security
Config
: TypeC<{ accessAnalyzer
: TypeC<{ enable
: BooleanC }>; awsConfig
: TypeC<{ enableConfigurationRecorder
: BooleanC; enableDeliveryChannel
: BooleanC; ruleSets
: ArrayC<TypeC<{ deploymentTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>; rules
: ArrayC<TypeC<{ complianceResourceTypes
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; customRule
: OptionalType<TypeC<{ configurationChanges
: OptionalType<BooleanC>; lambda
: TypeC<{ handler
: SizedType<string, Type<string, string, unknown>>; rolePolicyFile
: SizedType<string, Type<string, string, unknown>>; runtime
: SizedType<string, Type<string, string, unknown>>; sourceFilePath
: SizedType<string, Type<string, string, unknown>>; timeout
: OptionalType<NumberC> }>; maximumExecutionFrequency
: EnumType<string>; periodic
: OptionalType<BooleanC>; triggeringResources
: TypeC<{ lookupKey
: SizedType<string, Type<string, string, unknown>>; lookupType
: EnumType<string>; lookupValue
: ArrayC<SizedType<string, Type<string, string, unknown>>> }> }>>; description
: OptionalType<SizedType<string, Type<string, string, unknown>>>; identifier
: OptionalType<SizedType<string, Type<string, string, unknown>>>; inputParameters
: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>; name
: SizedType<string, Type<string, string, unknown>>; remediation
: OptionalType<TypeC<{ automatic
: BooleanC; maximumAutomaticAttempts
: OptionalType<NumberC>; parameters
: OptionalType<ArrayC<TypeC<{ name
: SizedType<string, Type<string, string, unknown>>; type
: EnumType<string>; value
: SizedType<string, Type<string, string, unknown>> }>>>; retryAttemptSeconds
: OptionalType<NumberC>; rolePolicyFile
: SizedType<string, Type<string, string, unknown>>; targetAccountName
: OptionalType<SizedType<string, Type<string, string, unknown>>>; targetDocumentLambda
: OptionalType<TypeC<{ handler
: SizedType<string, Type<string, string, unknown>>; rolePolicyFile
: SizedType<string, Type<string, string, unknown>>; runtime
: SizedType<string, Type<string, string, unknown>>; sourceFilePath
: SizedType<string, Type<string, string, unknown>>; timeout
: OptionalType<NumberC> }>>; targetId
: SizedType<string, Type<string, string, unknown>>; targetVersion
: OptionalType<SizedType<string, Type<string, string, unknown>>> }>>; tags
: OptionalType<ArrayC<TypeC<{ key
: StringC; value
: StringC }>>>; type
: OptionalType<SizedType<string, Type<string, string, unknown>>> }>> }>> }>; centralSecurityServices
: TypeC<{ auditManager
: OptionalType<TypeC<{ defaultReportsConfiguration
: TypeC<{ destinationType
: EnumType<string>; enable
: BooleanC }>; enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; lifecycleRules
: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload
: OptionalType<NumberC>; enabled
: OptionalType<BooleanC>; expiration
: OptionalType<NumberC>; expiredObjectDeleteMarker
: OptionalType<BooleanC>; id
: OptionalType<StringC>; noncurrentVersionExpiration
: OptionalType<NumberC>; noncurrentVersionTransitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC }>>>; transitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC }>>> }>>> }>>; delegatedAdminAccount
: SizedType<string, Type<string, string, unknown>>; detective
: OptionalType<TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }>>; ebsDefaultVolumeEncryption
: TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }>; guardduty
: TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; exportConfiguration
: TypeC<{ destinationType
: EnumType<string>; enable
: BooleanC; exportFrequency
: EnumType<string> }>; lifecycleRules
: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload
: OptionalType<NumberC>; enabled
: OptionalType<BooleanC>; expiration
: OptionalType<NumberC>; expiredObjectDeleteMarker
: OptionalType<BooleanC>; id
: OptionalType<StringC>; noncurrentVersionExpiration
: OptionalType<NumberC>; noncurrentVersionTransitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC }>>>; transitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC }>>> }>>>; s3Protection
: TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }> }>; macie
: TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; lifecycleRules
: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload
: OptionalType<NumberC>; enabled
: OptionalType<BooleanC>; expiration
: OptionalType<NumberC>; expiredObjectDeleteMarker
: OptionalType<BooleanC>; id
: OptionalType<StringC>; noncurrentVersionExpiration
: OptionalType<NumberC>; noncurrentVersionTransitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC }>>>; transitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"DEEP_ARCHIVE" | "GLACIER" | "GLACIER_INSTANT_RETRIEVAL" | "INFREQUENT_ACCESS" | "INTELLIGENT_TIERING" | "ONE_ZONE_INFREQUENT_ACCESS" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC }>>> }>>>; policyFindingsPublishingFrequency
: EnumType<string>; publishSensitiveDataFindings
: BooleanC }>; s3PublicAccessBlock
: TypeC<{ enable
: BooleanC; excludeAccounts
: OptionalType<ArrayC<StringC>> }>; securityHub
: TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>>; regionAggregation
: OptionalType<BooleanC>; standards
: ArrayC<TypeC<{ controlsToDisable
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; enable
: BooleanC; name
: EnumType<string> }>> }>; ssmAutomation
: TypeC<{ documentSets
: ArrayC<TypeC<{ documents
: ArrayC<TypeC<{ name
: SizedType<string, Type<string, string, unknown>>; template
: SizedType<string, Type<string, string, unknown>> }>>; shareTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }> }>>; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-south-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-gov-east-1" | "us-gov-west-1" | "us-west-1" | "us-west-2" | "us-iso-west-1" | "us-iso-east-1" | "us-isob-east-1">>> }> }>; cloudWatch
: TypeC<{ alarmSets
: ArrayC<TypeC<{ alarms
: ArrayC<TypeC<{ alarmDescription
: SizedType<string, Type<string, string, unknown>>; alarmName
: SizedType<string, Type<string, string, unknown>>; comparisonOperator
: SizedType<string, Type<string, string, unknown>>; evaluationPeriods
: NumberC; metricName
: SizedType<string, Type<string, string, unknown>>; namespace
: SizedType<string, Type<string, string, unknown>>; period
: NumberC; snsAlertLevel
: SizedType<string, Type<string, string, unknown>>; statistic
: SizedType<string, Type<string, string, unknown>>; threshold
: NumberC; treatMissingData
: SizedType<string, Type<string, string, unknown>> }>>; deploymentTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>; regions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>>; metricSets
: ArrayC<TypeC<{ deploymentTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>; metrics
: ArrayC<TypeC<{ filterName
: SizedType<string, Type<string, string, unknown>>; filterPattern
: SizedType<string, Type<string, string, unknown>>; logGroupName
: SizedType<string, Type<string, string, unknown>>; metricName
: SizedType<string, Type<string, string, unknown>>; metricNamespace
: SizedType<string, Type<string, string, unknown>>; metricValue
: SizedType<string, Type<string, string, unknown>> }>>; regions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>> }>> }>; iamPasswordPolicy
: TypeC<{ allowUsersToChangePassword
: BooleanC; hardExpiry
: BooleanC; maxPasswordAge
: NumberC; minimumPasswordLength
: NumberC; passwordReusePrevention
: NumberC; requireLowercaseCharacters
: BooleanC; requireNumbers
: BooleanC; requireSymbols
: BooleanC; requireUppercaseCharacters
: BooleanC }> }> = ...
AWS Accelerator SecurityConfig Types