Readonly
compliance(OPTIONAL) Defines which resources trigger an evaluation for an AWS Config rule.
Readonly
custom(OPTIONAL) A custom config rule is backed by AWS Lambda function. This is required when creating custom config rule.
Whether to run the rule on configuration changes.
Default: false
The Lambda function to run.
The name of the method within your code that Lambda calls to execute your function. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-features.html#gettingstarted-features-programmingmodel.
Lambda execution role policy definition file
The runtime environment for the Lambda function that you are uploading. For valid values, see the Runtime property in the AWS Lambda Developer Guide.
The source code file path of your Lambda function. This is a zip file containing lambda function, this file must be available in config repository.
Lambda timeout duration in seconds
The maximum frequency at which the AWS Config rule runs evaluations.
Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
Whether to run the rule on a fixed frequency.
true
Defines which resources trigger an evaluation for an AWS Config rule.
Resource lookup type, resource can be lookup by tag or types. When resource needs to lookup by tag, this field will have tag name.
An enum to identify triggering resource types. Possible values ResourceId, Tag, or ResourceTypes
Triggering resource can be lookup by resource id, tags or resource types.
Resource lookup value, when resource lookup using tag, this field will have tag value to search resource.
Readonly
description(OPTIONAL) A description about this AWS Config rule.
Readonly
identifier(OPTIONAL) The identifier of the AWS managed rule.
Readonly
input(OPTIONAL) Input parameter values that are passed to the AWS Config rule.
Readonly
nameA name for the AWS Config rule.
Note: Changing this value of an AWS Config Rule will trigger a new resource creation.
Readonly
remediationA remediation for the config rule, auto remediation to automatically remediate noncompliant resources.
Readonly
tags(OPTIONAL) Tags for the config rule
Readonly
type(OPTIONAL) Config rule type Managed or Custom. For custom config rule, this parameter value is Custom, when creating managed config rule this parameter value can be undefined or empty string
Generated using TypeDoc
SecurityConfig / AwsConfig / AwsConfigRuleSet / ConfigRule
AWS ConfigRule configuration
Example
Managed Config rule:
Custom Config rule:
Managed Config rule with remediation: