": "configSnapshotDeliveryProperties", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnDeliveryChannel.ConfigSnapshotDeliveryPropertiesProperty" } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-name" }, "remarks": "If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the delivery channel name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .\n\nUpdates are not supported. To change the name, you must run two separate updates. In the first update, delete this resource, and then recreate it with a new name in the second update.", "stability": "external", "summary": "A name for the delivery channel." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2008 }, "name": "name", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-s3keyprefix" }, "stability": "external", "summary": "The prefix for the specified Amazon S3 bucket." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2015 }, "name": "s3KeyPrefix", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-s3kmskeyarn" }, "remarks": "Must belong to the same Region as the destination S3 bucket.", "stability": "external", "summary": "The Amazon Resource Name (ARN) of the AWS Key Management Service ( AWS KMS ) AWS KMS key (KMS key) used to encrypt objects delivered by AWS Config ." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2022 }, "name": "s3KmsKeyArn", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-snstopicarn" }, "remarks": "If you choose a topic from another account, the topic must have policies that grant access permissions to AWS Config . For more information, see [Permissions for the Amazon SNS Topic](https://docs.aws.amazon.com/config/latest/developerguide/sns-topic-policy.html) in the *AWS Config Developer Guide* .", "stability": "external", "summary": "The Amazon Resource Name (ARN) of the Amazon SNS topic to which AWS Config sends notifications about configuration changes." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2031 }, "name": "snsTopicArn", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnDeliveryChannelProps" }, "@aws-cdk/aws-config.CfnOrganizationConfigRule": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::Config::OrganizationConfigRule", "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html", "exampleMetadata": "fixture=_generated" }, "remarks": "Adds or updates an AWS Config rule for your entire organization to evaluate if your AWS resources comply with your desired configurations. For information on how many organization AWS Config rules you can have per account, see [*Service Limits*](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in the *AWS Config Developer Guide* .\n\nOnly a management account and a delegated administrator can create or update an organization AWS Config rule. When calling the `OrganizationConfigRule` resource with a delegated administrator, you must ensure AWS Organizations `ListDelegatedAdministrator` permissions are added. An organization can have up to 3 delegated administrators.\n\nThe `OrganizationConfigRule` resource enables organization service access through the `EnableAWSServiceAccess` action and creates a service-linked role `AWSServiceRoleForConfigMultiAccountSetup` in the management or delegated administrator account of your organization. The service-linked role is created only when the role does not exist in the caller account. AWS Config verifies the existence of role with `GetRole` action.\n\nTo use the `OrganizationConfigRule` resource with delegated administrator, register a delegated administrator by calling AWS Organization `register-delegated-administrator` for `config-multiaccountsetup.amazonaws.com` .\n\nThere are two types of rules: *AWS Config Managed Rules* and *AWS Config Custom Rules* . You can use `PutOrganizationConfigRule` to create both AWS Config Managed Rules and AWS Config Custom Rules.\n\nAWS Config Managed Rules are predefined, customizable rules created by AWS Config . For a list of managed rules, see [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) . If you are adding an AWS Config managed rule, you must specify the rule's identifier for the `RuleIdentifier` key.\n\nAWS Config Custom Rules are rules that you create from scratch. There are two ways to create AWS Config custom rules: with Lambda functions ( [AWS Lambda Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/gettingstarted-concepts.html#gettingstarted-concepts-function) ) and with Guard ( [Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard) ), a policy-as-code language. AWS Config custom rules created with AWS Lambda are called *AWS Config Custom Lambda Rules* and AWS Config custom rules created with Guard are called *AWS Config Custom Policy Rules* .\n\nIf you are adding a new AWS Config Custom Lambda rule, you first need to create an AWS Lambda function in the management account or a delegated administrator that the rule invokes to evaluate your resources. You also need to create an IAM role in the managed account that can be assumed by the Lambda function. When you use `PutOrganizationConfigRule` to add a Custom Lambda rule to AWS Config , you must specify the Amazon Resource Name (ARN) that AWS Lambda assigns to the function.", "stability": "external", "summary": "A CloudFormation `AWS::Config::OrganizationConfigRule`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst cfnOrganizationConfigRule = new config.CfnOrganizationConfigRule(this, 'MyCfnOrganizationConfigRule', {\n organizationConfigRuleName: 'organizationConfigRuleName',\n\n // the properties below are optional\n excludedAccounts: ['excludedAccounts'],\n organizationCustomPolicyRuleMetadata: {\n policyText: 'policyText',\n runtime: 'runtime',\n\n // the properties below are optional\n debugLogDeliveryAccounts: ['debugLogDeliveryAccounts'],\n description: 'description',\n inputParameters: 'inputParameters',\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n organizationConfigRuleTriggerTypes: ['organizationConfigRuleTriggerTypes'],\n resourceIdScope: 'resourceIdScope',\n resourceTypesScope: ['resourceTypesScope'],\n tagKeyScope: 'tagKeyScope',\n tagValueScope: 'tagValueScope',\n },\n organizationCustomRuleMetadata: {\n lambdaFunctionArn: 'lambdaFunctionArn',\n organizationConfigRuleTriggerTypes: ['organizationConfigRuleTriggerTypes'],\n\n // the properties below are optional\n description: 'description',\n inputParameters: 'inputParameters',\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n resourceIdScope: 'resourceIdScope',\n resourceTypesScope: ['resourceTypesScope'],\n tagKeyScope: 'tagKeyScope',\n tagValueScope: 'tagValueScope',\n },\n organizationManagedRuleMetadata: {\n ruleIdentifier: 'ruleIdentifier',\n\n // the properties below are optional\n description: 'description',\n inputParameters: 'inputParameters',\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n resourceIdScope: 'resourceIdScope',\n resourceTypesScope: ['resourceTypesScope'],\n tagKeyScope: 'tagKeyScope',\n tagValueScope: 'tagValueScope',\n },\n});" }, "fqn": "@aws-cdk/aws-config.CfnOrganizationConfigRule", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::Config::OrganizationConfigRule`." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2518 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-config.CfnOrganizationConfigRuleProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/config.generated.ts", "line": 2451 }, "methods": [ { "docs": { "stability": "external", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2535 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2550 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnOrganizationConfigRule", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2455 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2540 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationconfigrulename" }, "stability": "external", "summary": "The name that you assign to organization AWS Config rule." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2481 }, "name": "organizationConfigRuleName", "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-excludedaccounts" }, "stability": "external", "summary": "A comma-separated list of accounts excluded from organization AWS Config rule." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2488 }, "name": "excludedAccounts", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata" }, "stability": "external", "summary": "`AWS::Config::OrganizationConfigRule.OrganizationCustomPolicyRuleMetadata`." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2495 }, "name": "organizationCustomPolicyRuleMetadata", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty" } ] } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata" }, "stability": "external", "summary": "An `OrganizationCustomRuleMetadata` object." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2502 }, "name": "organizationCustomRuleMetadata", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnOrganizationConfigRule.OrganizationCustomRuleMetadataProperty" } ] } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata" }, "stability": "external", "summary": "An `OrganizationManagedRuleMetadata` object." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2509 }, "name": "organizationManagedRuleMetadata", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnOrganizationConfigRule.OrganizationManagedRuleMetadataProperty" } ] } } } ], "symbolId": "lib/config.generated:CfnOrganizationConfigRule" }, "@aws-cdk/aws-config.CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst organizationCustomPolicyRuleMetadataProperty: config.CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty = {\n policyText: 'policyText',\n runtime: 'runtime',\n\n // the properties below are optional\n debugLogDeliveryAccounts: ['debugLogDeliveryAccounts'],\n description: 'description',\n inputParameters: 'inputParameters',\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n organizationConfigRuleTriggerTypes: ['organizationConfigRuleTriggerTypes'],\n resourceIdScope: 'resourceIdScope',\n resourceTypesScope: ['resourceTypesScope'],\n tagKeyScope: 'tagKeyScope',\n tagValueScope: 'tagValueScope',\n};" }, "fqn": "@aws-cdk/aws-config.CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 2564 }, "name": "OrganizationCustomPolicyRuleMetadataProperty", "namespace": "CfnOrganizationConfigRule", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-policytext" }, "stability": "external", "summary": "`CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty.PolicyText`." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2600 }, "name": "policyText", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-runtime" }, "stability": "external", "summary": "`CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty.Runtime`." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2618 }, "name": "runtime", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-debuglogdeliveryaccounts" }, "stability": "external", "summary": "`CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty.DebugLogDeliveryAccounts`." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2570 }, "name": "debugLogDeliveryAccounts", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-description" }, "stability": "external", "summary": "`CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty.Description`." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2576 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-inputparameters" }, "stability": "external", "summary": "`CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty.InputParameters`." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2582 }, "name": "inputParameters", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-maximumexecutionfrequency" }, "stability": "external", "summary": "`CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty.MaximumExecutionFrequency`." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2588 }, "name": "maximumExecutionFrequency", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-organizationconfigruletriggertypes" }, "stability": "external", "summary": "`CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty.OrganizationConfigRuleTriggerTypes`." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2594 }, "name": "organizationConfigRuleTriggerTypes", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-resourceidscope" }, "stability": "external", "summary": "`CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty.ResourceIdScope`." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2606 }, "name": "resourceIdScope", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-resourcetypesscope" }, "stability": "external", "summary": "`CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty.ResourceTypesScope`." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2612 }, "name": "resourceTypesScope", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-tagkeyscope" }, "stability": "external", "summary": "`CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty.TagKeyScope`." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2624 }, "name": "tagKeyScope", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-tagvaluescope" }, "stability": "external", "summary": "`CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty.TagValueScope`." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2630 }, "name": "tagValueScope", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty" }, "@aws-cdk/aws-config.CfnOrganizationConfigRule.OrganizationCustomRuleMetadataProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html", "exampleMetadata": "fixture=_generated" }, "remarks": "It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.", "stability": "external", "summary": "organization custom rule metadata such as resource type, resource ID of AWS resource, Lambda function ARN, and organization trigger types that trigger AWS Config to evaluate your AWS resources against a rule.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst organizationCustomRuleMetadataProperty: config.CfnOrganizationConfigRule.OrganizationCustomRuleMetadataProperty = {\n lambdaFunctionArn: 'lambdaFunctionArn',\n organizationConfigRuleTriggerTypes: ['organizationConfigRuleTriggerTypes'],\n\n // the properties below are optional\n description: 'description',\n inputParameters: 'inputParameters',\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n resourceIdScope: 'resourceIdScope',\n resourceTypesScope: ['resourceTypesScope'],\n tagKeyScope: 'tagKeyScope',\n tagValueScope: 'tagValueScope',\n};" }, "fqn": "@aws-cdk/aws-config.CfnOrganizationConfigRule.OrganizationCustomRuleMetadataProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 2723 }, "name": "OrganizationCustomRuleMetadataProperty", "namespace": "CfnOrganizationConfigRule", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-lambdafunctionarn" }, "stability": "external", "summary": "The lambda function ARN." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2741 }, "name": "lambdaFunctionArn", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-organizationconfigruletriggertypes" }, "remarks": "You can specify the following notification types:\n\n- `ConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers a configuration item as a result of a resource change.\n- `OversizedConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers an oversized configuration item. AWS Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.\n- `ScheduledNotification` - Triggers a periodic evaluation at the frequency specified for `MaximumExecutionFrequency` .", "stability": "external", "summary": "The type of notification that triggers AWS Config to run an evaluation for a rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2759 }, "name": "organizationConfigRuleTriggerTypes", "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-description" }, "stability": "external", "summary": "The description that you provide for your organization AWS Config rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2729 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-inputparameters" }, "stability": "external", "summary": "A string, in JSON format, that is passed to your organization AWS Config rule Lambda function." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2735 }, "name": "inputParameters", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-maximumexecutionfrequency" }, "remarks": "Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see `ConfigSnapshotDeliveryProperties` .\n\n> By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.", "stability": "external", "summary": "The maximum frequency with which AWS Config runs evaluations for a rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2749 }, "name": "maximumExecutionFrequency", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-resourceidscope" }, "stability": "external", "summary": "The ID of the AWS resource that was evaluated." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2765 }, "name": "resourceIdScope", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-resourcetypesscope" }, "stability": "external", "summary": "The type of the AWS resource that was evaluated." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2771 }, "name": "resourceTypesScope", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-tagkeyscope" }, "remarks": "A key is a general label that acts like a category for more specific tag values.", "stability": "external", "summary": "One part of a key-value pair that make up a tag." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2777 }, "name": "tagKeyScope", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-tagvaluescope" }, "remarks": "A value acts as a descriptor within a tag category (key).", "stability": "external", "summary": "The optional part of a key-value pair that make up a tag." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2783 }, "name": "tagValueScope", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnOrganizationConfigRule.OrganizationCustomRuleMetadataProperty" }, "@aws-cdk/aws-config.CfnOrganizationConfigRule.OrganizationManagedRuleMetadataProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html", "exampleMetadata": "fixture=_generated" }, "remarks": "It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.", "stability": "external", "summary": "organization managed rule metadata such as resource type and ID of AWS resource along with the rule identifier.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst organizationManagedRuleMetadataProperty: config.CfnOrganizationConfigRule.OrganizationManagedRuleMetadataProperty = {\n ruleIdentifier: 'ruleIdentifier',\n\n // the properties below are optional\n description: 'description',\n inputParameters: 'inputParameters',\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n resourceIdScope: 'resourceIdScope',\n resourceTypesScope: ['resourceTypesScope'],\n tagKeyScope: 'tagKeyScope',\n tagValueScope: 'tagValueScope',\n};" }, "fqn": "@aws-cdk/aws-config.CfnOrganizationConfigRule.OrganizationManagedRuleMetadataProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 2870 }, "name": "OrganizationManagedRuleMetadataProperty", "namespace": "CfnOrganizationConfigRule", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-ruleidentifier" }, "remarks": "For example, `IAM_PASSWORD_POLICY` is a managed rule. To reference a managed rule, see [Using AWS Config managed rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) .", "stability": "external", "summary": "For organization config managed rules, a predefined identifier from a list." