AWS Accelerator SecurityConfig Types

Hierarchy

  • SecurityConfigTypes

Constructors

Properties

accessAnalyzerConfig: TypeC<{
    enable: BooleanC;
}> = ...
alarmConfig: TypeC<{
    alarmDescription: SizedType<string, Type<string, string, unknown>>;
    alarmName: SizedType<string, Type<string, string, unknown>>;
    comparisonOperator: SizedType<string, Type<string, string, unknown>>;
    evaluationPeriods: NumberC;
    metricName: SizedType<string, Type<string, string, unknown>>;
    namespace: SizedType<string, Type<string, string, unknown>>;
    period: NumberC;
    snsAlertLevel: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    snsTopicName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    statistic: SizedType<string, Type<string, string, unknown>>;
    threshold: NumberC;
    treatMissingData: SizedType<string, Type<string, string, unknown>>;
}> = ...
alarmSetConfig: TypeC<{
    alarms: ArrayC<TypeC<{
        alarmDescription: SizedType<string, Type<string, string, unknown>>;
        alarmName: SizedType<string, Type<string, string, unknown>>;
        comparisonOperator: SizedType<string, Type<string, string, unknown>>;
        evaluationPeriods: NumberC;
        metricName: SizedType<string, Type<string, string, unknown>>;
        namespace: SizedType<string, Type<string, string, unknown>>;
        period: NumberC;
        snsAlertLevel: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        snsTopicName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        statistic: SizedType<string, Type<string, string, unknown>>;
        threshold: NumberC;
        treatMissingData: SizedType<string, Type<string, string, unknown>>;
    }>>;
    deploymentTargets: TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>;
    regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
}> = ...
auditManagerConfig: TypeC<{
    defaultReportsConfiguration: TypeC<{
        destinationType: EnumType<string>;
        enable: BooleanC;
    }>;
    enable: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    lifecycleRules: OptionalType<ArrayC<TypeC<{
        abortIncompleteMultipartUpload: OptionalType<NumberC>;
        enabled: OptionalType<BooleanC>;
        expiration: OptionalType<NumberC>;
        expiredObjectDeleteMarker: OptionalType<BooleanC>;
        id: OptionalType<StringC>;
        noncurrentVersionExpiration: OptionalType<NumberC>;
        noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
            storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
            transitionAfter: NumberC;
        }>>>;
        prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        transitions: OptionalType<ArrayC<TypeC<{
            storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
            transitionAfter: NumberC;
        }>>>;
    }>>>;
}> = ...

AWS Audit Manager configuration

auditManagerDefaultReportsDestinationConfig: TypeC<{
    destinationType: EnumType<string>;
    enable: BooleanC;
}> = ...

AWS Audit Manager Default Report configuration.

