Options
All
  • Public
  • Public/Protected
  • All
Menu

AWS Accelerator SecurityConfig Types

Hierarchy

  • SecurityConfigTypes

Index

Constructors

Properties

accessAnalyzerConfig: TypeC<{ enable: BooleanC }> = ...
alarmConfig: TypeC<{ alarmDescription: SizedType<string, Type<string, string, unknown>>; alarmName: SizedType<string, Type<string, string, unknown>>; comparisonOperator: SizedType<string, Type<string, string, unknown>>; evaluationPeriods: NumberC; metricName: SizedType<string, Type<string, string, unknown>>; namespace: SizedType<string, Type<string, string, unknown>>; period: NumberC; snsAlertLevel: SizedType<string, Type<string, string, unknown>>; statistic: SizedType<string, Type<string, string, unknown>>; threshold: NumberC; treatMissingData: SizedType<string, Type<string, string, unknown>> }> = ...
alarmSetConfig: TypeC<{ alarms: ArrayC<TypeC<{ alarmDescription: SizedType<string, Type<string, string, unknown>>; alarmName: SizedType<string, Type<string, string, unknown>>; comparisonOperator: SizedType<string, Type<string, string, unknown>>; evaluationPeriods: NumberC; metricName: SizedType<string, Type<string, string, unknown>>; namespace: SizedType<string, Type<string, string, unknown>>; period: NumberC; snsAlertLevel: SizedType<string, Type<string, string, unknown>>; statistic: SizedType<string, Type<string, string, unknown>>; threshold: NumberC; treatMissingData: SizedType<string, Type<string, string, unknown>> }>>; deploymentTargets: TypeC<{ accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>; regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }> = ...
auditManagerConfig: TypeC<{ defaultReportsConfiguration: TypeC<{ destinationType: EnumType<string>; enable: BooleanC }>; enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; lifecycleRules: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload: OptionalType<NumberC>; enabled: OptionalType<BooleanC>; expiration: OptionalType<NumberC>; expiredObjectDeleteMarker: OptionalType<BooleanC>; id: OptionalType<StringC>; noncurrentVersionExpiration: OptionalType<NumberC>; noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>>; transitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>> }>>> }> = ...

AWS Audit Manager configuration

auditManagerDefaultReportsDestinationConfig: TypeC<{ destinationType: EnumType<string>; enable: BooleanC }> = ...

AWS Audit Manager Default Report configuration.