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2908 }, "name": "ruleIdentifier", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-description" }, "stability": "external", "summary": "The description that you provide for your organization AWS Config rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2876 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-inputparameters" }, "stability": "external", "summary": "A string, in JSON format, that is passed to your organization AWS Config rule Lambda function." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2882 }, "name": "inputParameters", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-maximumexecutionfrequency" }, "remarks": "This is for an AWS Config managed rule that is triggered at a periodic frequency.\n\n> By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.", "stability": "external", "summary": "The maximum frequency with which AWS Config runs evaluations for a rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2890 }, "name": "maximumExecutionFrequency", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-resourceidscope" }, "stability": "external", "summary": "The ID of the AWS resource that was evaluated." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2896 }, "name": "resourceIdScope", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-resourcetypesscope" }, "stability": "external", "summary": "The type of the AWS resource that was evaluated." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2902 }, "name": "resourceTypesScope", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-tagkeyscope" }, "remarks": "A key is a general label that acts like a category for more specific tag values.", "stability": "external", "summary": "One part of a key-value pair that make up a tag." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2914 }, "name": "tagKeyScope", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-tagvaluescope" }, "remarks": "A value acts as a descriptor within a tag category (key).", "stability": "external", "summary": "The optional part of a key-value pair that make up a tag." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2920 }, "name": "tagValueScope", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnOrganizationConfigRule.OrganizationManagedRuleMetadataProperty" }, "@aws-cdk/aws-config.CfnOrganizationConfigRuleProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "Properties for defining a `CfnOrganizationConfigRule`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst cfnOrganizationConfigRuleProps: config.CfnOrganizationConfigRuleProps = {\n organizationConfigRuleName: 'organizationConfigRuleName',\n\n // the properties below are optional\n excludedAccounts: ['excludedAccounts'],\n organizationCustomPolicyRuleMetadata: {\n policyText: 'policyText',\n runtime: 'runtime',\n\n // the properties below are optional\n debugLogDeliveryAccounts: ['debugLogDeliveryAccounts'],\n description: 'description',\n inputParameters: 'inputParameters',\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n organizationConfigRuleTriggerTypes: ['organizationConfigRuleTriggerTypes'],\n resourceIdScope: 'resourceIdScope',\n resourceTypesScope: ['resourceTypesScope'],\n tagKeyScope: 'tagKeyScope',\n tagValueScope: 'tagValueScope',\n },\n organizationCustomRuleMetadata: {\n lambdaFunctionArn: 'lambdaFunctionArn',\n organizationConfigRuleTriggerTypes: ['organizationConfigRuleTriggerTypes'],\n\n // the properties below are optional\n description: 'description',\n inputParameters: 'inputParameters',\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n resourceIdScope: 'resourceIdScope',\n resourceTypesScope: ['resourceTypesScope'],\n tagKeyScope: 'tagKeyScope',\n tagValueScope: 'tagValueScope',\n },\n organizationManagedRuleMetadata: {\n ruleIdentifier: 'ruleIdentifier',\n\n // the properties below are optional\n description: 'description',\n inputParameters: 'inputParameters',\n maximumExecutionFrequency: 'maximumExecutionFrequency',\n resourceIdScope: 'resourceIdScope',\n resourceTypesScope: ['resourceTypesScope'],\n tagKeyScope: 'tagKeyScope',\n tagValueScope: 'tagValueScope',\n },\n};" }, "fqn": "@aws-cdk/aws-config.CfnOrganizationConfigRuleProps", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 2331 }, "name": "CfnOrganizationConfigRuleProps", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationconfigrulename" }, "stability": "external", "summary": "The name that you assign to organization AWS Config rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2338 }, "name": "organizationConfigRuleName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-excludedaccounts" }, "stability": "external", "summary": "A comma-separated list of accounts excluded from organization AWS Config rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2345 }, "name": "excludedAccounts", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata" }, "stability": "external", "summary": "`AWS::Config::OrganizationConfigRule.OrganizationCustomPolicyRuleMetadata`." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2352 }, "name": "organizationCustomPolicyRuleMetadata", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnOrganizationConfigRule.OrganizationCustomPolicyRuleMetadataProperty" } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata" }, "stability": "external", "summary": "An `OrganizationCustomRuleMetadata` object." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2359 }, "name": "organizationCustomRuleMetadata", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnOrganizationConfigRule.OrganizationCustomRuleMetadataProperty" } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata" }, "stability": "external", "summary": "An `OrganizationManagedRuleMetadata` object." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 2366 }, "name": "organizationManagedRuleMetadata", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnOrganizationConfigRule.OrganizationManagedRuleMetadataProperty" } ] } } } ], "symbolId": "lib/config.generated:CfnOrganizationConfigRuleProps" }, "@aws-cdk/aws-config.CfnOrganizationConformancePack": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::Config::OrganizationConformancePack", "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html", "exampleMetadata": "fixture=_generated" }, "remarks": "OrganizationConformancePack deploys conformance packs across member accounts in an AWS Organizations . OrganizationConformancePack enables organization service access for `config-multiaccountsetup.amazonaws.com` through the `EnableAWSServiceAccess` action and creates a service linked role in the master account of your organization. The service linked role is created only when the role does not exist in the master account.", "stability": "external", "summary": "A CloudFormation `AWS::Config::OrganizationConformancePack`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst cfnOrganizationConformancePack = new config.CfnOrganizationConformancePack(this, 'MyCfnOrganizationConformancePack', {\n organizationConformancePackName: 'organizationConformancePackName',\n\n // the properties below are optional\n conformancePackInputParameters: [{\n parameterName: 'parameterName',\n parameterValue: 'parameterValue',\n }],\n deliveryS3Bucket: 'deliveryS3Bucket',\n deliveryS3KeyPrefix: 'deliveryS3KeyPrefix',\n excludedAccounts: ['excludedAccounts'],\n templateBody: 'templateBody',\n templateS3Uri: 'templateS3Uri',\n});" }, "fqn": "@aws-cdk/aws-config.CfnOrganizationConformancePack", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::Config::OrganizationConformancePack`." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3217 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-config.CfnOrganizationConformancePackProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/config.generated.ts", "line": 3132 }, "methods": [ { "docs": { "stability": "external", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3236 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3253 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnOrganizationConformancePack", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3136 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3241 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-organizationconformancepackname" }, "stability": "external", "summary": "The name you assign to an organization conformance pack." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3162 }, "name": "organizationConformancePackName", "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-conformancepackinputparameters" }, "stability": "external", "summary": "A list of `ConformancePackInputParameter` objects." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3169 }, "name": "conformancePackInputParameters", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "collection": { "elementtype": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnOrganizationConformancePack.ConformancePackInputParameterProperty" } ] } }, "kind": "array" } } ] } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-deliverys3bucket" }, "remarks": "> This field is optional.", "stability": "external", "summary": "The name of the Amazon S3 bucket where AWS Config stores conformance pack templates." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3178 }, "name": "deliveryS3Bucket", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-deliverys3keyprefix" }, "remarks": "> This field is optional.", "stability": "external", "summary": "Any folder structure you want to add to an Amazon S3 bucket." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3187 }, "name": "deliveryS3KeyPrefix", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-excludedaccounts" }, "stability": "external", "summary": "A comma-separated list of accounts excluded from organization conformance pack." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3194 }, "name": "excludedAccounts", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-templatebody" }, "remarks": "Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.", "stability": "external", "summary": "A string containing full conformance pack template body." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3201 }, "name": "templateBody", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-templates3uri" }, "remarks": "The uri must point to the conformance pack template (max size: 300 KB).", "stability": "external", "summary": "Location of file containing the template body." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3208 }, "name": "templateS3Uri", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnOrganizationConformancePack" }, "@aws-cdk/aws-config.CfnOrganizationConformancePack.ConformancePackInputParameterProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconformancepack-conformancepackinputparameter.html", "exampleMetadata": "fixture=_generated" }, "remarks": "Keys can have a maximum character length of 255 characters, and values can have a maximum length of 4096 characters.", "stability": "external", "summary": "Input parameters in the form of key-value pairs for the conformance pack, both of which you define.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst conformancePackInputParameterProperty: config.CfnOrganizationConformancePack.ConformancePackInputParameterProperty = {\n parameterName: 'parameterName',\n parameterValue: 'parameterValue',\n};" }, "fqn": "@aws-cdk/aws-config.CfnOrganizationConformancePack.ConformancePackInputParameterProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 3267 }, "name": "ConformancePackInputParameterProperty", "namespace": "CfnOrganizationConformancePack", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconformancepack-conformancepackinputparameter.html#cfn-config-organizationconformancepack-conformancepackinputparameter-parametername" }, "stability": "external", "summary": "One part of a key-value pair." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3273 }, "name": "parameterName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconformancepack-conformancepackinputparameter.html#cfn-config-organizationconformancepack-conformancepackinputparameter-parametervalue" }, "stability": "external", "summary": "One part of a key-value pair." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3279 }, "name": "parameterValue", "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnOrganizationConformancePack.ConformancePackInputParameterProperty" }, "@aws-cdk/aws-config.CfnOrganizationConformancePackProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "Properties for defining a `CfnOrganizationConformancePack`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst cfnOrganizationConformancePackProps: config.CfnOrganizationConformancePackProps = {\n organizationConformancePackName: 'organizationConformancePackName',\n\n // the properties below are optional\n conformancePackInputParameters: [{\n parameterName: 'parameterName',\n parameterValue: 'parameterValue',\n }],\n deliveryS3Bucket: 'deliveryS3Bucket',\n deliveryS3KeyPrefix: 'deliveryS3KeyPrefix',\n excludedAccounts: ['excludedAccounts'],\n templateBody: 'templateBody',\n templateS3Uri: 'templateS3Uri',\n};" }, "fqn": "@aws-cdk/aws-config.CfnOrganizationConformancePackProps", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 3002 }, "name": "CfnOrganizationConformancePackProps", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-organizationconformancepackname" }, "stability": "external", "summary": "The name you assign to an organization conformance pack." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3009 }, "name": "organizationConformancePackName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-conformancepackinputparameters" }, "stability": "external", "summary": "A list of `ConformancePackInputParameter` objects." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3016 }, "name": "conformancePackInputParameters", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "collection": { "elementtype": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnOrganizationConformancePack.ConformancePackInputParameterProperty" } ] } }, "kind": "array" } } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-deliverys3bucket" }, "remarks": "> This field is optional.", "stability": "external", "summary": "The name of the Amazon S3 bucket where AWS Config stores conformance pack templates." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3025 }, "name": "deliveryS3Bucket", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-deliverys3keyprefix" }, "remarks": "> This field is optional.", "stability": "external", "summary": "Any folder structure you want to add to an Amazon S3 bucket." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3034 }, "name": "deliveryS3KeyPrefix", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-excludedaccounts" }, "stability": "external", "summary": "A comma-separated list of accounts excluded from organization conformance pack." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3041 }, "name": "excludedAccounts", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-templatebody" }, "remarks": "Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.", "stability": "external", "summary": "A string containing full conformance pack template body." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3048 }, "name": "templateBody", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-templates3uri" }, "remarks": "The uri must point to the conformance pack template (max size: 300 KB).", "stability": "external", "summary": "Location of file containing the template body." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3055 }, "name": "templateS3Uri", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnOrganizationConformancePackProps" }, "@aws-cdk/aws-config.CfnRemediationConfiguration": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::Config::RemediationConfiguration", "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html", "exampleMetadata": "fixture=_generated" }, "remarks": "An object that represents the details about the remediation configuration that includes the remediation action, parameters, and data to execute the action.", "stability": "external", "summary": "A CloudFormation `AWS::Config::RemediationConfiguration`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\n\ndeclare const parameters: any;\nconst cfnRemediationConfiguration = new config.CfnRemediationConfiguration(this, 'MyCfnRemediationConfiguration', {\n configRuleName: 'configRuleName',\n targetId: 'targetId',\n targetType: 'targetType',\n\n // the properties below are optional\n automatic: false,\n executionControls: {\n ssmControls: {\n concurrentExecutionRatePercentage: 123,\n errorPercentage: 123,\n },\n },\n maximumAutomaticAttempts: 123,\n parameters: parameters,\n resourceType: 'resourceType',\n retryAttemptSeconds: 123,\n targetVersion: 'targetVersion',\n});" }, "fqn": "@aws-cdk/aws-config.CfnRemediationConfiguration", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::Config::RemediationConfiguration`." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3620 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-config.CfnRemediationConfigurationProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/config.generated.ts", "line": 3510 }, "methods": [ { "docs": { "stability": "external", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3644 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3664 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnRemediationConfiguration", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3514 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3649 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-configrulename" }, "stability": "external", "summary": "The name of the AWS Config rule." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3540 }, "name": "configRuleName", "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-parameters" }, "remarks": "> The type is a map of strings to RemediationParameterValue.", "stability": "external", "summary": "An object of the RemediationParameterValue. For more information, see [RemediationParameterValue](https://docs.aws.amazon.com/config/latest/APIReference/API_RemediationParameterValue.html) ." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3586 }, "name": "parameters", "type": { "primitive": "any" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-targetid" }, "stability": "external", "summary": "Target ID is the name of the SSM document." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3547 }, "name": "targetId", "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-targettype" }, "remarks": "Target executes remediation. For example, SSM document.", "stability": "external", "summary": "The type of the target." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3554 }, "name": "targetType", "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-automatic" }, "stability": "external", "summary": "The remediation is triggered automatically." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3561 }, "name": "automatic", "optional": true, "type": { "union": { "types": [ { "primitive": "boolean" }, { "fqn": "@aws-cdk/core.IResolvable" } ] } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-executioncontrols" }, "stability": "external", "summary": "An ExecutionControls object." