SecurityConfig / AwsConfig / AwsConfigRuleSet

List of AWS Config rules

Example

- deploymentTargets:
organizationalUnits:
- Root
rules:
- name: accelerator-iam-user-group-membership-check
complianceResourceTypes:
- AWS::IAM::User
identifier: IAM_USER_GROUP_MEMBERSHIP_CHECK

Hierarchy

  • AwsConfigRuleSet

Implements

Constructors

Properties

Constructors

Properties

deploymentTargets: DeploymentTargets = ...

Config ruleset deployment target.

To configure AWS Config rules into Root and Infrastructure organizational units, you need to provide below value for this parameter.

Example

- deploymentTargets:
organizationalUnits:
- Root
- Infrastructure
rules: ConfigRule[] = []

AWS Config rule set

Following example will create a custom rule named accelerator-attach-ec2-instance-profile with remediation and a managed rule named accelerator-iam-user-group-membership-check without remediation

Example

rules:
- name: accelerator-attach-ec2-instance-profile
type: Custom
description: Custom role to remediate ec2 instance profile to EC2 instances
inputParameters:
customRule:
lambda:
sourceFilePath: custom-config-rules/attach-ec2-instance-profile.zip
handler: index.handler
runtime: nodejsXX.x
timeout: 3
periodic: true
maximumExecutionFrequency: Six_Hours
configurationChanges: true
triggeringResources:
lookupType: ResourceTypes
lookupKey: ResourceTypes
lookupValue:
- AWS::EC2::Instance
- name: accelerator-iam-user-group-membership-check
complianceResourceTypes:
- AWS::IAM::User
identifier: IAM_USER_GROUP_MEMBERSHIP_CHECK

Generated using TypeDoc