awsConfig: TypeC<{ enableConfigurationRecorder: BooleanC; enableDeliveryChannel: BooleanC; ruleSets: ArrayC<TypeC<{ deploymentTargets: TypeC<{ accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>; rules: ArrayC<TypeC<{ complianceResourceTypes: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; customRule: OptionalType<TypeC<{ configurationChanges: OptionalType<BooleanC>; lambda: TypeC<{ handler: SizedType<string, Type<string, string, unknown>>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; runtime: SizedType<string, Type<string, string, unknown>>; sourceFilePath: SizedType<string, Type<string, string, unknown>>; timeout: OptionalType<NumberC> }>; maximumExecutionFrequency: EnumType<string>; periodic: OptionalType<BooleanC>; triggeringResources: TypeC<{ lookupKey: SizedType<string, Type<string, string, unknown>>; lookupType: EnumType<string>; lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>> }> }>>; description: OptionalType<SizedType<string, Type<string, string, unknown>>>; identifier: OptionalType<SizedType<string, Type<string, string, unknown>>>; inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>; name: SizedType<string, Type<string, string, unknown>>; remediation: OptionalType<TypeC<{ automatic: BooleanC; maximumAutomaticAttempts: OptionalType<NumberC>; parameters: OptionalType<ArrayC<TypeC<{ name: SizedType<string, Type<string, string, unknown>>; type: EnumType<string>; value: SizedType<string, Type<string, string, unknown>> }>>>; retryAttemptSeconds: OptionalType<NumberC>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>; targetDocumentLambda: OptionalType<TypeC<{ handler: SizedType<string, Type<string, string, unknown>>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; runtime: SizedType<string, Type<string, string, unknown>>; sourceFilePath: SizedType<string, Type<string, string, unknown>>; timeout: OptionalType<NumberC> }>>; targetId: SizedType<string, Type<string, string, unknown>>; targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>> }>>; tags: OptionalType<ArrayC<TypeC<{ key: StringC; value: StringC }>>>; type: OptionalType<SizedType<string, Type<string, string, unknown>>> }>> }>> }> = ...
awsConfigRuleSet: TypeC<{ deploymentTargets: TypeC<{ accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>; rules: ArrayC<TypeC<{ complianceResourceTypes: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; customRule: OptionalType<TypeC<{ configurationChanges: OptionalType<BooleanC>; lambda: TypeC<{ handler: SizedType<string, Type<string, string, unknown>>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; runtime: SizedType<string, Type<string, string, unknown>>; sourceFilePath: SizedType<string, Type<string, string, unknown>>; timeout: OptionalType<NumberC> }>; maximumExecutionFrequency: EnumType<string>; periodic: OptionalType<BooleanC>; triggeringResources: TypeC<{ lookupKey: SizedType<string, Type<string, string, unknown>>; lookupType: EnumType<string>; lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>> }> }>>; description: OptionalType<SizedType<string, Type<string, string, unknown>>>; identifier: OptionalType<SizedType<string, Type<string, string, unknown>>>; inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>; name: SizedType<string, Type<string, string, unknown>>; remediation: OptionalType<TypeC<{ automatic: BooleanC; maximumAutomaticAttempts: OptionalType<NumberC>; parameters: OptionalType<ArrayC<TypeC<{ name: SizedType<string, Type<string, string, unknown>>; type: EnumType<string>; value: SizedType<string, Type<string, string, unknown>> }>>>; retryAttemptSeconds: OptionalType<NumberC>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>; targetDocumentLambda: OptionalType<TypeC<{ handler: SizedType<string, Type<string, string, unknown>>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; runtime: SizedType<string, Type<string, string, unknown>>; sourceFilePath: SizedType<string, Type<string, string, unknown>>; timeout: OptionalType<NumberC> }>>; targetId: SizedType<string, Type<string, string, unknown>>; targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>> }>>; tags: OptionalType<ArrayC<TypeC<{ key: StringC; value: StringC }>>>; type: OptionalType<SizedType<string, Type<string, string, unknown>>> }>> }> = ...
centralSecurityServicesConfig: TypeC<{ auditManager: OptionalType<TypeC<{ defaultReportsConfiguration: TypeC<{ destinationType: EnumType<string>; enable: BooleanC }>; enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; lifecycleRules: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload: OptionalType<NumberC>; enabled: OptionalType<BooleanC>; expiration: OptionalType<NumberC>; expiredObjectDeleteMarker: OptionalType<BooleanC>; id: OptionalType<StringC>; noncurrentVersionExpiration: OptionalType<NumberC>; noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>>; transitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>> }>>> }>>; delegatedAdminAccount: SizedType<string, Type<string, string, unknown>>; detective: OptionalType<TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }>>; ebsDefaultVolumeEncryption: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }>; guardduty: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; exportConfiguration: TypeC<{ destinationType: EnumType<string>; enable: BooleanC; exportFrequency: EnumType<string> }>; lifecycleRules: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload: OptionalType<NumberC>; enabled: OptionalType<BooleanC>; expiration: OptionalType<NumberC>; expiredObjectDeleteMarker: OptionalType<BooleanC>; id: OptionalType<StringC>; noncurrentVersionExpiration: OptionalType<NumberC>; noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>>; transitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>> }>>>; s3Protection: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }> }>; macie: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; lifecycleRules: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload: OptionalType<NumberC>; enabled: OptionalType<BooleanC>; expiration: OptionalType<NumberC>; expiredObjectDeleteMarker: OptionalType<BooleanC>; id: OptionalType<StringC>; noncurrentVersionExpiration: OptionalType<NumberC>; noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>>; transitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>> }>>>; policyFindingsPublishingFrequency: EnumType<string>; publishSensitiveDataFindings: BooleanC }>; s3PublicAccessBlock: TypeC<{ enable: BooleanC; excludeAccounts: OptionalType<ArrayC<StringC>> }>; securityHub: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; regionAggregation: OptionalType<BooleanC>; standards: ArrayC<TypeC<{ controlsToDisable: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; enable: BooleanC; name: EnumType<string> }>> }>; ssmAutomation: TypeC<{ documentSets: ArrayC<TypeC<{ documents: ArrayC<TypeC<{ name: SizedType<string, Type<string, string, unknown>>; template: SizedType<string, Type<string, string, unknown>> }>>; shareTargets: TypeC<{ accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }> }>>; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }> }> = ...