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3568 }, "name": "executionControls", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnRemediationConfiguration.ExecutionControlsProperty" } ] } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-maximumautomaticattempts" }, "remarks": "For example, if you specify MaximumAutomaticAttempts as 5 with RetryAttemptSeconds as 50 seconds, AWS Config will put a RemediationException on your behalf for the failing resource after the 5th failed attempt within 50 seconds.", "stability": "external", "summary": "The maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3577 }, "name": "maximumAutomaticAttempts", "optional": true, "type": { "primitive": "number" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-resourcetype" }, "stability": "external", "summary": "The type of a resource." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3593 }, "name": "resourceType", "optional": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-retryattemptseconds" }, "remarks": "If you do not select a number, the default is 60 seconds.\n\nFor example, if you specify RetryAttemptSeconds as 50 seconds and MaximumAutomaticAttempts as 5, AWS Config will run auto-remediations 5 times within 50 seconds before throwing an exception.", "stability": "external", "summary": "Maximum time in seconds that AWS Config runs auto-remediation." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3602 }, "name": "retryAttemptSeconds", "optional": true, "type": { "primitive": "number" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-targetversion" }, "remarks": "> If you make backward incompatible changes to the SSM document, you must call PutRemediationConfiguration API again to ensure the remediations can run.", "stability": "external", "summary": "Version of the target. For example, version of the SSM document." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3611 }, "name": "targetVersion", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnRemediationConfiguration" }, "@aws-cdk/aws-config.CfnRemediationConfiguration.ExecutionControlsProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-executioncontrols.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "An ExecutionControls object.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst executionControlsProperty: config.CfnRemediationConfiguration.ExecutionControlsProperty = {\n ssmControls: {\n concurrentExecutionRatePercentage: 123,\n errorPercentage: 123,\n },\n};" }, "fqn": "@aws-cdk/aws-config.CfnRemediationConfiguration.ExecutionControlsProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 3678 }, "name": "ExecutionControlsProperty", "namespace": "CfnRemediationConfiguration", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-executioncontrols.html#cfn-config-remediationconfiguration-executioncontrols-ssmcontrols" }, "stability": "external", "summary": "A SsmControls object." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3684 }, "name": "ssmControls", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnRemediationConfiguration.SsmControlsProperty" } ] } } } ], "symbolId": "lib/config.generated:CfnRemediationConfiguration.ExecutionControlsProperty" }, "@aws-cdk/aws-config.CfnRemediationConfiguration.RemediationParameterValueProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-remediationparametervalue.html", "exampleMetadata": "fixture=_generated" }, "remarks": "You must select either a dynamic value or a static value.", "stability": "external", "summary": "The value is either a dynamic (resource) value or a static value.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst remediationParameterValueProperty: config.CfnRemediationConfiguration.RemediationParameterValueProperty = {\n resourceValue: {\n value: 'value',\n },\n staticValue: {\n values: ['values'],\n },\n};" }, "fqn": "@aws-cdk/aws-config.CfnRemediationConfiguration.RemediationParameterValueProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 3745 }, "name": "RemediationParameterValueProperty", "namespace": "CfnRemediationConfiguration", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-remediationparametervalue.html#cfn-config-remediationconfiguration-remediationparametervalue-resourcevalue" }, "stability": "external", "summary": "The value is dynamic and changes at run-time." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3751 }, "name": "resourceValue", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnRemediationConfiguration.ResourceValueProperty" } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-remediationparametervalue.html#cfn-config-remediationconfiguration-remediationparametervalue-staticvalue" }, "stability": "external", "summary": "The value is static and does not change at run-time." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3757 }, "name": "staticValue", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnRemediationConfiguration.StaticValueProperty" } ] } } } ], "symbolId": "lib/config.generated:CfnRemediationConfiguration.RemediationParameterValueProperty" }, "@aws-cdk/aws-config.CfnRemediationConfiguration.ResourceValueProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-resourcevalue.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "The dynamic value of the resource.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst resourceValueProperty: config.CfnRemediationConfiguration.ResourceValueProperty = {\n value: 'value',\n};" }, "fqn": "@aws-cdk/aws-config.CfnRemediationConfiguration.ResourceValueProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 3821 }, "name": "ResourceValueProperty", "namespace": "CfnRemediationConfiguration", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-resourcevalue.html#cfn-config-remediationconfiguration-resourcevalue-value" }, "stability": "external", "summary": "The value is a resource ID." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3827 }, "name": "value", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnRemediationConfiguration.ResourceValueProperty" }, "@aws-cdk/aws-config.CfnRemediationConfiguration.SsmControlsProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-ssmcontrols.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "AWS Systems Manager (SSM) specific remediation controls.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst ssmControlsProperty: config.CfnRemediationConfiguration.SsmControlsProperty = {\n concurrentExecutionRatePercentage: 123,\n errorPercentage: 123,\n};" }, "fqn": "@aws-cdk/aws-config.CfnRemediationConfiguration.SsmControlsProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 3888 }, "name": "SsmControlsProperty", "namespace": "CfnRemediationConfiguration", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-ssmcontrols.html#cfn-config-remediationconfiguration-ssmcontrols-concurrentexecutionratepercentage" }, "remarks": "You can specify a percentage, such as 10%. The default value is 10.", "stability": "external", "summary": "The maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3894 }, "name": "concurrentExecutionRatePercentage", "optional": true, "type": { "primitive": "number" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-ssmcontrols.html#cfn-config-remediationconfiguration-ssmcontrols-errorpercentage" }, "remarks": "You can specify a percentage of errors, for example 10%. If you do not specifiy a percentage, the default is 50%. For example, if you set the ErrorPercentage to 40% for 10 non-compliant resources, then SSM stops running the automations when the fifth error is received.", "stability": "external", "summary": "The percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3900 }, "name": "errorPercentage", "optional": true, "type": { "primitive": "number" } } ], "symbolId": "lib/config.generated:CfnRemediationConfiguration.SsmControlsProperty" }, "@aws-cdk/aws-config.CfnRemediationConfiguration.StaticValueProperty": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-staticvalue.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "The static value of the resource.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst staticValueProperty: config.CfnRemediationConfiguration.StaticValueProperty = {\n values: ['values'],\n};" }, "fqn": "@aws-cdk/aws-config.CfnRemediationConfiguration.StaticValueProperty", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 3964 }, "name": "StaticValueProperty", "namespace": "CfnRemediationConfiguration", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-staticvalue.html#cfn-config-remediationconfiguration-staticvalue-values" }, "remarks": "For example, the ARN of the assumed role.", "stability": "external", "summary": "A list of values." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3970 }, "name": "values", "optional": true, "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } ], "symbolId": "lib/config.generated:CfnRemediationConfiguration.StaticValueProperty" }, "@aws-cdk/aws-config.CfnRemediationConfigurationProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "Properties for defining a `CfnRemediationConfiguration`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\n\ndeclare const parameters: any;\nconst cfnRemediationConfigurationProps: config.CfnRemediationConfigurationProps = {\n configRuleName: 'configRuleName',\n targetId: 'targetId',\n targetType: 'targetType',\n\n // the properties below are optional\n automatic: false,\n executionControls: {\n ssmControls: {\n concurrentExecutionRatePercentage: 123,\n errorPercentage: 123,\n },\n },\n maximumAutomaticAttempts: 123,\n parameters: parameters,\n resourceType: 'resourceType',\n retryAttemptSeconds: 123,\n targetVersion: 'targetVersion',\n};" }, "fqn": "@aws-cdk/aws-config.CfnRemediationConfigurationProps", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 3344 }, "name": "CfnRemediationConfigurationProps", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-configrulename" }, "stability": "external", "summary": "The name of the AWS Config rule." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3351 }, "name": "configRuleName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-targetid" }, "stability": "external", "summary": "Target ID is the name of the SSM document." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3358 }, "name": "targetId", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-targettype" }, "remarks": "Target executes remediation. For example, SSM document.", "stability": "external", "summary": "The type of the target." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3365 }, "name": "targetType", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-automatic" }, "stability": "external", "summary": "The remediation is triggered automatically." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3372 }, "name": "automatic", "optional": true, "type": { "union": { "types": [ { "primitive": "boolean" }, { "fqn": "@aws-cdk/core.IResolvable" } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-executioncontrols" }, "stability": "external", "summary": "An ExecutionControls object." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3379 }, "name": "executionControls", "optional": true, "type": { "union": { "types": [ { "fqn": "@aws-cdk/core.IResolvable" }, { "fqn": "@aws-cdk/aws-config.CfnRemediationConfiguration.ExecutionControlsProperty" } ] } } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-maximumautomaticattempts" }, "remarks": "For example, if you specify MaximumAutomaticAttempts as 5 with RetryAttemptSeconds as 50 seconds, AWS Config will put a RemediationException on your behalf for the failing resource after the 5th failed attempt within 50 seconds.", "stability": "external", "summary": "The maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3388 }, "name": "maximumAutomaticAttempts", "optional": true, "type": { "primitive": "number" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-parameters" }, "remarks": "> The type is a map of strings to RemediationParameterValue.", "stability": "external", "summary": "An object of the RemediationParameterValue. For more information, see [RemediationParameterValue](https://docs.aws.amazon.com/config/latest/APIReference/API_RemediationParameterValue.html) ." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3397 }, "name": "parameters", "optional": true, "type": { "primitive": "any" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-resourcetype" }, "stability": "external", "summary": "The type of a resource." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3404 }, "name": "resourceType", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-retryattemptseconds" }, "remarks": "If you do not select a number, the default is 60 seconds.\n\nFor example, if you specify RetryAttemptSeconds as 50 seconds and MaximumAutomaticAttempts as 5, AWS Config will run auto-remediations 5 times within 50 seconds before throwing an exception.", "stability": "external", "summary": "Maximum time in seconds that AWS Config runs auto-remediation." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3413 }, "name": "retryAttemptSeconds", "optional": true, "type": { "primitive": "number" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-targetversion" }, "remarks": "> If you make backward incompatible changes to the SSM document, you must call PutRemediationConfiguration API again to ensure the remediations can run.", "stability": "external", "summary": "Version of the target. For example, version of the SSM document." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 3422 }, "name": "targetVersion", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnRemediationConfigurationProps" }, "@aws-cdk/aws-config.CfnStoredQuery": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::Config::StoredQuery", "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html", "exampleMetadata": "fixture=_generated" }, "remarks": "Provides the details of a stored query.", "stability": "external", "summary": "A CloudFormation `AWS::Config::StoredQuery`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst cfnStoredQuery = new config.CfnStoredQuery(this, 'MyCfnStoredQuery', {\n queryExpression: 'queryExpression',\n queryName: 'queryName',\n\n // the properties below are optional\n queryDescription: 'queryDescription',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n});" }, "fqn": "@aws-cdk/aws-config.CfnStoredQuery", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::Config::StoredQuery`." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4199 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-config.CfnStoredQueryProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/config.generated.ts", "line": 4127 }, "methods": [ { "docs": { "stability": "external", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4218 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4232 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnStoredQuery", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4131 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "QueryArn" }, "remarks": "For example, arn:partition:service:region:account-id:resource-type/resource-name/resource-id.", "stability": "external", "summary": "Amazon Resource Name (ARN) of the query." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4156 }, "name": "attrQueryArn", "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "QueryId" }, "stability": "external", "summary": "The ID of the query." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4162 }, "name": "attrQueryId", "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4223 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-tags" }, "stability": "external", "summary": "An array of key-value pairs to apply to this resource." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4190 }, "name": "tags", "type": { "fqn": "@aws-cdk/core.TagManager" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-queryexpression" }, "remarks": "For example, `SELECT resourceId, resourceType, supplementaryConfiguration.BucketVersioningConfiguration.status WHERE resourceType = 'AWS::S3::Bucket' AND supplementaryConfiguration.BucketVersioningConfiguration.status = 'Off'.`", "stability": "external", "summary": "The expression of the query." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4169 }, "name": "queryExpression", "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-queryname" }, "stability": "external", "summary": "The name of the query." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4176 }, "name": "queryName", "type": { "primitive": "string" } }, { "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-querydescription" }, "stability": "external", "summary": "A unique description for the query." }, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4183 }, "name": "queryDescription", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/config.generated:CfnStoredQuery" }, "@aws-cdk/aws-config.CfnStoredQueryProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html", "exampleMetadata": "fixture=_generated" }, "stability": "external", "summary": "Properties for defining a `CfnStoredQuery`.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\nconst cfnStoredQueryProps: config.CfnStoredQueryProps = {\n queryExpression: 'queryExpression',\n queryName: 'queryName',\n\n // the properties below are optional\n queryDescription: 'queryDescription',\n tags: [{\n key: 'key',\n value: 'value',\n }],\n};" }, "fqn": "@aws-cdk/aws-config.CfnStoredQueryProps", "kind": "interface", "locationInModule": { "filename": "lib/config.generated.ts", "line": 4030 }, "name": "CfnStoredQueryProps", "properties": [ { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-queryexpression" }, "remarks": "For example, `SELECT resourceId, resourceType, supplementaryConfiguration.BucketVersioningConfiguration.status WHERE resourceType = 'AWS::S3::Bucket' AND supplementaryConfiguration.BucketVersioningConfiguration.status = 'Off'.`", "stability": "external", "summary": "The expression of the query." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4037 }, "name": "queryExpression", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-queryname" }, "stability": "external", "summary": "The name of the query." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4044 }, "name": "queryName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-querydescription" }, "stability": "external", "summary": "A unique description for the query." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4051 }, "name": "queryDescription", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "link": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-tags" }, "stability": "external", "summary": "An array of key-value pairs to apply to this resource." }, "immutable": true, "locationInModule": { "filename": "lib/config.generated.ts", "line": 4058 }, "name": "tags", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/core.CfnTag" }, "kind": "array" } } } ], "symbolId": "lib/config.generated:CfnStoredQueryProps" }, "@aws-cdk/aws-config.CloudFormationStackDriftDetectionCheck": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/aws-config.ManagedRule", "docs": { "custom": { "resource": "AWS::Config::ConfigRule", "exampleMetadata": "infused" }, "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-drift-detection-check.html", "stability": "stable", "summary": "Checks whether your CloudFormation stacks' actual configuration differs, or has drifted, from its expected configuration.", "example": "// Topic to which compliance notification events will be published\nconst complianceTopic = new sns.Topic(this, 'ComplianceTopic');\n\nconst rule = new config.CloudFormationStackDriftDetectionCheck(this, 'Drift');\nrule.onComplianceChange('TopicEvent', {\n target: new targets.SnsTopic(complianceTopic),\n});" }, "fqn": "@aws-cdk/aws-config.CloudFormationStackDriftDetectionCheck", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/managed-rules.ts", "line": 76 }, "parameters": [ { "name": "scope", "type": { "fqn": "constructs.