import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * Provides a Datadog Cloud Configuration Rule resource. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as datadog from "@pulumi/datadog"; * * const myrule = new datadog.CloudConfigurationRule("myrule", { * name: "My cloud configuration rule", * message: "Rule has triggered", * enabled: true, * policy: `package datadog * * import data.datadog.output as dd_output * * import future.keywords.contains * import future.keywords.if * import future.keywords.in * * eval(resource) = "skip" if { * # Logic that evaluates to true if the resource should be skipped * true * } else = "pass" { * # Logic that evaluates to true if the resource is compliant * true * } else = "fail" { * # Logic that evaluates to true if the resource is not compliant * true * } * * # This part remains unchanged for all rules * results contains result if { * some resource in input.resources[input.main_resource_type] * result := dd_output.format(resource, eval(resource)) * } * `, * resourceType: "aws_s3_bucket", * relatedResourceTypes: [], * severity: "high", * groupBies: ["@resource"], * notifications: ["@channel"], * tags: ["some:tag"], * }); * ``` * * ## Import * * The `pulumi import` command can be used, for example: * * Security monitoring rules can be imported using ID, e.g. * * ```sh * $ pulumi import datadog:index/cloudConfigurationRule:CloudConfigurationRule my_rule m0o-hto-lkb * ``` */ export declare class CloudConfigurationRule extends pulumi.CustomResource { /** * Get an existing CloudConfigurationRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: CloudConfigurationRuleState, opts?: pulumi.CustomResourceOptions): CloudConfigurationRule; /** * Returns true if the given object is an instance of CloudConfigurationRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is CloudConfigurationRule; /** * Whether the cloud configuration rule is enabled. */ readonly enabled: pulumi.Output; /** * Additional queries to filter matched events before they are processed. Defaults to empty list */ readonly filters: pulumi.Output; /** * Defaults to empty list. This function will be deprecated soon. Use the notification rules function instead. Fields to group by when generating signals, e.g. @resource. */ readonly groupBies: pulumi.Output; /** * The message associated to the rule that will be shown in findings and signals. */ readonly message: pulumi.Output; /** * The name of the cloud configuration rule. */ readonly name: pulumi.Output; /** * This function will be deprecated soon. Use the notification rules function instead. Notification targets for signals. Defaults to empty list. */ readonly notifications: pulumi.Output; /** * Policy written in Rego format. */ readonly policy: pulumi.Output; /** * Related resource types to be checked by the rule. Defaults to empty list. */ readonly relatedResourceTypes: pulumi.Output; /** * Main resource type to be checked by the rule. */ readonly resourceType: pulumi.Output; /** * Severity of the rule and associated signals. Valid values are `info`, `low`, `medium`, `high`, `critical`. */ readonly severity: pulumi.Output; /** * Tags of the rule, propagated to findings and signals. Defaults to empty list. */ readonly tags: pulumi.Output; /** * Create a CloudConfigurationRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: CloudConfigurationRuleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering CloudConfigurationRule resources. */ export interface CloudConfigurationRuleState { /** * Whether the cloud configuration rule is enabled. */ enabled?: pulumi.Input; /** * Additional queries to filter matched events before they are processed. Defaults to empty list */ filters?: pulumi.Input[]>; /** * Defaults to empty list. This function will be deprecated soon. Use the notification rules function instead. Fields to group by when generating signals, e.g. @resource. */ groupBies?: pulumi.Input[]>; /** * The message associated to the rule that will be shown in findings and signals. */ message?: pulumi.Input; /** * The name of the cloud configuration rule. */ name?: pulumi.Input; /** * This function will be deprecated soon. Use the notification rules function instead. Notification targets for signals. Defaults to empty list. */ notifications?: pulumi.Input[]>; /** * Policy written in Rego format. */ policy?: pulumi.Input; /** * Related resource types to be checked by the rule. Defaults to empty list. */ relatedResourceTypes?: pulumi.Input[]>; /** * Main resource type to be checked by the rule. */ resourceType?: pulumi.Input; /** * Severity of the rule and associated signals. Valid values are `info`, `low`, `medium`, `high`, `critical`. */ severity?: pulumi.Input; /** * Tags of the rule, propagated to findings and signals. Defaults to empty list. */ tags?: pulumi.Input[]>; } /** * The set of arguments for constructing a CloudConfigurationRule resource. */ export interface CloudConfigurationRuleArgs { /** * Whether the cloud configuration rule is enabled. */ enabled: pulumi.Input; /** * Additional queries to filter matched events before they are processed. Defaults to empty list */ filters?: pulumi.Input[]>; /** * Defaults to empty list. This function will be deprecated soon. Use the notification rules function instead. Fields to group by when generating signals, e.g. @resource. */ groupBies?: pulumi.Input[]>; /** * The message associated to the rule that will be shown in findings and signals. */ message: pulumi.Input; /** * The name of the cloud configuration rule. */ name: pulumi.Input; /** * This function will be deprecated soon. Use the notification rules function instead. Notification targets for signals. Defaults to empty list. */ notifications?: pulumi.Input[]>; /** * Policy written in Rego format. */ policy: pulumi.Input; /** * Related resource types to be checked by the rule. Defaults to empty list. */ relatedResourceTypes?: pulumi.Input[]>; /** * Main resource type to be checked by the rule. */ resourceType: pulumi.Input; /** * Severity of the rule and associated signals. Valid values are `info`, `low`, `medium`, `high`, `critical`. */ severity: pulumi.Input; /** * Tags of the rule, propagated to findings and signals. Defaults to empty list. */ tags?: pulumi.Input[]>; }