Readonly
deploymentConfig ruleset deployment target.
To configure AWS Config rules into Root and Infrastructure organizational units, you need to provide below value for this parameter.
- deploymentTargets:
organizationalUnits:
- Root
- Infrastructure
Readonly
rulesAWS Config rule set
Following example will create a custom rule named accelerator-attach-ec2-instance-profile with remediation and a managed rule named accelerator-iam-user-group-membership-check without remediation
rules:
- name: accelerator-attach-ec2-instance-profile
type: Custom
description: Custom role to remediate ec2 instance profile to EC2 instances
inputParameters:
customRule:
lambda:
sourceFilePath: custom-config-rules/attach-ec2-instance-profile.zip
handler: index.handler
runtime: nodejsXX.x
timeout: 3
periodic: true
maximumExecutionFrequency: Six_Hours
configurationChanges: true
triggeringResources:
lookupType: ResourceTypes
lookupKey: ResourceTypes
lookupValue:
- AWS::EC2::Instance
- name: accelerator-iam-user-group-membership-check
complianceResourceTypes:
- AWS::IAM::User
identifier: IAM_USER_GROUP_MEMBERSHIP_CHECK
Generated using TypeDoc
SecurityConfig / AwsConfig / AwsConfigRuleSet
List of AWS Config rules
Example