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "props", "optional": true, "type": { "fqn": "@aws-cdk/aws-config.CloudFormationStackDriftDetectionCheckProps" } } ] }, "kind": "class", "locationInModule": { "filename": "lib/managed-rules.ts", "line": 73 }, "name": "CloudFormationStackDriftDetectionCheck", "symbolId": "lib/managed-rules:CloudFormationStackDriftDetectionCheck" }, "@aws-cdk/aws-config.CloudFormationStackDriftDetectionCheckProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "stability": "stable", "summary": "Construction properties for a CloudFormationStackDriftDetectionCheck.", "example": "// compliant if stack's status is 'IN_SYNC'\n// non-compliant if the stack's drift status is 'DRIFTED'\nnew config.CloudFormationStackDriftDetectionCheck(this, 'Drift', {\n ownStackOnly: true, // checks only the stack containing the rule\n});", "custom": { "exampleMetadata": "infused" } }, "fqn": "@aws-cdk/aws-config.CloudFormationStackDriftDetectionCheckProps", "interfaces": [ "@aws-cdk/aws-config.RuleProps" ], "kind": "interface", "locationInModule": { "filename": "lib/managed-rules.ts", "line": 46 }, "name": "CloudFormationStackDriftDetectionCheckProps", "properties": [ { "abstract": true, "docs": { "default": "false", "stability": "stable", "summary": "Whether to check only the stack where this rule is deployed." }, "immutable": true, "locationInModule": { "filename": "lib/managed-rules.ts", "line": 52 }, "name": "ownStackOnly", "optional": true, "type": { "primitive": "boolean" } }, { "abstract": true, "docs": { "default": "- A role will be created", "remarks": "It must have permissions to detect drift\nfor AWS CloudFormation stacks. Ensure to attach `config.amazonaws.com` trusted\npermissions and `ReadOnlyAccess` policy permissions. For specific policy permissions,\nrefer to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html.", "stability": "stable", "summary": "The IAM role to use for this rule." }, "immutable": true, "locationInModule": { "filename": "lib/managed-rules.ts", "line": 62 }, "name": "role", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.IRole" } } ], "symbolId": "lib/managed-rules:CloudFormationStackDriftDetectionCheckProps" }, "@aws-cdk/aws-config.CloudFormationStackNotificationCheck": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/aws-config.ManagedRule", "docs": { "custom": { "resource": "AWS::Config::ConfigRule", "exampleMetadata": "infused" }, "remarks": "Optionally checks whether specified SNS topics are used.", "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-notification-check.html", "stability": "stable", "summary": "Checks whether your CloudFormation stacks are sending event notifications to a SNS topic.", "example": "// topics to which CloudFormation stacks may send event notifications\nconst topic1 = new sns.Topic(this, 'AllowedTopic1');\nconst topic2 = new sns.Topic(this, 'AllowedTopic2');\n\n// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'\nnew config.CloudFormationStackNotificationCheck(this, 'NotificationCheck', {\n topics: [topic1, topic2],\n});" }, "fqn": "@aws-cdk/aws-config.CloudFormationStackNotificationCheck", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/managed-rules.ts", "line": 117 }, "parameters": [ { "name": "scope", "type": { "fqn": "constructs.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "props", "optional": true, "type": { "fqn": "@aws-cdk/aws-config.CloudFormationStackNotificationCheckProps" } } ] }, "kind": "class", "locationInModule": { "filename": "lib/managed-rules.ts", "line": 116 }, "name": "CloudFormationStackNotificationCheck", "symbolId": "lib/managed-rules:CloudFormationStackNotificationCheck" }, "@aws-cdk/aws-config.CloudFormationStackNotificationCheckProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "stability": "stable", "summary": "Construction properties for a CloudFormationStackNotificationCheck.", "example": "// topics to which CloudFormation stacks may send event notifications\nconst topic1 = new sns.Topic(this, 'AllowedTopic1');\nconst topic2 = new sns.Topic(this, 'AllowedTopic2');\n\n// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'\nnew config.CloudFormationStackNotificationCheck(this, 'NotificationCheck', {\n topics: [topic1, topic2],\n});", "custom": { "exampleMetadata": "infused" } }, "fqn": "@aws-cdk/aws-config.CloudFormationStackNotificationCheckProps", "interfaces": [ "@aws-cdk/aws-config.RuleProps" ], "kind": "interface", "locationInModule": { "filename": "lib/managed-rules.ts", "line": 99 }, "name": "CloudFormationStackNotificationCheckProps", "properties": [ { "abstract": true, "docs": { "default": "- No topics.", "remarks": "At most 5 topics.", "stability": "stable", "summary": "A list of allowed topics." }, "immutable": true, "locationInModule": { "filename": "lib/managed-rules.ts", "line": 105 }, "name": "topics", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-sns.ITopic" }, "kind": "array" } } } ], "symbolId": "lib/managed-rules:CloudFormationStackNotificationCheckProps" }, "@aws-cdk/aws-config.CustomRule": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/core.Resource", "docs": { "custom": { "resource": "AWS::Config::ConfigRule", "exampleMetadata": "infused" }, "stability": "stable", "summary": "A new custom rule.", "example": "// Lambda function containing logic that evaluates compliance with the rule.\nconst evalComplianceFn = new lambda.Function(this, 'CustomFunction', {\n code: lambda.AssetCode.fromInline('exports.handler = (event) => console.log(event);'),\n handler: 'index.handler',\n runtime: lambda.Runtime.NODEJS_14_X,\n});\n\n// A custom rule that runs on configuration changes of EC2 instances\nconst customRule = new config.CustomRule(this, 'Custom', {\n configurationChanges: true,\n lambdaFunction: evalComplianceFn,\n ruleScope: config.RuleScope.fromResource(config.ResourceType.EC2_INSTANCE),\n});\n\n// A rule to detect stack drifts\nconst driftRule = new config.CloudFormationStackDriftDetectionCheck(this, 'Drift');\n\n// Topic to which compliance notification events will be published\nconst complianceTopic = new sns.Topic(this, 'ComplianceTopic');\n\n// Send notification on compliance change events\ndriftRule.onComplianceChange('ComplianceChange', {\n target: new targets.SnsTopic(complianceTopic),\n});" }, "fqn": "@aws-cdk/aws-config.CustomRule", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/rule.ts", "line": 325 }, "parameters": [ { "name": "scope", "type": { "fqn": "constructs.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "props", "type": { "fqn": "@aws-cdk/aws-config.CustomRuleProps" } } ] }, "interfaces": [ "@aws-cdk/aws-config.IRule" ], "kind": "class", "locationInModule": { "filename": "lib/rule.ts", "line": 312 }, "methods": [ { "docs": { "stability": "stable", "summary": "Imports an existing rule." }, "locationInModule": { "filename": "lib/rule.ts", "line": 90 }, "name": "fromConfigRuleName", "parameters": [ { "name": "scope", "type": { "fqn": "constructs.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "the name of the rule." }, "name": "configRuleName", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-config.IRule" } }, "static": true }, { "docs": { "stability": "stable", "summary": "Defines an EventBridge event rule which triggers for rule compliance events." }, "locationInModule": { "filename": "lib/rule.ts", "line": 61 }, "name": "onComplianceChange", "overrides": "@aws-cdk/aws-config.IRule", "parameters": [ { "name": "id", "type": { "primitive": "string" } }, { "name": "options", "optional": true, "type": { "fqn": "@aws-cdk/aws-events.OnEventOptions" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-events.Rule" } } }, { "docs": { "remarks": "Use\n`rule.addEventPattern(pattern)` to specify a filter.", "stability": "stable", "summary": "Defines an EventBridge event rule which triggers for rule events." }, "locationInModule": { "filename": "lib/rule.ts", "line": 46 }, "name": "onEvent", "overrides": "@aws-cdk/aws-config.IRule", "parameters": [ { "name": "id", "type": { "primitive": "string" } }, { "name": "options", "optional": true, "type": { "fqn": "@aws-cdk/aws-events.OnEventOptions" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-events.Rule" } } }, { "docs": { "stability": "stable", "summary": "Defines an EventBridge event rule which triggers for rule re-evaluation status events." }, "locationInModule": { "filename": "lib/rule.ts", "line": 72 }, "name": "onReEvaluationStatus", "overrides": "@aws-cdk/aws-config.IRule", "parameters": [ { "name": "id", "type": { "primitive": "string" } }, { "name": "options", "optional": true, "type": { "fqn": "@aws-cdk/aws-events.OnEventOptions" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-events.Rule" } } } ], "name": "CustomRule", "properties": [ { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The arn of the rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 317 }, "name": "configRuleArn", "type": { "primitive": "string" } }, { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The compliance status of the rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 323 }, "name": "configRuleComplianceType", "type": { "primitive": "string" } }, { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The id of the rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 320 }, "name": "configRuleId", "type": { "primitive": "string" } }, { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The name of the rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 314 }, "name": "configRuleName", "overrides": "@aws-cdk/aws-config.IRule", "type": { "primitive": "string" } }, { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/rule.ts", "line": 115 }, "name": "isCustomWithChanges", "optional": true, "protected": true, "type": { "primitive": "boolean" } }, { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/rule.ts", "line": 114 }, "name": "isManaged", "optional": true, "protected": true, "type": { "primitive": "boolean" } }, { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/rule.ts", "line": 113 }, "name": "ruleScope", "optional": true, "protected": true, "type": { "fqn": "@aws-cdk/aws-config.RuleScope" } } ], "symbolId": "lib/rule:CustomRule" }, "@aws-cdk/aws-config.CustomRuleProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "stability": "stable", "summary": "Construction properties for a CustomRule.", "example": "// Lambda function containing logic that evaluates compliance with the rule.\nconst evalComplianceFn = new lambda.Function(this, 'CustomFunction', {\n code: lambda.AssetCode.fromInline('exports.handler = (event) => console.log(event);'),\n handler: 'index.handler',\n runtime: lambda.Runtime.NODEJS_14_X,\n});\n\n// A custom rule that runs on configuration changes of EC2 instances\nconst customRule = new config.CustomRule(this, 'Custom', {\n configurationChanges: true,\n lambdaFunction: evalComplianceFn,\n ruleScope: config.RuleScope.fromResource(config.ResourceType.EC2_INSTANCE),\n});\n\n// A rule to detect stack drifts\nconst driftRule = new config.CloudFormationStackDriftDetectionCheck(this, 'Drift');\n\n// Topic to which compliance notification events will be published\nconst complianceTopic = new sns.Topic(this, 'ComplianceTopic');\n\n// Send notification on compliance change events\ndriftRule.onComplianceChange('ComplianceChange', {\n target: new targets.SnsTopic(complianceTopic),\n});", "custom": { "exampleMetadata": "infused" } }, "fqn": "@aws-cdk/aws-config.CustomRuleProps", "interfaces": [ "@aws-cdk/aws-config.RuleProps" ], "kind": "interface", "locationInModule": { "filename": "lib/rule.ts", "line": 287 }, "name": "CustomRuleProps", "properties": [ { "abstract": true, "docs": { "stability": "stable", "summary": "The Lambda function to run." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 291 }, "name": "lambdaFunction", "type": { "fqn": "@aws-cdk/aws-lambda.IFunction" } }, { "abstract": true, "docs": { "default": "false", "stability": "stable", "summary": "Whether to run the rule on configuration changes." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 298 }, "name": "configurationChanges", "optional": true, "type": { "primitive": "boolean" } }, { "abstract": true, "docs": { "default": "false", "stability": "stable", "summary": "Whether to run the rule on a fixed frequency." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 305 }, "name": "periodic", "optional": true, "type": { "primitive": "boolean" } } ], "symbolId": "lib/rule:CustomRuleProps" }, "@aws-cdk/aws-config.IRule": { "assembly": "@aws-cdk/aws-config", "docs": { "stability": "stable", "summary": "Interface representing an AWS Config rule." }, "fqn": "@aws-cdk/aws-config.IRule", "interfaces": [ "@aws-cdk/core.IResource" ], "kind": "interface", "locationInModule": { "filename": "lib/rule.ts", "line": 11 }, "methods": [ { "abstract": true, "docs": { "stability": "stable", "summary": "Defines a EventBridge event rule which triggers for rule compliance events." }, "locationInModule": { "filename": "lib/rule.ts", "line": 28 }, "name": "onComplianceChange", "parameters": [ { "name": "id", "type": { "primitive": "string" } }, { "name": "options", "optional": true, "type": { "fqn": "@aws-cdk/aws-events.OnEventOptions" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-events.Rule" } } }, { "abstract": true, "docs": { "remarks": "Use\n`rule.addEventPattern(pattern)` to specify a filter.", "stability": "stable", "summary": "Defines an EventBridge event rule which triggers for rule events." }, "locationInModule": { "filename": "lib/rule.ts", "line": 23 }, "name": "onEvent", "parameters": [ { "name": "id", "type": { "primitive": "string" } }, { "name": "options", "optional": true, "type": { "fqn": "@aws-cdk/aws-events.OnEventOptions" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-events.Rule" } } }, { "abstract": true, "docs": { "stability": "stable", "summary": "Defines a EventBridge event rule which triggers for rule re-evaluation status events." }, "locationInModule": { "filename": "lib/rule.ts", "line": 33 }, "name": "onReEvaluationStatus", "parameters": [ { "name": "id", "type": { "primitive": "string" } }, { "name": "options", "optional": true, "type": { "fqn": "@aws-cdk/aws-events.OnEventOptions" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-events.Rule" } } } ], "name": "IRule", "properties": [ { "abstract": true, "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The name of the rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 17 }, "name": "configRuleName", "type": { "primitive": "string" } } ], "symbolId": "lib/rule:IRule" }, "@aws-cdk/aws-config.ManagedRule": { "assembly": "@aws-cdk/aws-config", "base": "@aws-cdk/core.Resource", "docs": { "custom": { "resource": "AWS::Config::ConfigRule", "exampleMetadata": "infused" }, "stability": "stable", "summary": "A new managed rule.", "example": "// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html\nnew config.ManagedRule(this, 'AccessKeysRotated', {\n identifier: config.ManagedRuleIdentifiers.ACCESS_KEYS_ROTATED,\n inputParameters: {\n maxAccessKeyAge: 60, // default is 90 days\n },\n\n // default is 24 hours\n maximumExecutionFrequency: config.MaximumExecutionFrequency.TWELVE_HOURS,\n});" }, "fqn": "@aws-cdk/aws-config.ManagedRule", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/rule.ts", "line": 256 }, "parameters": [ { "name": "scope", "type": { "fqn": "constructs.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "props", "type": { "fqn": "@aws-cdk/aws-config.ManagedRuleProps" } } ] }, "interfaces": [ "@aws-cdk/aws-config.IRule" ], "kind": "class", "locationInModule": { "filename": "lib/rule.ts", "line": 243 }, "methods": [ { "docs": { "stability": "stable", "summary": "Imports an existing rule." }, "locationInModule": { "filename": "lib/rule.ts", "line": 90 }, "name": "fromConfigRuleName", "parameters": [ { "name": "scope", "type": { "fqn": "constructs.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "the name of the rule." }, "name": "configRuleName", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-config.IRule" } }, "static": true }, { "docs": { "stability": "stable", "summary": "Defines an EventBridge event rule which triggers for rule compliance events." }, "locationInModule": { "filename": "lib/rule.ts", "line": 61 }, "name": "onComplianceChange", "overrides": "@aws-cdk/aws-config.IRule", "parameters": [ { "name": "id", "type": { "primitive": "string" } }, { "name": "options", "optional": true, "type": { "fqn": "@aws-cdk/aws-events.OnEventOptions" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-events.Rule" } } }, { "docs": { "remarks": "Use\n`rule.addEventPattern(pattern)` to specify a filter.", "stability": "stable", "summary": "Defines an EventBridge event rule which triggers for rule events." }, "locationInModule": { "filename": "lib/rule.ts", "line": 46 }, "name": "onEvent", "overrides": "@aws-cdk/aws-config.IRule", "parameters": [ { "name": "id", "type": { "primitive": "string" } }, { "name": "options", "optional": true, "type": { "fqn": "@aws-cdk/aws-events.OnEventOptions" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-events.Rule" } } }, { "docs": { "stability": "stable", "summary": "Defines an EventBridge event rule which triggers for rule re-evaluation status events." }, "locationInModule": { "filename": "lib/rule.ts", "line": 72 }, "name": "onReEvaluationStatus", "overrides": "@aws-cdk/aws-config.IRule", "parameters": [ { "name": "id", "type": { "primitive": "string" } }, { "name": "options", "optional": true, "type": { "fqn": "@aws-cdk/aws-events.OnEventOptions" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-events.Rule" } } } ], "name": "ManagedRule", "properties": [ { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The arn of the rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 248 }, "name": "configRuleArn", "type": { "primitive": "string" } }, { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The compliance status of the rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 254 }, "name": "configRuleComplianceType", "type": { "primitive": "string" } }, { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The id of the rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 251 }, "name": "configRuleId", "type": { "primitive": "string" } }, { "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The name of the rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 245 }, "name": "configRuleName", "overrides": "@aws-cdk/aws-config.IRule", "type": { "primitive": "string" } }, { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/rule.ts", "line": 115 }, "name": "isCustomWithChanges", "optional": true, "protected": true, "type": { "primitive": "boolean" } }, { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/rule.ts", "line": 114 }, "name": "isManaged", "optional": true, "protected": true, "type": { "primitive": "boolean" } }, { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/rule.ts", "line": 113 }, "name": "ruleScope", "optional": true, "protected": true, "type": { "fqn": "@aws-cdk/aws-config.RuleScope" } } ], "symbolId": "lib/rule:ManagedRule" }, "@aws-cdk/aws-config.ManagedRuleIdentifiers": { "assembly": "@aws-cdk/aws-config", "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html", "stability": "stable", "summary": "Managed rules that are supported by AWS Config.", "example": "// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html\nnew config.ManagedRule(this, 'AccessKeysRotated', {\n identifier: config.ManagedRuleIdentifiers.ACCESS_KEYS_ROTATED,\n inputParameters: {\n maxAccessKeyAge: 60, // default is 90 days\n },\n\n // default is 24 hours\n maximumExecutionFrequency: config.MaximumExecutionFrequency.TWELVE_HOURS,\n});", "custom": { "exampleMetadata": "infused" } }, "fqn": "@aws-cdk/aws-config.ManagedRuleIdentifiers", "kind": "class", "locationInModule": { "filename": "lib/rule.ts", "line": 398 }, "name": "ManagedRuleIdentifiers", "properties": [ { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html", "stability": "stable", "summary": "Checks whether the active access keys are rotated within the number of days specified in maxAccessKeyAge." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 415 }, "name": "ACCESS_KEYS_ROTATED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/account-part-of-organizations.html", "stability": "stable", "summary": "Checks whether AWS account is part of AWS Organizations." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 420 }, "name": "ACCOUNT_PART_OF_ORGANIZATIONS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html", "stability": "stable", "summary": "Checks whether ACM Certificates in your account are marked for expiration within the specified number of days." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 425 }, "name": "ACM_CERTIFICATE_EXPIRATION_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/alb-http-drop-invalid-header-enabled.html", "stability": "stable", "summary": "Checks if rule evaluates Application Load Balancers (ALBs) to ensure they are configured to drop http headers." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 430 }, "name": "ALB_HTTP_DROP_INVALID_HEADER_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/alb-http-to-https-redirection-check.html", "stability": "stable", "summary": "Checks whether HTTP to HTTPS redirection is configured on all HTTP listeners of Application Load Balancer." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 435 }, "name": "ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/alb-waf-enabled.html", "stability": "stable", "summary": "Checks if Web Application Firewall (WAF) is enabled on Application Load Balancers (ALBs)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 440 }, "name": "ALB_WAF_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/api-gw-cache-enabled-and-encrypted.html", "stability": "stable", "summary": "Checks that all methods in Amazon API Gateway stages have caching enabled and encrypted." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 445 }, "name": "API_GW_CACHE_ENABLED_AND_ENCRYPTED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/api-gw-endpoint-type-check.html", "stability": "stable", "summary": "Checks that Amazon API Gateway APIs are of the type specified in the rule parameter endpointConfigurationType." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 450 }, "name": "API_GW_ENDPOINT_TYPE_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/api-gw-execution-logging-enabled.html", "stability": "stable", "summary": "Checks that all methods in Amazon API Gateway stage has logging enabled." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 455 }, "name": "API_GW_EXECUTION_LOGGING_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/approved-amis-by-id.html", "stability": "stable", "summary": "Checks whether running instances are using specified AMIs." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 460 }, "name": "APPROVED_AMIS_BY_ID", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/approved-amis-by-tag.html", "stability": "stable", "summary": "Checks whether running instances are using specified AMIs." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 465 }, "name": "APPROVED_AMIS_BY_TAG", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-group-elb-healthcheck-required.html", "stability": "stable", "summary": "Checks whether your Auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 471 }, "name": "AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloud-trail-cloud-watch-logs-enabled.html", "stability": "stable", "summary": "Checks whether AWS CloudTrail trails are configured to send logs to Amazon CloudWatch Logs." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 512 }, "name": "CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-enabled.html", "stability": "stable", "summary": "Checks whether AWS CloudTrail is enabled in your AWS account." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 517 }, "name": "CLOUD_TRAIL_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloud-trail-encryption-enabled.html", "stability": "stable", "summary": "Checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 523 }, "name": "CLOUD_TRAIL_ENCRYPTION_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloud-trail-log-file-validation-enabled.html", "stability": "stable", "summary": "Checks whether AWS CloudTrail creates a signed digest file with logs." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 528 }, "name": "CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-drift-detection-check.html", "stability": "stable", "summary": "Checks whether an AWS CloudFormation stack's actual configuration differs, or has drifted, from it's expected configuration." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 477 }, "name": "CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-notification-check.html", "stability": "stable", "summary": "Checks whether your CloudFormation stacks are sending event notifications to an SNS topic." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 482 }, "name": "CLOUDFORMATION_STACK_NOTIFICATION_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-default-root-object-configured.html", "stability": "stable", "summary": "Checks if an Amazon CloudFront distribution is configured to return a specific object that is the default root object." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 487 }, "name": "CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-origin-access-identity-enabled.html", "stability": "stable", "summary": "Checks that Amazon CloudFront distribution with Amazon S3 Origin type has Origin Access Identity (OAI) configured." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 492 }, "name": "CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-origin-failover-enabled.html", "stability": "stable", "summary": "Checks whether an origin group is configured for the distribution of at least 2 origins in the origin group for Amazon CloudFront." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 497 }, "name": "CLOUDFRONT_ORIGIN_FAILOVER_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-sni-enabled.html", "stability": "stable", "summary": "Checks if Amazon CloudFront distributions are using a custom SSL certificate and are configured to use SNI to serve HTTPS requests." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 503 }, "name": "CLOUDFRONT_SNI_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-viewer-policy-https.html", "stability": "stable", "summary": "Checks whether your Amazon CloudFront distributions use HTTPS (directly or via a redirection)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 507 }, "name": "CLOUDFRONT_VIEWER_POLICY_HTTPS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/multi-region-cloudtrail-enabled.html", "stability": "stable", "summary": "Checks that there is at least one multi-region AWS CloudTrail." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1004 }, "name": "CLOUDTRAIL_MULTI_REGION_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-s3-dataevents-enabled.html", "stability": "stable", "summary": "Checks whether at least one AWS CloudTrail trail is logging Amazon S3 data events for all S3 buckets." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 533 }, "name": "CLOUDTRAIL_S3_DATAEVENTS_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-security-trail-enabled.html", "stability": "stable", "summary": "Checks that there is at least one AWS CloudTrail trail defined with security best practices." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 538 }, "name": "CLOUDTRAIL_SECURITY_TRAIL_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-action-check.html", "stability": "stable", "summary": "Checks whether CloudWatch alarms have at least one alarm action, one INSUFFICIENT_DATA action, or one OK action enabled." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 544 }, "name": "CLOUDWATCH_ALARM_ACTION_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-resource-check.html", "stability": "stable", "summary": "Checks whether the specified resource type has a CloudWatch alarm for the specified metric." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 549 }, "name": "CLOUDWATCH_ALARM_RESOURCE_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-settings-check.html", "stability": "stable", "summary": "Checks whether CloudWatch alarms with the given metric name have the specified settings." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 554 }, "name": "CLOUDWATCH_ALARM_SETTINGS_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-log-group-encrypted.html", "stability": "stable", "summary": "Checks whether a log group in Amazon CloudWatch Logs is encrypted with a AWS Key Management Service (KMS) managed Customer Master Keys (CMK)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 560 }, "name": "CLOUDWATCH_LOG_GROUP_ENCRYPTED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cmk-backing-key-rotation-enabled.html", "stability": "stable", "summary": "Checks that key rotation is enabled for each key and matches to the key ID of the customer created customer master key (CMK)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 566 }, "name": "CMK_BACKING_KEY_ROTATION_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-envvar-awscred-check.html", "stability": "stable", "summary": "Checks whether the project contains environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 571 }, "name": "CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-source-repo-url-check.html", "stability": "stable", "summary": "Checks whether the GitHub or Bitbucket source repository URL contains either personal access tokens or user name and password." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 577 }, "name": "CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/codepipeline-deployment-count-check.html", "stability": "stable", "summary": "Checks whether the first deployment stage of the AWS CodePipeline performs more than one deployment." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 582 }, "name": "CODEPIPELINE_DEPLOYMENT_COUNT_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/codepipeline-region-fanout-check.html", "stability": "stable", "summary": "Checks whether each stage in the AWS CodePipeline deploys to more than N times the number of the regions the AWS CodePipeline has deployed in all the previous combined stages, where N is the region fanout number." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 589 }, "name": "CODEPIPELINE_REGION_FANOUT_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/cw-loggroup-retention-period-check.html", "stability": "stable", "summary": "Checks whether Amazon CloudWatch LogGroup retention period is set to specific number of days." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 594 }, "name": "CW_LOGGROUP_RETENTION_PERIOD_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/dax-encryption-enabled.html", "stability": "stable", "summary": "Checks that DynamoDB Accelerator (DAX) clusters are encrypted." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 599 }, "name": "DAX_ENCRYPTION_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/dms-replication-not-public.html", "stability": "stable", "summary": "Checks whether AWS Database Migration Service replication instances are public." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 619 }, "name": "DMS_REPLICATION_NOT_PUBLIC", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-autoscaling-enabled.html", "stability": "stable", "summary": "Checks whether Auto Scaling or On-Demand is enabled on your DynamoDB tables and/or global secondary indexes." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 624 }, "name": "DYNAMODB_AUTOSCALING_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-in-backup-plan.html", "stability": "stable", "summary": "Checks whether Amazon DynamoDB table is present in AWS Backup plans." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 629 }, "name": "DYNAMODB_IN_BACKUP_PLAN", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-pitr-enabled.html", "stability": "stable", "summary": "Checks that point in time recovery (PITR) is enabled for Amazon DynamoDB tables." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 634 }, "name": "DYNAMODB_PITR_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-table-encrypted-kms.html", "stability": "stable", "summary": "Checks whether Amazon DynamoDB table is encrypted with AWS Key Management Service (KMS)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 639 }, "name": "DYNAMODB_TABLE_ENCRYPTED_KMS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-table-encryption-enabled.html", "stability": "stable", "summary": "Checks whether the Amazon DynamoDB tables are encrypted and checks their status." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 644 }, "name": "DYNAMODB_TABLE_ENCRYPTION_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-throughput-limit-check.html", "stability": "stable", "summary": "Checks whether provisioned DynamoDB throughput is approaching the maximum limit for your account." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 649 }, "name": "DYNAMODB_THROUGHPUT_LIMIT_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/encrypted-volumes.html", "stability": "stable", "summary": "Checks whether the EBS volumes that are in an attached state are encrypted." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 851 }, "name": "EBS_ENCRYPTED_VOLUMES", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ebs-in-backup-plan.html", "stability": "stable", "summary": "Checks if Amazon Elastic Block Store (Amazon EBS) volumes are added in backup plans of AWS Backup." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 654 }, "name": "EBS_IN_BACKUP_PLAN", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ebs-optimized-instance.html", "stability": "stable", "summary": "Checks whether EBS optimization is enabled for your EC2 instances that can be EBS-optimized." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 670 }, "name": "EBS_OPTIMIZED_INSTANCE", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ebs-snapshot-public-restorable-check.html", "stability": "stable", "summary": "Checks whether Amazon Elastic Block Store snapshots are not publicly restorable." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 675 }, "name": "EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/desired-instance-tenancy.html", "stability": "stable", "summary": "Checks instances for specified tenancy." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 609 }, "name": "EC2_DESIRED_INSTANCE_TENANCY", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/desired-instance-type.html", "stability": "stable", "summary": "Checks whether your EC2 instances are of the specified instance types." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 614 }, "name": "EC2_DESIRED_INSTANCE_TYPE", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-ebs-encryption-by-default.html", "stability": "stable", "summary": "Check that Amazon Elastic Block Store (EBS) encryption is enabled by default." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 665 }, "name": "EC2_EBS_ENCRYPTION_BY_DEFAULT", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-imdsv2-check.html", "stability": "stable", "summary": "Checks whether your Amazon Elastic Compute Cloud (Amazon EC2) instance metadata version is configured with Instance Metadata Service Version 2 (IMDSv2)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 785 }, "name": "EC2_IMDSV2_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-detailed-monitoring-enabled.html", "stability": "stable", "summary": "Checks whether detailed monitoring is enabled for EC2 instances." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 680 }, "name": "EC2_INSTANCE_DETAILED_MONITORING_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-managed-by-systems-manager.html", "stability": "stable", "summary": "Checks whether the Amazon EC2 instances in your account are managed by AWS Systems Manager." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 685 }, "name": "EC2_INSTANCE_MANAGED_BY_SSM", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-no-public-ip.html", "stability": "stable", "summary": "Checks whether Amazon Elastic Compute Cloud (Amazon EC2) instances have a public IP association." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 697 }, "name": "EC2_INSTANCE_NO_PUBLIC_IP", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "remarks": "This rule is NON_COMPLIANT if no IAM profile is\nattached to the Amazon EC2 instance.", "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-profile-attached.html", "stability": "stable", "summary": "Checks if an Amazon Elastic Compute Cloud (Amazon EC2) instance has an Identity and Access Management (IAM) profile attached to it." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 692 }, "name": "EC2_INSTANCE_PROFILE_ATTACHED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-instances-in-vpc.html", "stability": "stable", "summary": "Checks whether your EC2 instances belong to a virtual private cloud (VPC)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 702 }, "name": "EC2_INSTANCES_IN_VPC", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-applications-blacklisted.html", "stability": "stable", "summary": "Checks that none of the specified applications are installed on the instance." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 707 }, "name": "EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-applications-required.html", "stability": "stable", "summary": "Checks whether all of the specified applications are installed on the instance." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 712 }, "name": "EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-association-compliance-status-check.html", "stability": "stable", "summary": "Checks whether the compliance status of AWS Systems Manager association compliance is COMPLIANT or NON_COMPLIANT after the association execution on the instance." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 718 }, "name": "EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-inventory-blacklisted.html", "stability": "stable", "summary": "Checks whether instances managed by AWS Systems Manager are configured to collect blocked inventory types." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 723 }, "name": "EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-patch-compliance-status-check.html", "stability": "stable", "summary": "Checks whether the compliance status of the Amazon EC2 Systems Manager patch compliance is COMPLIANT or NON_COMPLIANT after the patch installation on the instance." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 729 }, "name": "EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-platform-check.html", "stability": "stable", "summary": "Checks whether EC2 managed instances have the desired configurations." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 734 }, "name": "EC2_MANAGED_INSTANCE_PLATFORM_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-security-group-attached-to-eni.html", "stability": "stable", "summary": "Checks that security groups are attached to Amazon Elastic Compute Cloud (Amazon EC2) instances or to an elastic network interface." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 740 }, "name": "EC2_SECURITY_GROUP_ATTACHED_TO_ENI", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/restricted-ssh.html", "stability": "stable", "summary": "Checks whether the incoming SSH traffic for the security groups is accessible." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1100 }, "name": "EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/restricted-common-ports.html", "stability": "stable", "summary": "Checks whether the security groups in use do not allow unrestricted incoming TCP traffic to the specified ports." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1095 }, "name": "EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-stopped-instance.html", "stability": "stable", "summary": "Checks whether there are instances stopped for more than the allowed number of days." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 745 }, "name": "EC2_STOPPED_INSTANCE", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/ec2-volume-inuse-check.html", "stability": "stable", "summary": "Checks whether EBS volumes are attached to EC2 instances." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 750 }, "name": "EC2_VOLUME_INUSE_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/efs-encrypted-check.html", "stability": "stable", "summary": "hecks whether Amazon Elastic File System (Amazon EFS) is configured to encrypt the file data using AWS Key Management Service (AWS KMS)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 756 }, "name": "EFS_ENCRYPTED_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/efs-in-backup-plan.html", "stability": "stable", "summary": "Checks whether Amazon Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 660 }, "name": "EFS_IN_BACKUP_PLAN", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/eip-attached.html", "stability": "stable", "summary": "Checks whether all Elastic IP addresses that are allocated to a VPC are attached to EC2 instances or in-use elastic network interfaces (ENIs)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 762 }, "name": "EIP_ATTACHED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/eks-endpoint-no-public-access.html", "stability": "stable", "summary": "Checks whether Amazon Elastic Kubernetes Service (Amazon EKS) endpoint is not publicly accessible." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 790 }, "name": "EKS_ENDPOINT_NO_PUBLIC_ACCESS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/eks-secrets-encrypted.html", "stability": "stable", "summary": "Checks whether Amazon Elastic Kubernetes Service clusters are configured to have Kubernetes secrets encrypted using AWS Key Management Service (KMS) keys." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 796 }, "name": "EKS_SECRETS_ENCRYPTED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/elasticache-redis-cluster-automatic-backup-check.html", "stability": "stable", "summary": "Check if the Amazon ElastiCache Redis clusters have automatic backup turned on." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 779 }, "name": "ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/elasticsearch-encrypted-at-rest.html", "stability": "stable", "summary": "Checks whether Amazon Elasticsearch Service (Amazon ES) domains have encryption at rest configuration enabled." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 768 }, "name": "ELASTICSEARCH_ENCRYPTED_AT_REST", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/elasticsearch-in-vpc-only.html", "stability": "stable", "summary": "Checks whether Amazon Elasticsearch Service (Amazon ES) domains are in Amazon Virtual Private Cloud (Amazon VPC)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 774 }, "name": "ELASTICSEARCH_IN_VPC_ONLY", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/elasticsearch-node-to-node-encryption-check.html", "stability": "stable", "summary": "Check that Amazon ElasticSearch Service nodes are encrypted end to end." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 801 }, "name": "ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/elb-acm-certificate-required.html", "stability": "stable", "summary": "Checks whether the Classic Load Balancers use SSL certificates provided by AWS Certificate Manager." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 816 }, "name": "ELB_ACM_CERTIFICATE_REQUIRED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/elb-cross-zone-load-balancing-enabled.html", "stability": "stable", "summary": "Checks if cross-zone load balancing is enabled for the Classic Load Balancers (CLBs)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 806 }, "name": "ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/elb-custom-security-policy-ssl-check.html", "stability": "stable", "summary": "Checks whether your Classic Load Balancer SSL listeners are using a custom policy." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 821 }, "name": "ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/elb-deletion-protection-enabled.html", "stability": "stable", "summary": "Checks whether Elastic Load Balancing has deletion protection enabled." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 826 }, "name": "ELB_DELETION_PROTECTION_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/elb-logging-enabled.html", "stability": "stable", "summary": "Checks whether the Application Load Balancer and the Classic Load Balancer have logging enabled." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 831 }, "name": "ELB_LOGGING_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/elb-predefined-security-policy-ssl-check.html", "stability": "stable", "summary": "Checks whether your Classic Load Balancer SSL listeners are using a predefined policy." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 836 }, "name": "ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/elb-tls-https-listeners-only.html", "stability": "stable", "summary": "Checks whether your Classic Load Balancer is configured with SSL or HTTPS listeners." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 811 }, "name": "ELB_TLS_HTTPS_LISTENERS_ONLY", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/emr-kerberos-enabled.html", "stability": "stable", "summary": "Checks that Amazon EMR clusters have Kerberos enabled." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 841 }, "name": "EMR_KERBEROS_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/emr-master-no-public-ip.html", "stability": "stable", "summary": "Checks whether Amazon Elastic MapReduce (EMR) clusters' master nodes have public IPs." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 846 }, "name": "EMR_MASTER_NO_PUBLIC_IP", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/fms-security-group-audit-policy-check.html", "stability": "stable", "summary": "Checks whether the security groups associated inScope resources are compliant with the master security groups at each rule level based on allowSecurityGroup and denySecurityGroup flag." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 857 }, "name": "FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/fms-security-group-content-check.html", "stability": "stable", "summary": "Checks whether AWS Firewall Manager created security groups content is the same as the master security groups." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 862 }, "name": "FMS_SECURITY_GROUP_CONTENT_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/fms-security-group-resource-association-check.html", "stability": "stable", "summary": "Checks whether Amazon EC2 or an elastic network interface is associated with AWS Firewall Manager security groups." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 867 }, "name": "FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/fms-shield-resource-policy-check.html", "stability": "stable", "summary": "Checks whether an Application Load Balancer, Amazon CloudFront distributions, Elastic Load Balancer or Elastic IP has AWS Shield protection." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 873 }, "name": "FMS_SHIELD_RESOURCE_POLICY_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/fms-webacl-resource-policy-check.html", "stability": "stable", "summary": "Checks whether the web ACL is associated with an Application Load Balancer, API Gateway stage, or Amazon CloudFront distributions." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 879 }, "name": "FMS_WEBACL_RESOURCE_POLICY_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "remarks": "The correct priority is decided by the rank of the rule groups in the ruleGroups parameter.", "see": "https://docs.aws.amazon.com/config/latest/developerguide/fms-webacl-rulegroup-association-check.html", "stability": "stable", "summary": "Checks that the rule groups associate with the web ACL at the correct priority." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 885 }, "name": "FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "remarks": "If you provide an AWS account for centralization,\nthe rule evaluates the Amazon GuardDuty results in the centralized account.", "see": "https://docs.aws.amazon.com/config/latest/developerguide/guardduty-enabled-centralized.html", "stability": "stable", "summary": "Checks whether Amazon GuardDuty is enabled in your AWS account and region." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 891 }, "name": "GUARDDUTY_ENABLED_CENTRALIZED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/guardduty-non-archived-findings.html", "stability": "stable", "summary": "Checks whether the Amazon GuardDuty has findings that are non archived." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 896 }, "name": "GUARDDUTY_NON_ARCHIVED_FINDINGS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/iam-customer-policy-blocked-kms-actions.html", "stability": "stable", "summary": "Checks that the managed AWS Identity and Access Management policies that you create do not allow blocked actions on all AWS AWS KMS keys." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 410 }, "name": "IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/iam-group-has-users-check.html", "stability": "stable", "summary": "Checks whether IAM groups have at least one IAM user." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 906 }, "name": "IAM_GROUP_HAS_USERS_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/iam-inline-policy-blocked-kms-actions.html", "stability": "stable", "summary": "Checks that the inline policies attached to your AWS Identity and Access Management users, roles, and groups do not allow blocked actions on all AWS Key Management Service keys." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 404 }, "name": "IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/iam-no-inline-policy-check.html", "stability": "stable", "summary": "Checks that inline policy feature is not in use." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 901 }, "name": "IAM_NO_INLINE_POLICY_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/iam-password-policy.html", "stability": "stable", "summary": "Checks whether the account password policy for IAM users meets the specified requirements indicated in the parameters." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 912 }, "name": "IAM_PASSWORD_POLICY", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-blacklisted-check.html", "stability": "stable", "summary": "Checks whether for each IAM resource, a policy ARN in the input parameter is attached to the IAM resource." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 917 }, "name": "IAM_POLICY_BLOCKED_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-in-use.html", "stability": "stable", "summary": "Checks whether the IAM policy ARN is attached to an IAM user, or an IAM group with one or more IAM users, or an IAM role with one or more trusted entity." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 923 }, "name": "IAM_POLICY_IN_USE", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-no-statements-with-admin-access.html", "stability": "stable", "summary": "Checks the IAM policies that you create for Allow statements that grant permissions to all actions on all resources." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 928 }, "name": "IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/iam-role-managed-policy-check.html", "stability": "stable", "summary": "Checks that AWS Identity and Access Management (IAM) policies in a list of policies are attached to all AWS roles." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 933 }, "name": "IAM_ROLE_MANAGED_POLICY_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/iam-root-access-key-check.html", "stability": "stable", "summary": "Checks whether the root user access key is available." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 938 }, "name": "IAM_ROOT_ACCESS_KEY_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/iam-user-group-membership-check.html", "stability": "stable", "summary": "Checks whether IAM users are members of at least one IAM group." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 943 }, "name": "IAM_USER_GROUP_MEMBERSHIP_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/iam-user-mfa-enabled.html", "stability": "stable", "summary": "Checks whether the AWS Identity and Access Management users have multi-factor authentication (MFA) enabled." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 948 }, "name": "IAM_USER_MFA_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "remarks": "IAM users must inherit permissions from IAM groups or roles.", "see": "https://docs.aws.amazon.com/config/latest/developerguide/iam-user-no-policies-check.html", "stability": "stable", "summary": "Checks that none of your IAM users have policies attached." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 953 }, "name": "IAM_USER_NO_POLICIES_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/iam-user-unused-credentials-check.html", "stability": "stable", "summary": "Checks whether your AWS Identity and Access Management (IAM) users have passwords or active access keys that have not been used within the specified number of days you provided." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 959 }, "name": "IAM_USER_UNUSED_CREDENTIALS_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/internet-gateway-authorized-vpc-only.html", "stability": "stable", "summary": "Checks that Internet gateways (IGWs) are only attached to an authorized Amazon Virtual Private Cloud (VPCs)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 964 }, "name": "INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/kms-cmk-not-scheduled-for-deletion.html", "stability": "stable", "summary": "Checks whether customer master keys (CMKs) are not scheduled for deletion in AWS Key Management Service (KMS)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 969 }, "name": "KMS_CMK_NOT_SCHEDULED_FOR_DELETION", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/lambda-concurrency-check.html", "stability": "stable", "summary": "Checks whether the AWS Lambda function is configured with function-level concurrent execution limit." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 974 }, "name": "LAMBDA_CONCURRENCY_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/lambda-dlq-check.html", "stability": "stable", "summary": "Checks whether an AWS Lambda function is configured with a dead-letter queue." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 979 }, "name": "LAMBDA_DLQ_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/lambda-function-public-access-prohibited.html", "stability": "stable", "summary": "Checks whether the AWS Lambda function policy attached to the Lambda resource prohibits public access." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 984 }, "name": "LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/lambda-function-settings-check.html", "stability": "stable", "summary": "Checks that the lambda function settings for runtime, role, timeout, and memory size match the expected values." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 989 }, "name": "LAMBDA_FUNCTION_SETTINGS_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/lambda-inside-vpc.html", "stability": "stable", "summary": "Checks whether an AWS Lambda function is in an Amazon Virtual Private Cloud." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 994 }, "name": "LAMBDA_INSIDE_VPC", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/mfa-enabled-for-iam-console-access.html", "stability": "stable", "summary": "Checks whether AWS Multi-Factor Authentication (MFA) is enabled for all IAM users that use a console password." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 999 }, "name": "MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-deletion-protection-enabled.html", "stability": "stable", "summary": "Checks if an Amazon Relational Database Service (Amazon RDS) cluster has deletion protection enabled." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1009 }, "name": "RDS_CLUSTER_DELETION_PROTECTION_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/db-instance-backup-enabled.html", "stability": "stable", "summary": "Checks whether RDS DB instances have backups enabled." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 604 }, "name": "RDS_DB_INSTANCE_BACKUP_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/rds-enhanced-monitoring-enabled.html", "stability": "stable", "summary": "Checks whether enhanced monitoring is enabled for Amazon Relational Database Service (Amazon RDS) instances." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1034 }, "name": "RDS_ENHANCED_MONITORING_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/rds-in-backup-plan.html", "stability": "stable", "summary": "Checks whether Amazon RDS database is present in back plans of AWS Backup." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1049 }, "name": "RDS_IN_BACKUP_PLAN", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-deletion-protection-enabled.html", "stability": "stable", "summary": "Checks if an Amazon Relational Database Service (Amazon RDS) instance has deletion protection enabled." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1014 }, "name": "RDS_INSTANCE_DELETION_PROTECTION_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-iam-authentication-enabled.html", "stability": "stable", "summary": "Checks if an Amazon RDS instance has AWS Identity and Access Management (IAM) authentication enabled." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1019 }, "name": "RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-public-access-check.html", "stability": "stable", "summary": "Check whether the Amazon Relational Database Service instances are not publicly accessible." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1054 }, "name": "RDS_INSTANCE_PUBLIC_ACCESS_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/rds-logging-enabled.html", "stability": "stable", "summary": "Checks that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1024 }, "name": "RDS_LOGGING_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/rds-multi-az-support.html", "stability": "stable", "summary": "Checks whether high availability is enabled for your RDS DB instances." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1059 }, "name": "RDS_MULTI_AZ_SUPPORT", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/rds-snapshot-encrypted.html", "stability": "stable", "summary": "Checks whether Amazon Relational Database Service (Amazon RDS) DB snapshots are encrypted." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1039 }, "name": "RDS_SNAPSHOT_ENCRYPTED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/rds-snapshots-public-prohibited.html", "stability": "stable", "summary": "Checks if Amazon Relational Database Service (Amazon RDS) snapshots are public." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1064 }, "name": "RDS_SNAPSHOTS_PUBLIC_PROHIBITED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/rds-storage-encrypted.html", "stability": "stable", "summary": "Checks whether storage encryption is enabled for your RDS DB instances." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1069 }, "name": "RDS_STORAGE_ENCRYPTED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/redshift-backup-enabled.html", "stability": "stable", "summary": "Checks that Amazon Redshift automated snapshots are enabled for clusters." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1029 }, "name": "REDSHIFT_BACKUP_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-configuration-check.html", "stability": "stable", "summary": "Checks whether Amazon Redshift clusters have the specified settings." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1074 }, "name": "REDSHIFT_CLUSTER_CONFIGURATION_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-maintenancesettings-check.html", "stability": "stable", "summary": "Checks whether Amazon Redshift clusters have the specified maintenance settings." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1079 }, "name": "REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-public-access-check.html", "stability": "stable", "summary": "Checks whether Amazon Redshift clusters are not publicly accessible." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1084 }, "name": "REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/redshift-require-tls-ssl.html", "stability": "stable", "summary": "Checks whether Amazon Redshift clusters require TLS/SSL encryption to connect to SQL clients." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1044 }, "name": "REDSHIFT_REQUIRE_TLS_SSL", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "remarks": "For example, you can check whether your Amazon EC2 instances have the CostCenter tag.", "see": "https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html", "stability": "stable", "summary": "Checks whether your resources have the tags that you specify." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1090 }, "name": "REQUIRED_TAGS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/root-account-hardware-mfa-enabled.html", "stability": "stable", "summary": "Checks whether your AWS account is enabled to use multi-factor authentication (MFA) hardware device to sign in with root credentials." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1106 }, "name": "ROOT_ACCOUNT_HARDWARE_MFA_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/root-account-mfa-enabled.html", "stability": "stable", "summary": "Checks whether users of your AWS account require a multi-factor authentication (MFA) device to sign in with root credentials." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1112 }, "name": "ROOT_ACCOUNT_MFA_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/s3-account-level-public-access-blocks.html", "stability": "stable", "summary": "Checks whether the required public access block settings are configured from account level." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1138 }, "name": "S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-blacklisted-actions-prohibited.html", "stability": "stable", "summary": "Checks that the Amazon Simple Storage Service bucket policy does not allow blocked bucket-level and object-level actions on resources in the bucket for principals from other AWS accounts." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1152 }, "name": "S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-default-lock-enabled.html", "stability": "stable", "summary": "Checks whether Amazon Simple Storage Service (Amazon S3) bucket has lock enabled, by default." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1117 }, "name": "S3_BUCKET_DEFAULT_LOCK_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "remarks": "This rule is\nNON_COMPLIANT if an Amazon S3 bucket is not listed in the excludedPublicBuckets parameter and bucket level\nsettings are public.", "see": "https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-level-public-access-prohibited.html", "stability": "stable", "summary": "Checks if Amazon Simple Storage Service (Amazon S3) buckets are publicly accessible." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1145 }, "name": "S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-logging-enabled.html", "stability": "stable", "summary": "Checks whether logging is enabled for your S3 buckets." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1163 }, "name": "S3_BUCKET_LOGGING_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy-grantee-check.html", "stability": "stable", "summary": "Checks that the access granted by the Amazon S3 bucket is restricted by any of the AWS principals, federated users, service principals, IP addresses, or VPCs that you provide." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1169 }, "name": "S3_BUCKET_POLICY_GRANTEE_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy-not-more-permissive.html", "stability": "stable", "summary": "Verifies that your Amazon Simple Storage Service bucket policies do not allow other inter-account permissions than the control Amazon S3 bucket policy provided." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1158 }, "name": "S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-read-prohibited.html", "stability": "stable", "summary": "Checks that your Amazon S3 buckets do not allow public read access." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1174 }, "name": "S3_BUCKET_PUBLIC_READ_PROHIBITED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-write-prohibited.html", "stability": "stable", "summary": "Checks that your Amazon S3 buckets do not allow public write access." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1179 }, "name": "S3_BUCKET_PUBLIC_WRITE_PROHIBITED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-replication-enabled.html", "stability": "stable", "summary": "Checks whether S3 buckets have cross-region replication enabled." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1184 }, "name": "S3_BUCKET_REPLICATION_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-server-side-encryption-enabled.html", "stability": "stable", "summary": "Checks that your Amazon S3 bucket either has Amazon S3 default encryption enabled or that the S3 bucket policy explicitly denies put-object requests without server side encryption that uses AES-256 or AWS Key Management Service." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1191 }, "name": "S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-ssl-requests-only.html", "stability": "stable", "summary": "Checks whether S3 buckets have policies that require requests to use Secure Socket Layer (SSL)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1196 }, "name": "S3_BUCKET_SSL_REQUESTS_ONLY", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-versioning-enabled.html", "stability": "stable", "summary": "Checks whether versioning is enabled for your S3 buckets." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1201 }, "name": "S3_BUCKET_VERSIONING_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/s3-default-encryption-kms.html", "stability": "stable", "summary": "Checks whether the Amazon Simple Storage Service (Amazon S3) buckets are encrypted with AWS Key Management Service (AWS KMS)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1123 }, "name": "S3_DEFAULT_ENCRYPTION_KMS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-endpoint-configuration-kms-key-configured.html", "stability": "stable", "summary": "Checks whether AWS Key Management Service (KMS) key is configured for an Amazon SageMaker endpoint configuration." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1206 }, "name": "SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-notebook-instance-kms-key-configured.html", "stability": "stable", "summary": "Check whether an AWS Key Management Service (KMS) key is configured for SageMaker notebook instance." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1211 }, "name": "SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-notebook-no-direct-internet-access.html", "stability": "stable", "summary": "Checks whether direct internet access is disabled for an Amazon SageMaker notebook instance." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1216 }, "name": "SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-rotation-enabled-check.html", "stability": "stable", "summary": "Checks whether AWS Secrets Manager secret has rotation enabled." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1221 }, "name": "SECRETSMANAGER_ROTATION_ENABLED_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-scheduled-rotation-success-check.html", "stability": "stable", "summary": "Checks whether AWS Secrets Manager secret rotation has rotated successfully as per the rotation schedule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1226 }, "name": "SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/securityhub-enabled.html", "stability": "stable", "summary": "Checks that AWS Security Hub is enabled for an AWS account." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1128 }, "name": "SECURITYHUB_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/service-vpc-endpoint-enabled.html", "stability": "stable", "summary": "Checks whether Service Endpoint for the service provided in rule parameter is created for each Amazon VPC." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1231 }, "name": "SERVICE_VPC_ENDPOINT_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/shield-advanced-enabled-autorenew.html", "stability": "stable", "summary": "Checks whether EBS volumes are attached to EC2 instances." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1236 }, "name": "SHIELD_ADVANCED_ENABLED_AUTO_RENEW", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/shield-drt-access.html", "stability": "stable", "summary": "Verify that DDoS response team (DRT) can access AWS account." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1241 }, "name": "SHIELD_DRT_ACCESS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/sns-encrypted-kms.html", "stability": "stable", "summary": "Checks whether Amazon SNS topic is encrypted with AWS Key Management Service (AWS KMS)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1133 }, "name": "SNS_ENCRYPTED_KMS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "remarks": "The rule returns NOT_APPLICABLE if the security group\nis not default.", "see": "https://docs.aws.amazon.com/config/latest/developerguide/vpc-default-security-group-closed.html", "stability": "stable", "summary": "Checks that the default security group of any Amazon Virtual Private Cloud (VPC) does not allow inbound or outbound traffic." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1248 }, "name": "VPC_DEFAULT_SECURITY_GROUP_CLOSED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/vpc-flow-logs-enabled.html", "stability": "stable", "summary": "Checks whether Amazon Virtual Private Cloud flow logs are found and enabled for Amazon VPC." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1253 }, "name": "VPC_FLOW_LOGS_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/vpc-sg-open-only-to-authorized-ports.html", "stability": "stable", "summary": "Checks whether the security group with 0.0.0.0/0 of any Amazon Virtual Private Cloud (Amazon VPC) allows only specific inbound TCP or UDP traffic." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1259 }, "name": "VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/vpc-vpn-2-tunnels-up.html", "stability": "stable", "summary": "Checks that both AWS Virtual Private Network tunnels provided by AWS Site-to-Site VPN are in UP status." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1265 }, "name": "VPC_VPN_2_TUNNELS_UP", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/waf-classic-logging-enabled.html", "stability": "stable", "summary": "Checks if logging is enabled on AWS Web Application Firewall (WAF) classic global web ACLs." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1270 }, "name": "WAF_CLASSIC_LOGGING_ENABLED", "static": true, "type": { "primitive": "string" } }, { "const": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/wafv2-logging-enabled.html", "stability": "stable", "summary": "Checks whether logging is enabled on AWS Web Application Firewall (WAFV2) regional and global web access control list (ACLs)." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1276 }, "name": "WAFV2_LOGGING_ENABLED", "static": true, "type": { "primitive": "string" } } ], "symbolId": "lib/rule:ManagedRuleIdentifiers" }, "@aws-cdk/aws-config.ManagedRuleProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "stability": "stable", "summary": "Construction properties for a ManagedRule.", "example": "// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html\nnew config.ManagedRule(this, 'AccessKeysRotated', {\n identifier: config.ManagedRuleIdentifiers.ACCESS_KEYS_ROTATED,\n inputParameters: {\n maxAccessKeyAge: 60, // default is 90 days\n },\n\n // default is 24 hours\n maximumExecutionFrequency: config.MaximumExecutionFrequency.TWELVE_HOURS,\n});", "custom": { "exampleMetadata": "infused" } }, "fqn": "@aws-cdk/aws-config.ManagedRuleProps", "interfaces": [ "@aws-cdk/aws-config.RuleProps" ], "kind": "interface", "locationInModule": { "filename": "lib/rule.ts", "line": 229 }, "name": "ManagedRuleProps", "properties": [ { "abstract": true, "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html", "stability": "stable", "summary": "The identifier of the AWS managed rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 235 }, "name": "identifier", "type": { "primitive": "string" } } ], "symbolId": "lib/rule:ManagedRuleProps" }, "@aws-cdk/aws-config.MaximumExecutionFrequency": { "assembly": "@aws-cdk/aws-config", "docs": { "stability": "stable", "summary": "The maximum frequency at which the AWS Config rule runs evaluations.", "example": "// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html\nnew config.ManagedRule(this, 'AccessKeysRotated', {\n identifier: config.ManagedRuleIdentifiers.ACCESS_KEYS_ROTATED,\n inputParameters: {\n maxAccessKeyAge: 60, // default is 90 days\n },\n\n // default is 24 hours\n maximumExecutionFrequency: config.MaximumExecutionFrequency.TWELVE_HOURS,\n});", "custom": { "exampleMetadata": "infused" } }, "fqn": "@aws-cdk/aws-config.MaximumExecutionFrequency", "kind": "enum", "locationInModule": { "filename": "lib/rule.ts", "line": 158 }, "members": [ { "docs": { "stability": "stable", "summary": "1 hour." }, "name": "ONE_HOUR" }, { "docs": { "stability": "stable", "summary": "3 hours." }, "name": "THREE_HOURS" }, { "docs": { "stability": "stable", "summary": "6 hours." }, "name": "SIX_HOURS" }, { "docs": { "stability": "stable", "summary": "12 hours." }, "name": "TWELVE_HOURS" }, { "docs": { "stability": "stable", "summary": "24 hours." }, "name": "TWENTY_FOUR_HOURS" } ], "name": "MaximumExecutionFrequency", "symbolId": "lib/rule:MaximumExecutionFrequency" }, "@aws-cdk/aws-config.ResourceType": { "assembly": "@aws-cdk/aws-config", "docs": { "see": "https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html", "stability": "stable", "summary": "Resources types that are supported by AWS Config.", "example": "const sshRule = new config.ManagedRule(this, 'SSH', {\n identifier: config.ManagedRuleIdentifiers.EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED,\n ruleScope: config.RuleScope.fromResource(config.ResourceType.EC2_SECURITY_GROUP, 'sg-1234567890abcdefgh'), // restrict to specific security group\n});\n\ndeclare const evalComplianceFn: lambda.Function;\nconst customRule = new config.CustomRule(this, 'Lambda', {\n lambdaFunction: evalComplianceFn,\n configurationChanges: true,\n ruleScope: config.RuleScope.fromResources([config.ResourceType.CLOUDFORMATION_STACK, config.ResourceType.S3_BUCKET]), // restrict to all CloudFormation stacks and S3 buckets\n});\n\nconst tagRule = new config.CustomRule(this, 'CostCenterTagRule', {\n lambdaFunction: evalComplianceFn,\n configurationChanges: true,\n ruleScope: config.RuleScope.fromTag('Cost Center', 'MyApp'), // restrict to a specific tag\n});", "custom": { "exampleMetadata": "infused" } }, "fqn": "@aws-cdk/aws-config.ResourceType", "kind": "class", "locationInModule": { "filename": "lib/rule.ts", "line": 1286 }, "methods": [ { "docs": { "stability": "stable", "summary": "A custom resource type to support future cases." }, "locationInModule": { "filename": "lib/rule.ts", "line": 1466 }, "name": "of", "parameters": [ { "name": "type", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, "static": true } ], "name": "ResourceType", "properties": [ { "const": true, "docs": { "stability": "stable", "summary": "AWS Certificate manager certificate." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1388 }, "name": "ACM_CERTIFICATE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "API Gateway REST API." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1292 }, "name": "APIGATEWAY_REST_API", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "API Gateway Stage." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1288 }, "name": "APIGATEWAY_STAGE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "API Gatewayv2 API." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1294 }, "name": "APIGATEWAYV2_API", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "API Gatewayv2 Stage." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1290 }, "name": "APIGATEWAYV2_STAGE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Auto Scaling group." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1380 }, "name": "AUTO_SCALING_GROUP", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Auto Scaling launch configuration." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1382 }, "name": "AUTO_SCALING_LAUNCH_CONFIGURATION", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Auto Scaling policy." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1384 }, "name": "AUTO_SCALING_POLICY", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Auto Scaling scheduled action." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1386 }, "name": "AUTO_SCALING_SCHEDULED_ACTION", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS CloudFormation stack." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1390 }, "name": "CLOUDFORMATION_STACK", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon CloudFront Distribution." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1296 }, "name": "CLOUDFRONT_DISTRIBUTION", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon CloudFront streaming distribution." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1298 }, "name": "CLOUDFRONT_STREAMING_DISTRIBUTION", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS CloudTrail trail." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1392 }, "name": "CLOUDTRAIL_TRAIL", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon CloudWatch Alarm." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1300 }, "name": "CLOUDWATCH_ALARM", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS CodeBuild project." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1394 }, "name": "CODEBUILD_PROJECT", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS CodePipeline pipeline." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1396 }, "name": "CODEPIPELINE_PIPELINE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon DynamoDB Table." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1302 }, "name": "DYNAMODB_TABLE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Elastic Block Store (EBS) volume." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1304 }, "name": "EBS_VOLUME", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon EC2 customer gateway." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1364 }, "name": "EC2_CUSTOMER_GATEWAY", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "EC2 Egress only internet gateway." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1316 }, "name": "EC2_EGRESS_ONLY_INTERNET_GATEWAY", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "EC2 Elastic IP." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1308 }, "name": "EC2_EIP", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "EC2 flow log." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1318 }, "name": "EC2_FLOW_LOG", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "EC2 host." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1306 }, "name": "EC2_HOST", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "EC2 instance." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1310 }, "name": "EC2_INSTANCE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon EC2 internet gateway." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1366 }, "name": "EC2_INTERNET_GATEWAY", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "EC2 NAT gateway." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1314 }, "name": "EC2_NAT_GATEWAY", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon EC2 network ACL." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1368 }, "name": "EC2_NETWORK_ACL", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon EC2 route table." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1370 }, "name": "EC2_ROUTE_TABLE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "EC2 security group." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1312 }, "name": "EC2_SECURITY_GROUP", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon EC2 subnet table." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1372 }, "name": "EC2_SUBNET", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon EC2 VPC." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1374 }, "name": "EC2_VPC", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "EC2 VPC endpoint." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1320 }, "name": "EC2_VPC_ENDPOINT", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "EC2 VPC endpoint service." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1322 }, "name": "EC2_VPC_ENDPOINT_SERVICE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "EC2 VPC peering connection." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1324 }, "name": "EC2_VPC_PEERING_CONNECTION", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon EC2 VPN connection." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1376 }, "name": "EC2_VPN_CONNECTION", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon EC2 VPN gateway." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1378 }, "name": "EC2_VPN_GATEWAY", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Elastic Beanstalk (EB) application." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1398 }, "name": "ELASTIC_BEANSTALK_APPLICATION", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Elastic Beanstalk (EB) application version." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1400 }, "name": "ELASTIC_BEANSTALK_APPLICATION_VERSION", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Elastic Beanstalk (EB) environment." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1402 }, "name": "ELASTIC_BEANSTALK_ENVIRONMENT", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon ElasticSearch domain." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1326 }, "name": "ELASTICSEARCH_DOMAIN", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS ELB classic load balancer." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1461 }, "name": "ELB_LOAD_BALANCER", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS ELBv2 network load balancer or AWS ELBv2 application load balancer." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1463 }, "name": "ELBV2_LOAD_BALANCER", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS IAM group." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1406 }, "name": "IAM_GROUP", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS IAM policy." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1410 }, "name": "IAM_POLICY", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS IAM role." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1408 }, "name": "IAM_ROLE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS IAM user." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1404 }, "name": "IAM_USER", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS KMS Key." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1412 }, "name": "KMS_KEY", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Lambda function." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1414 }, "name": "LAMBDA_FUNCTION", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon QLDB ledger." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1328 }, "name": "QLDB_LEDGER", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon RDS database cluster." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1352 }, "name": "RDS_DB_CLUSTER", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon RDS database cluster snapshot." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1354 }, "name": "RDS_DB_CLUSTER_SNAPSHOT", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon RDS database instance." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1342 }, "name": "RDS_DB_INSTANCE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon RDS database security group." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1344 }, "name": "RDS_DB_SECURITY_GROUP", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon RDS database snapshot." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1346 }, "name": "RDS_DB_SNAPSHOT", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon RDS database subnet group." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1348 }, "name": "RDS_DB_SUBNET_GROUP", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon RDS event subscription." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1350 }, "name": "RDS_EVENT_SUBSCRIPTION", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon Redshift cluster." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1330 }, "name": "REDSHIFT_CLUSTER", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon Redshift cluster parameter group." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1332 }, "name": "REDSHIFT_CLUSTER_PARAMETER_GROUP", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon Redshift cluster security group." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1334 }, "name": "REDSHIFT_CLUSTER_SECURITY_GROUP", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon Redshift cluster snapshot." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1336 }, "name": "REDSHIFT_CLUSTER_SNAPSHOT", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon Redshift cluster subnet group." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1338 }, "name": "REDSHIFT_CLUSTER_SUBNET_GROUP", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon Redshift event subscription." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1340 }, "name": "REDSHIFT_EVENT_SUBSCRIPTION", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon S3 account public access block." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1362 }, "name": "S3_ACCOUNT_PUBLIC_ACCESS_BLOCK", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon S3 bucket." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1360 }, "name": "S3_BUCKET", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Secrets Manager secret." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1416 }, "name": "SECRETS_MANAGER_SECRET", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Service Catalog CloudFormation product." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1418 }, "name": "SERVICE_CATALOG_CLOUDFORMATION_PRODUCT", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Service Catalog CloudFormation provisioned product." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1420 }, "name": "SERVICE_CATALOG_CLOUDFORMATION_PROVISIONED_PRODUCT", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Service Catalog portfolio." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1423 }, "name": "SERVICE_CATALOG_PORTFOLIO", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Shield protection." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1425 }, "name": "SHIELD_PROTECTION", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Shield regional protection." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1427 }, "name": "SHIELD_REGIONAL_PROTECTION", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon SNS topic." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1358 }, "name": "SNS_TOPIC", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "Amazon SQS queue." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1356 }, "name": "SQS_QUEUE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Systems Manager association compliance." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1433 }, "name": "SYSTEMS_MANAGER_ASSOCIATION_COMPLIANCE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Systems Manager file data." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1435 }, "name": "SYSTEMS_MANAGER_FILE_DATA", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Systems Manager managed instance inventory." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1429 }, "name": "SYSTEMS_MANAGER_MANAGED_INSTANCE_INVENTORY", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS Systems Manager patch compliance." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1431 }, "name": "SYSTEMS_MANAGER_PATCH_COMPLIANCE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS WAF rate based rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1437 }, "name": "WAF_RATE_BASED_RULE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS WAF regional rate based rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1445 }, "name": "WAF_REGIONAL_RATE_BASED_RULE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS WAF regional rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1447 }, "name": "WAF_REGIONAL_RULE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS WAF regional rule group." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1451 }, "name": "WAF_REGIONAL_RULE_GROUP", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS WAF web ACL." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1449 }, "name": "WAF_REGIONAL_WEB_ACL", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS WAF rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1439 }, "name": "WAF_RULE", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS WAF rule group." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1443 }, "name": "WAF_RULE_GROUP", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS WAF web ACL." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1441 }, "name": "WAF_WEB_ACL", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS WAFv2 managed rule set." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1457 }, "name": "WAFV2_MANAGED_RULE_SET", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS WAFv2 rule group." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1455 }, "name": "WAFV2_RULE_GROUP", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS WAFv2 web ACL." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1453 }, "name": "WAFV2_WEB_ACL", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "const": true, "docs": { "stability": "stable", "summary": "AWS X-Ray encryption configuration." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1459 }, "name": "XRAY_ENCRYPTION_CONFIGURATION", "static": true, "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "docs": { "stability": "stable", "summary": "Valid value of resource type." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 1473 }, "name": "complianceResourceType", "type": { "primitive": "string" } } ], "symbolId": "lib/rule:ResourceType" }, "@aws-cdk/aws-config.RuleProps": { "assembly": "@aws-cdk/aws-config", "datatype": true, "docs": { "stability": "stable", "summary": "Construction properties for a new rule.", "example": "// The code below shows an example of how to instantiate this type.\n// The values are placeholders you should change.\nimport * as config from '@aws-cdk/aws-config';\n\ndeclare const inputParameters: any;\ndeclare const ruleScope: config.RuleScope;\nconst ruleProps: config.RuleProps = {\n configRuleName: 'configRuleName',\n description: 'description',\n inputParameters: {\n inputParametersKey: inputParameters,\n },\n maximumExecutionFrequency: config.MaximumExecutionFrequency.ONE_HOUR,\n ruleScope: ruleScope,\n};", "custom": { "exampleMetadata": "fixture=_generated" } }, "fqn": "@aws-cdk/aws-config.RuleProps", "kind": "interface", "locationInModule": { "filename": "lib/rule.ts", "line": 189 }, "name": "RuleProps", "properties": [ { "abstract": true, "docs": { "default": "- CloudFormation generated name", "stability": "stable", "summary": "A name for the AWS Config rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 195 }, "name": "configRuleName", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "default": "- No description", "stability": "stable", "summary": "A description about this AWS Config rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 202 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "default": "- No input parameters", "stability": "stable", "summary": "Input parameter values that are passed to the AWS Config rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 209 }, "name": "inputParameters", "optional": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "abstract": true, "docs": { "default": "MaximumExecutionFrequency.TWENTY_FOUR_HOURS", "stability": "stable", "summary": "The maximum frequency at which the AWS Config rule runs evaluations." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 216 }, "name": "maximumExecutionFrequency", "optional": true, "type": { "fqn": "@aws-cdk/aws-config.MaximumExecutionFrequency" } }, { "abstract": true, "docs": { "default": "- evaluations for the rule are triggered when any resource in the recording group changes.", "stability": "stable", "summary": "Defines which resources trigger an evaluation for an AWS Config rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 223 }, "name": "ruleScope", "optional": true, "type": { "fqn": "@aws-cdk/aws-config.RuleScope" } } ], "symbolId": "lib/rule:RuleProps" }, "@aws-cdk/aws-config.RuleScope": { "assembly": "@aws-cdk/aws-config", "docs": { "stability": "stable", "summary": "Determines which resources trigger an evaluation of an AWS Config rule.", "example": "const sshRule = new config.ManagedRule(this, 'SSH', {\n identifier: config.ManagedRuleIdentifiers.EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED,\n ruleScope: config.RuleScope.fromResource(config.ResourceType.EC2_SECURITY_GROUP, 'sg-1234567890abcdefgh'), // restrict to specific security group\n});\n\ndeclare const evalComplianceFn: lambda.Function;\nconst customRule = new config.CustomRule(this, 'Lambda', {\n lambdaFunction: evalComplianceFn,\n configurationChanges: true,\n ruleScope: config.RuleScope.fromResources([config.ResourceType.CLOUDFORMATION_STACK, config.ResourceType.S3_BUCKET]), // restrict to all CloudFormation stacks and S3 buckets\n});\n\nconst tagRule = new config.CustomRule(this, 'CostCenterTagRule', {\n lambdaFunction: evalComplianceFn,\n configurationChanges: true,\n ruleScope: config.RuleScope.fromTag('Cost Center', 'MyApp'), // restrict to a specific tag\n});", "custom": { "exampleMetadata": "infused" } }, "fqn": "@aws-cdk/aws-config.RuleScope", "kind": "class", "locationInModule": { "filename": "lib/rule.ts", "line": 121 }, "methods": [ { "docs": { "stability": "stable", "summary": "restricts scope of changes to a specific resource type or resource identifier." }, "locationInModule": { "filename": "lib/rule.ts", "line": 123 }, "name": "fromResource", "parameters": [ { "name": "resourceType", "type": { "fqn": "@aws-cdk/aws-config.ResourceType" } }, { "name": "resourceId", "optional": true, "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-config.RuleScope" } }, "static": true }, { "docs": { "stability": "stable", "summary": "restricts scope of changes to specific resource types." }, "locationInModule": { "filename": "lib/rule.ts", "line": 127 }, "name": "fromResources", "parameters": [ { "name": "resourceTypes", "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-config.ResourceType" }, "kind": "array" } } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-config.RuleScope" } }, "static": true }, { "docs": { "stability": "stable", "summary": "restricts scope of changes to a specific tag." }, "locationInModule": { "filename": "lib/rule.ts", "line": 131 }, "name": "fromTag", "parameters": [ { "name": "key", "type": { "primitive": "string" } }, { "name": "value", "optional": true, "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-config.RuleScope" } }, "static": true } ], "name": "RuleScope", "properties": [ { "docs": { "stability": "stable", "summary": "tag key applied to resources that will trigger evaluation of a rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 142 }, "name": "key", "optional": true, "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "ID of the only AWS resource that will trigger evaluation of a rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 139 }, "name": "resourceId", "optional": true, "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "Resource types that will trigger evaluation of a rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 136 }, "name": "resourceTypes", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/aws-config.ResourceType" }, "kind": "array" } } }, { "docs": { "stability": "stable", "summary": "tag value applied to resources that will trigger evaluation of a rule." }, "immutable": true, "locationInModule": { "filename": "lib/rule.ts", "line": 145 }, "name": "value", "optional": true, "type": { "primitive": "string" } } ], "symbolId": "lib/rule:RuleScope" } }, "version": "1.204.0", "fingerprint": "**********" }