Central security services configuration

cloudWatchConfig: TypeC<{ alarmSets: ArrayC<TypeC<{ alarms: ArrayC<TypeC<{ alarmDescription: SizedType<string, Type<string, string, unknown>>; alarmName: SizedType<string, Type<string, string, unknown>>; comparisonOperator: SizedType<string, Type<string, string, unknown>>; evaluationPeriods: NumberC; metricName: SizedType<string, Type<string, string, unknown>>; namespace: SizedType<string, Type<string, string, unknown>>; period: NumberC; snsAlertLevel: SizedType<string, Type<string, string, unknown>>; statistic: SizedType<string, Type<string, string, unknown>>; threshold: NumberC; treatMissingData: SizedType<string, Type<string, string, unknown>> }>>; deploymentTargets: TypeC<{ accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>; regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>>; metricSets: ArrayC<TypeC<{ deploymentTargets: TypeC<{ accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>; metrics: ArrayC<TypeC<{ filterName: SizedType<string, Type<string, string, unknown>>; filterPattern: SizedType<string, Type<string, string, unknown>>; logGroupName: SizedType<string, Type<string, string, unknown>>; metricName: SizedType<string, Type<string, string, unknown>>; metricNamespace: SizedType<string, Type<string, string, unknown>>; metricValue: SizedType<string, Type<string, string, unknown>> }>>; regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>> }> = ...
configRule: TypeC<{ complianceResourceTypes: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; customRule: OptionalType<TypeC<{ configurationChanges: OptionalType<BooleanC>; lambda: TypeC<{ handler: SizedType<string, Type<string, string, unknown>>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; runtime: SizedType<string, Type<string, string, unknown>>; sourceFilePath: SizedType<string, Type<string, string, unknown>>; timeout: OptionalType<NumberC> }>; maximumExecutionFrequency: EnumType<string>; periodic: OptionalType<BooleanC>; triggeringResources: TypeC<{ lookupKey: SizedType<string, Type<string, string, unknown>>; lookupType: EnumType<string>; lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>> }> }>>; description: OptionalType<SizedType<string, Type<string, string, unknown>>>; identifier: OptionalType<SizedType<string, Type<string, string, unknown>>>; inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>; name: SizedType<string, Type<string, string, unknown>>; remediation: OptionalType<TypeC<{ automatic: BooleanC; maximumAutomaticAttempts: OptionalType<NumberC>; parameters: OptionalType<ArrayC<TypeC<{ name: SizedType<string, Type<string, string, unknown>>; type: EnumType<string>; value: SizedType<string, Type<string, string, unknown>> }>>>; retryAttemptSeconds: OptionalType<NumberC>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>; targetDocumentLambda: OptionalType<TypeC<{ handler: SizedType<string, Type<string, string, unknown>>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; runtime: SizedType<string, Type<string, string, unknown>>; sourceFilePath: SizedType<string, Type<string, string, unknown>>; timeout: OptionalType<NumberC> }>>; targetId: SizedType<string, Type<string, string, unknown>>; targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>> }>>; tags: OptionalType<ArrayC<TypeC<{ key: StringC; value: StringC }>>>; type: OptionalType<SizedType<string, Type<string, string, unknown>>> }> = ...
configRuleRemediationType: TypeC<{ automatic: BooleanC; maximumAutomaticAttempts: OptionalType<NumberC>; parameters: OptionalType<ArrayC<TypeC<{ name: SizedType<string, Type<string, string, unknown>>; type: EnumType<string>; value: SizedType<string, Type<string, string, unknown>> }>>>; retryAttemptSeconds: OptionalType<NumberC>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>; targetDocumentLambda: OptionalType<TypeC<{ handler: SizedType<string, Type<string, string, unknown>>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; runtime: SizedType<string, Type<string, string, unknown>>; sourceFilePath: SizedType<string, Type<string, string, unknown>>; timeout: OptionalType<NumberC> }>>; targetId: SizedType<string, Type<string, string, unknown>>; targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>> }> = ...
customRuleConfigType: TypeC<{ configurationChanges: OptionalType<BooleanC>; lambda: TypeC<{ handler: SizedType<string, Type<string, string, unknown>>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; runtime: SizedType<string, Type<string, string, unknown>>; sourceFilePath: SizedType<string, Type<string, string, unknown>>; timeout: OptionalType<NumberC> }>; maximumExecutionFrequency: EnumType<string>; periodic: OptionalType<BooleanC>; triggeringResources: TypeC<{ lookupKey: SizedType<string, Type<string, string, unknown>>; lookupType: EnumType<string>; lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>> }> }> = ...
customRuleLambdaType: TypeC<{ handler: SizedType<string, Type<string, string, unknown>>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; runtime: SizedType<string, Type<string, string, unknown>>; sourceFilePath: SizedType<string, Type<string, string, unknown>>; timeout: OptionalType<NumberC> }> = ...
detectiveConfig: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }> = ...

