security
Config
: TypeC<{ accessAnalyzer
: TypeC<{ enable
: BooleanC; }>; awsConfig
: TypeC<{ aggregation
: OptionalType<TypeC<{ delegatedAdminAccount
: OptionalType<SizedType<string, Type<string, string, unknown>>>; enable
: BooleanC; }>>; enableConfigurationRecorder
: BooleanC; enableDeliveryChannel
: OptionalType<BooleanC>; overrideExisting
: OptionalType<BooleanC>; ruleSets
: ArrayC<TypeC<{ deploymentTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>; rules
: ArrayC<TypeC<{ complianceResourceTypes
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; customRule
: OptionalType<TypeC<{ configurationChanges
: OptionalType<BooleanC>; lambda
: TypeC<{ handler
: SizedType<string, Type<string, string, unknown>>; rolePolicyFile
: SizedType<string, Type<string, string, unknown>>; runtime
: SizedType<string, Type<string, string, unknown>>; sourceFilePath
: SizedType<string, Type<string, string, unknown>>; timeout
: OptionalType<NumberC>; }>; maximumExecutionFrequency
: EnumType<string>; periodic
: OptionalType<BooleanC>; triggeringResources
: TypeC<{ lookupKey
: SizedType<string, Type<string, string, unknown>>; lookupType
: EnumType<string>; lookupValue
: ArrayC<SizedType<string, Type<string, string, unknown>>>; }>; }>>; description
: OptionalType<SizedType<string, Type<string, string, unknown>>>; identifier
: OptionalType<SizedType<string, Type<string, string, unknown>>>; inputParameters
: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>; name
: SizedType<string, Type<string, string, unknown>>; remediation
: OptionalType<TypeC<{ automatic
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<string>>>; maximumAutomaticAttempts
: OptionalType<NumberC>; parameters
: OptionalType<ArrayC<TypeC<{ name
: SizedType<string, Type<string, string, unknown>>; type
: EnumType<string>; value
: SizedType<string, Type<string, string, unknown>>; }>>>; retryAttemptSeconds
: OptionalType<NumberC>; rolePolicyFile
: SizedType<string, Type<string, string, unknown>>; targetAccountName
: OptionalType<SizedType<string, Type<string, string, unknown>>>; targetDocumentLambda
: OptionalType<TypeC<{ handler
: SizedType<string, Type<string, string, unknown>>; rolePolicyFile
: SizedType<string, Type<string, string, unknown>>; runtime
: SizedType<string, Type<string, string, unknown>>; sourceFilePath
: SizedType<string, Type<string, string, unknown>>; timeout
: OptionalType<NumberC>; }>>; targetId
: SizedType<string, Type<string, string, unknown>>; targetVersion
: OptionalType<SizedType<string, Type<string, string, unknown>>>; }>>; tags
: OptionalType<ArrayC<TypeC<{ key
: StringC; value
: StringC; }>>>; type
: OptionalType<SizedType<string, Type<string, string, unknown>>>; }>>; }>>; }>; centralSecurityServices
: TypeC<{ auditManager
: OptionalType<TypeC<{ defaultReportsConfiguration
: TypeC<{ destinationType
: EnumType<string>; enable
: BooleanC; }>; enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<string>>>; lifecycleRules
: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload
: OptionalType<NumberC>; enabled
: OptionalType<BooleanC>; expiration
: OptionalType<NumberC>; expiredObjectDeleteMarker
: OptionalType<BooleanC>; id
: OptionalType<StringC>; noncurrentVersionExpiration
: OptionalType<NumberC>; noncurrentVersionTransitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC; }>>>; prefix
: OptionalType<SizedType<string, Type<string, string, unknown>>>; transitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC; }>>>; }>>>; }>>; delegatedAdminAccount
: SizedType<string, Type<string, string, unknown>>; detective
: OptionalType<TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<string>>>; }>>; ebsDefaultVolumeEncryption
: TypeC<{ deploymentTargets
: OptionalType<TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>>; enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<string>>>; kmsKey
: OptionalType<SizedType<string, Type<string, string, unknown>>>; }>; guardduty
: TypeC<{ eksProtection
: OptionalType<TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<string>>>; }>>; enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<string>>>; exportConfiguration
: TypeC<{ destinationType
: EnumType<string>; enable
: BooleanC; exportFrequency
: EnumType<string>; overrideExisting
: OptionalType<BooleanC>; overrideGuardDutyPrefix
: OptionalType<TypeC<{ customOverride
: OptionalType<SizedType<string, Type<string, string, unknown>>>; useCustomPrefix
: BooleanC; }>>; }>; lifecycleRules
: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload
: OptionalType<NumberC>; enabled
: OptionalType<BooleanC>; expiration
: OptionalType<NumberC>; expiredObjectDeleteMarker
: OptionalType<BooleanC>; id
: OptionalType<StringC>; noncurrentVersionExpiration
: OptionalType<NumberC>; noncurrentVersionTransitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC; }>>>; prefix
: OptionalType<SizedType<string, Type<string, string, unknown>>>; transitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC; }>>>; }>>>; s3Protection
: TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<string>>>; }>; }>; macie
: TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<string>>>; lifecycleRules
: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload
: OptionalType<NumberC>; enabled
: OptionalType<BooleanC>; expiration
: OptionalType<NumberC>; expiredObjectDeleteMarker