AWS Detective configuration

documentConfig: TypeC<{ name: SizedType<string, Type<string, string, unknown>>; template: SizedType<string, Type<string, string, unknown>> }> = ...
documentSetConfig: TypeC<{ documents: ArrayC<TypeC<{ name: SizedType<string, Type<string, string, unknown>>; template: SizedType<string, Type<string, string, unknown>> }>>; shareTargets: TypeC<{ accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }> }> = ...
ebsDefaultVolumeEncryptionConfig: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }> = ...
guardDutyConfig: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; exportConfiguration: TypeC<{ destinationType: EnumType<string>; enable: BooleanC; exportFrequency: EnumType<string> }>; lifecycleRules: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload: OptionalType<NumberC>; enabled: OptionalType<BooleanC>; expiration: OptionalType<NumberC>; expiredObjectDeleteMarker: OptionalType<BooleanC>; id: OptionalType<StringC>; noncurrentVersionExpiration: OptionalType<NumberC>; noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>>; transitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>> }>>>; s3Protection: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }> }> = ...

AWS GuardDuty configuration

guardDutyExportFindingsConfig: TypeC<{ destinationType: EnumType<string>; enable: BooleanC; exportFrequency: EnumType<string> }> = ...

AWS GuardDuty Export Findings configuration.

guardDutyS3ProtectionConfig: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }> = ...

AWS GuardDuty S3 Protection configuration.

iamPasswordPolicyConfig: TypeC<{ allowUsersToChangePassword: BooleanC; hardExpiry: BooleanC; maxPasswordAge: NumberC; minimumPasswordLength: NumberC; passwordReusePrevention: NumberC; requireLowercaseCharacters: BooleanC; requireNumbers: BooleanC; requireSymbols: BooleanC; requireUppercaseCharacters: BooleanC }> = ...
macieConfig: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; lifecycleRules: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload: OptionalType<NumberC>; enabled: OptionalType<BooleanC>; expiration: OptionalType<NumberC>; expiredObjectDeleteMarker: OptionalType<BooleanC>; id: OptionalType<StringC>; noncurrentVersionExpiration: OptionalType<NumberC>; noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>>; transitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>> }>>>; policyFindingsPublishingFrequency: EnumType<string>; publishSensitiveDataFindings: BooleanC }> = ...

AWS Macie configuration

metricConfig: TypeC<{ filterName: SizedType<string, Type<string, string, unknown>>; filterPattern: SizedType<string, Type<string, string, unknown>>; logGroupName: SizedType<string, Type<string, string, unknown>>; metricName: SizedType<string, Type<string, string, unknown>>; metricNamespace: SizedType<string, Type<string, string, unknown>>; metricValue: SizedType<string, Type<string, string, unknown>> }> = ...
metricSetConfig: TypeC<{ deploymentTargets: TypeC<{ accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>; metrics: ArrayC<TypeC<{ filterName: SizedType<string, Type<string, string, unknown>>; filterPattern: SizedType<string, Type<string, string, unknown>>; logGroupName: SizedType<string, Type<string, string, unknown>>; metricName: SizedType<string, Type<string, string, unknown>>; metricNamespace: SizedType<string, Type<string, string, unknown>>; metricValue: SizedType<string, Type<string, string, unknown>> }>>; regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }> = ...
remediationParametersConfigType: TypeC<{ name: SizedType<string, Type<string, string, unknown>>; type: EnumType<string>; value: SizedType<string, Type<string, string, unknown>> }> = ...