: OptionalType<BooleanC>; id
: OptionalType<StringC>; noncurrentVersionExpiration
: OptionalType<NumberC>; noncurrentVersionTransitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC; }>>>; prefix
: OptionalType<SizedType<string, Type<string, string, unknown>>>; transitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC; }>>>; }>>>; policyFindingsPublishingFrequency
: EnumType<string>; publishSensitiveDataFindings
: BooleanC; }>; s3PublicAccessBlock
: TypeC<{ enable
: BooleanC; excludeAccounts
: OptionalType<ArrayC<StringC>>; }>; scpRevertChangesConfig
: OptionalType<TypeC<{ enable
: BooleanC; snsTopicName
: OptionalType<SizedType<string, Type<string, string, unknown>>>; }>>; securityHub
: TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<string>>>; logging
: OptionalType<TypeC<{ cloudWatch
: OptionalType<TypeC<{ enable
: BooleanC; }>>; }>>; notificationLevel
: OptionalType<StringC>; regionAggregation
: OptionalType<BooleanC>; snsTopicName
: OptionalType<StringC>; standards
: ArrayC<TypeC<{ controlsToDisable
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; deploymentTargets
: OptionalType<TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>>; enable
: BooleanC; name
: EnumType<string>; }>>; }>; ssmAutomation
: TypeC<{ documentSets
: ArrayC<TypeC<{ documents
: ArrayC<TypeC<{ name
: SizedType<string, Type<string, string, unknown>>; template
: SizedType<string, Type<string, string, unknown>>; }>>; shareTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>; }>>; excludeRegions
: OptionalType<ArrayC<EnumType<string>>>; }>; }>; cloudWatch
: TypeC<{ alarmSets
: ArrayC<TypeC<{ alarms
: ArrayC<TypeC<{ alarmDescription
: SizedType<string, Type<string, string, unknown>>; alarmName
: SizedType<string, Type<string, string, unknown>>; comparisonOperator
: SizedType<string, Type<string, string, unknown>>; evaluationPeriods
: NumberC; metricName
: SizedType<string, Type<string, string, unknown>>; namespace
: SizedType<string, Type<string, string, unknown>>; period
: NumberC; snsAlertLevel
: OptionalType<SizedType<string, Type<string, string, unknown>>>; snsTopicName
: OptionalType<SizedType<string, Type<string, string, unknown>>>; statistic
: SizedType<string, Type<string, string, unknown>>; threshold
: NumberC; treatMissingData
: SizedType<string, Type<string, string, unknown>>; }>>; deploymentTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>; regions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>>; logGroups
: OptionalType<ArrayC<TypeC<{ deploymentTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>; encryption
: OptionalType<TypeC<{ kmsKeyArn
: OptionalType<SizedType<string, Type<string, string, unknown>>>; kmsKeyName
: OptionalType<SizedType<string, Type<string, string, unknown>>>; useLzaManagedKey
: OptionalType<BooleanC>; }>>; logGroupName
: SizedType<string, Type<string, string, unknown>>; logRetentionInDays
: NumberC; terminationProtected
: OptionalType<BooleanC>; }>>>; metricSets
: ArrayC<TypeC<{ deploymentTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>; metrics
: ArrayC<TypeC<{ filterName
: SizedType<string, Type<string, string, unknown>>; filterPattern
: SizedType<string, Type<string, string, unknown>>; logGroupName
: SizedType<string, Type<string, string, unknown>>; metricName
: SizedType<string, Type<string, string, unknown>>; metricNamespace
: SizedType<string, Type<string, string, unknown>>; metricValue
: SizedType<string, Type<string, string, unknown>>; }>>; regions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>>; }>; iamPasswordPolicy
: TypeC<{ allowUsersToChangePassword
: BooleanC; hardExpiry
: BooleanC; maxPasswordAge
: NumberC; minimumPasswordLength
: NumberC; passwordReusePrevention
: NumberC; requireLowercaseCharacters
: BooleanC; requireNumbers
: BooleanC; requireSymbols
: BooleanC; requireUppercaseCharacters
: BooleanC; }>; keyManagementService
: OptionalType<TypeC<{ keySets
: ArrayC<TypeC<{ alias
: OptionalType<SizedType<string, Type<string, string, unknown>>>; deploymentTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>; description
: OptionalType<SizedType<string, Type<string, string, unknown>>>; enableKeyRotation
: OptionalType<BooleanC>; enabled
: OptionalType<BooleanC>; name
: SizedType<string, Type<string, string, unknown>>; policy
: OptionalType<SizedType<string, Type<string, string, unknown>>>; removalPolicy
: OptionalType<EnumType<string>>; }>>; }>>; resourcePolicyEnforcement
: OptionalType<TypeC<{ enable
: BooleanC; networkPerimeter
: OptionalType<TypeC<{ managedVpcOnly
: OptionalType<BooleanC>; }>>; policySets
: ArrayC<TypeC<{ deploymentTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>; inputParameters
: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>; resourcePolicies
: ArrayC<TypeC<{ document
: SizedType<string, Type<string, string, unknown>>; resourceType
: EnumType<"IAM_ROLE" | "LAMBDA_FUNCTION" | "S3_BUCKET" | "SNS_TOPIC" | "SQS_QUEUE" | "KMS_KEY" | "SECRETS_MANAGER_SECRET" | "ECR_REPOSITORY" | "OPENSEARCH_DOMAIN" | "APIGATEWAY_REST_API" | "LEX_BOT" | "EFS_FILE_SYSTEM" | "EVENTBRIDGE_EVENTBUS" | "BACKUP_VAULT" | "CODEARTIFACT_REPOSITORY" | "CERTIFICATE_AUTHORITY">; }>>; }>>; remediation
: TypeC<{ automatic
: BooleanC; maximumAutomaticAttempts
: OptionalType<NumberC>; retryAttemptSeconds
: OptionalType<NumberC>; }>; }>>; }> = ...
AWS Accelerator SecurityConfig Types