Config rule remediation input parameter configuration type

s3PublicAccessBlockConfig: TypeC<{ enable: BooleanC; excludeAccounts: OptionalType<ArrayC<StringC>> }> = ...

Amazon Web Services S3 configuration

securityConfig: TypeC<{ accessAnalyzer: TypeC<{ enable: BooleanC }>; awsConfig: TypeC<{ enableConfigurationRecorder: BooleanC; enableDeliveryChannel: BooleanC; ruleSets: ArrayC<TypeC<{ deploymentTargets: TypeC<{ accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>; rules: ArrayC<TypeC<{ complianceResourceTypes: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; customRule: OptionalType<TypeC<{ configurationChanges: OptionalType<BooleanC>; lambda: TypeC<{ handler: SizedType<string, Type<string, string, unknown>>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; runtime: SizedType<string, Type<string, string, unknown>>; sourceFilePath: SizedType<string, Type<string, string, unknown>>; timeout: OptionalType<NumberC> }>; maximumExecutionFrequency: EnumType<string>; periodic: OptionalType<BooleanC>; triggeringResources: TypeC<{ lookupKey: SizedType<string, Type<string, string, unknown>>; lookupType: EnumType<string>; lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>> }> }>>; description: OptionalType<SizedType<string, Type<string, string, unknown>>>; identifier: OptionalType<SizedType<string, Type<string, string, unknown>>>; inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>; name: SizedType<string, Type<string, string, unknown>>; remediation: OptionalType<TypeC<{ automatic: BooleanC; maximumAutomaticAttempts: OptionalType<NumberC>; parameters: OptionalType<ArrayC<TypeC<{ name: SizedType<string, Type<string, string, unknown>>; type: EnumType<string>; value: SizedType<string, Type<string, string, unknown>> }>>>; retryAttemptSeconds: OptionalType<NumberC>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>; targetDocumentLambda: OptionalType<TypeC<{ handler: SizedType<string, Type<string, string, unknown>>; rolePolicyFile: SizedType<string, Type<string, string, unknown>>; runtime: SizedType<string, Type<string, string, unknown>>; sourceFilePath: SizedType<string, Type<string, string, unknown>>; timeout: OptionalType<NumberC> }>>; targetId: SizedType<string, Type<string, string, unknown>>; targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>> }>>; tags: OptionalType<ArrayC<TypeC<{ key: StringC; value: StringC }>>>; type: OptionalType<SizedType<string, Type<string, string, unknown>>> }>> }>> }>; centralSecurityServices: TypeC<{ auditManager: OptionalType<TypeC<{ defaultReportsConfiguration: TypeC<{ destinationType: EnumType<string>; enable: BooleanC }>; enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; lifecycleRules: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload: OptionalType<NumberC>; enabled: OptionalType<BooleanC>; expiration: OptionalType<NumberC>; expiredObjectDeleteMarker: OptionalType<BooleanC>; id: OptionalType<StringC>; noncurrentVersionExpiration: OptionalType<NumberC>; noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>>; transitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>> }>>> }>>; delegatedAdminAccount: SizedType<string, Type<string, string, unknown>>; detective: OptionalType<TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }>>; ebsDefaultVolumeEncryption: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }>; guardduty: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; exportConfiguration: TypeC<{ destinationType: EnumType<string>; enable: BooleanC; exportFrequency: EnumType<string> }>; lifecycleRules: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload: OptionalType<NumberC>; enabled: OptionalType<BooleanC>; expiration: OptionalType<NumberC>; expiredObjectDeleteMarker: OptionalType<BooleanC>; id: OptionalType<StringC>; noncurrentVersionExpiration: OptionalType<NumberC>; noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>>; transitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>> }>>>; s3Protection: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }> }>; macie: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; lifecycleRules: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload: OptionalType<NumberC>; enabled: OptionalType<BooleanC>; expiration: OptionalType<NumberC>; expiredObjectDeleteMarker: OptionalType<BooleanC>; id: OptionalType<StringC>; noncurrentVersionExpiration: OptionalType<NumberC>; noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>>; transitions: OptionalType<ArrayC<TypeC<{ storageClass: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter: NumberC }>>> }>>>; policyFindingsPublishingFrequency: EnumType<string>; publishSensitiveDataFindings: BooleanC }>; s3PublicAccessBlock: TypeC<{ enable: BooleanC; excludeAccounts: OptionalType<ArrayC<StringC>> }>; securityHub: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; regionAggregation: OptionalType<BooleanC>; standards: ArrayC<TypeC<{ controlsToDisable: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; enable: BooleanC; name: EnumType<string> }>> }>; ssmAutomation: TypeC<{ documentSets: ArrayC<TypeC<{ documents: ArrayC<TypeC<{ name: SizedType<string, Type<string, string, unknown>>; template: SizedType<string, Type<string, string, unknown>> }>>; shareTargets: TypeC<{ accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }> }>>; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }> }>; cloudWatch: TypeC<{ alarmSets: ArrayC<TypeC<{ alarms: ArrayC<TypeC<{ alarmDescription: SizedType<string, Type<string, string, unknown>>; alarmName: SizedType<string, Type<string, string, unknown>>; comparisonOperator: SizedType<string, Type<string, string, unknown>>; evaluationPeriods: NumberC; metricName: SizedType<string, Type<string, string, unknown>>; namespace: SizedType<string, Type<string, string, unknown>>; period: NumberC; snsAlertLevel: SizedType<string, Type<string, string, unknown>>; statistic: SizedType<string, Type<string, string, unknown>>; threshold: NumberC; treatMissingData: SizedType<string, Type<string, string, unknown>> }>>; deploymentTargets: TypeC<{ accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>; regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>>; metricSets: ArrayC<TypeC<{ deploymentTargets: TypeC<{ accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>; metrics: ArrayC<TypeC<{ filterName: SizedType<string, Type<string, string, unknown>>; filterPattern: SizedType<string, Type<string, string, unknown>>; logGroupName: SizedType<string, Type<string, string, unknown>>; metricName: SizedType<string, Type<string, string, unknown>>; metricNamespace: SizedType<string, Type<string, string, unknown>>; metricValue: SizedType<string, Type<string, string, unknown>> }>>; regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>> }>; iamPasswordPolicy: TypeC<{ allowUsersToChangePassword: BooleanC; hardExpiry: BooleanC; maxPasswordAge: NumberC; minimumPasswordLength: NumberC; passwordReusePrevention: NumberC; requireLowercaseCharacters: BooleanC; requireNumbers: BooleanC; requireSymbols: BooleanC; requireUppercaseCharacters: BooleanC }> }> = ...
securityHubConfig: TypeC<{ enable: BooleanC; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; regionAggregation: OptionalType<BooleanC>; standards: ArrayC<TypeC<{ controlsToDisable: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; enable: BooleanC; name: EnumType<string> }>> }> = ...
securityHubStandardConfig: TypeC<{ controlsToDisable: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; enable: BooleanC; name: EnumType<string> }> = ...

AWS SecurityHub standards configuration

snsSubscriptionConfig: TypeC<{ email: SizedType<string, Type<string, string, unknown>>; level: SizedType<string, Type<string, string, unknown>> }> = ...

SNS notification subscription configuration.

ssmAutomationConfig: TypeC<{ documentSets: ArrayC<TypeC<{ documents: ArrayC<TypeC<{ name: SizedType<string, Type<string, string, unknown>>; template: SizedType<string, Type<string, string, unknown>> }>>; shareTargets: TypeC<{ accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }> }>>; excludeRegions: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }> = ...
triggeringResourceType: TypeC<{ lookupKey: SizedType<string, Type<string, string, unknown>>; lookupType: EnumType<string>; lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>> }> = ...

Generated using TypeDoc