awsConfig: TypeC<{
    aggregation: OptionalType<TypeC<{
        delegatedAdminAccount: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        enable: BooleanC;
    }>>;
    enableConfigurationRecorder: BooleanC;
    enableDeliveryChannel: OptionalType<BooleanC>;
    overrideExisting: OptionalType<BooleanC>;
    ruleSets: ArrayC<TypeC<{
        deploymentTargets: TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>;
        rules: ArrayC<TypeC<{
            complianceResourceTypes: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            customRule: OptionalType<TypeC<{
                configurationChanges: OptionalType<BooleanC>;
                lambda: TypeC<{
                    handler: SizedType<string, Type<string, string, unknown>>;
                    rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                    runtime: SizedType<string, Type<string, string, unknown>>;
                    sourceFilePath: SizedType<string, Type<string, string, unknown>>;
                    timeout: OptionalType<NumberC>;
                }>;
                maximumExecutionFrequency: EnumType<string>;
                periodic: OptionalType<BooleanC>;
                triggeringResources: TypeC<{
                    lookupKey: SizedType<string, Type<string, string, unknown>>;
                    lookupType: EnumType<string>;
                    lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>>;
                }>;
            }>>;
            description: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            identifier: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>;
            name: SizedType<string, Type<string, string, unknown>>;
            remediation: OptionalType<TypeC<{
                automatic: BooleanC;
                excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
                maximumAutomaticAttempts: OptionalType<NumberC>;
                parameters: OptionalType<ArrayC<TypeC<{
                    name: SizedType<string, Type<string, string, unknown>>;
                    type: EnumType<string>;
                    value: SizedType<string, Type<string, string, unknown>>;
                }>>>;
                retryAttemptSeconds: OptionalType<NumberC>;
                rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                targetDocumentLambda: OptionalType<TypeC<{
                    handler: SizedType<string, Type<string, string, unknown>>;
                    rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                    runtime: SizedType<string, Type<string, string, unknown>>;
                    sourceFilePath: SizedType<string, Type<string, string, unknown>>;
                    timeout: OptionalType<NumberC>;
                }>>;
                targetId: SizedType<string, Type<string, string, unknown>>;
                targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            }>>;
            tags: OptionalType<ArrayC<TypeC<{
                key: StringC;
                value: StringC;
            }>>>;
            type: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        }>>;
    }>>;
}> = ...
awsConfigAggregation: TypeC<{
    delegatedAdminAccount: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    enable: BooleanC;
}> = ...
awsConfigRuleSet: TypeC<{
    deploymentTargets: TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>;
    rules: ArrayC<TypeC<{
        complianceResourceTypes: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        customRule: OptionalType<TypeC<{
            configurationChanges: OptionalType<BooleanC>;
            lambda: TypeC<{
                handler: SizedType<string, Type<string, string, unknown>>;
                rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                runtime: SizedType<string, Type<string, string, unknown>>;
                sourceFilePath: SizedType<string, Type<string, string, unknown>>;
                timeout: OptionalType<NumberC>;
            }>;
            maximumExecutionFrequency: EnumType<string>;
            periodic: OptionalType<BooleanC>;
            triggeringResources: TypeC<{
                lookupKey: SizedType<string, Type<string, string, unknown>>;
                lookupType: EnumType<string>;
                lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>>;
            }>;
        }>>;
        description: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        identifier: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>;
        name: SizedType<string, Type<string, string, unknown>>;
        remediation: OptionalType<TypeC<{
            automatic: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            maximumAutomaticAttempts: OptionalType<NumberC>;
            parameters: OptionalType<ArrayC<TypeC<{
                name: SizedType<string, Type<string, string, unknown>>;
                type: EnumType<string>;
                value: SizedType<string, Type<string, string, unknown>>;
            }>>>;
            retryAttemptSeconds: OptionalType<NumberC>;
            rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
            targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            targetDocumentLambda: OptionalType<TypeC<{
                handler: SizedType<string, Type<string, string, unknown>>;
                rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                runtime: SizedType<string, Type<string, string, unknown>>;
                sourceFilePath: SizedType<string, Type<string, string, unknown>>;
                timeout: OptionalType<NumberC>;
            }>>;
            targetId: SizedType<string, Type<string, string, unknown>>;
            targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        }>>;
        tags: OptionalType<ArrayC<TypeC<{
            key: StringC;
            value: StringC;
        }>>>;
        type: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    }>>;
}> = ...
centralSecurityServicesConfig: TypeC<{
    auditManager: OptionalType<TypeC<{
        defaultReportsConfiguration: TypeC<{
            destinationType: EnumType<string>;
            enable: BooleanC;
        }>;
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        lifecycleRules: OptionalType<ArrayC<TypeC<{
            abortIncompleteMultipartUpload: OptionalType<NumberC>;
            enabled: OptionalType<BooleanC>;
            expiration: OptionalType<NumberC>;
            expiredObjectDeleteMarker: OptionalType<BooleanC>;
            id: OptionalType<StringC>;
            noncurrentVersionExpiration: OptionalType<NumberC>;
            noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
                storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                transitionAfter: NumberC;
            }>>>;
            prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            transitions: OptionalType<ArrayC<TypeC<{
                storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                transitionAfter: NumberC;
            }>>>;
        }>>>;
    }>>;
    delegatedAdminAccount: SizedType<string, Type<string, string, unknown>>;
    detective: OptionalType<TypeC<{
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    }>>;
    ebsDefaultVolumeEncryption: TypeC<{
        deploymentTargets: OptionalType<TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>>;
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        kmsKey: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    }>;
    guardduty: TypeC<{
        eksProtection: OptionalType<TypeC<{
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        }>>;
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        exportConfiguration: TypeC<{
            destinationType: EnumType<string>;
            enable: BooleanC;
            exportFrequency: EnumType<string>;
            overrideExisting: OptionalType<BooleanC>;
            overrideGuardDutyPrefix: OptionalType<TypeC<{
                customOverride: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                useCustomPrefix: BooleanC;
            }>>;
        }>;
        lifecycleRules: OptionalType<ArrayC<TypeC<{
            abortIncompleteMultipartUpload: OptionalType<NumberC>;
            enabled: OptionalType<BooleanC>;
            expiration: OptionalType<NumberC>;
            expiredObjectDeleteMarker: OptionalType<BooleanC>;
            id: OptionalType<StringC>;
            noncurrentVersionExpiration: OptionalType<NumberC>;
            noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
                storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                transitionAfter: NumberC;
            }>>>;
            prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            transitions: OptionalType<ArrayC<TypeC<{
                storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                transitionAfter: NumberC;
            }>>>;
        }>>>;
        s3Protection: TypeC<{
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        }>;
    }>;
    macie: TypeC<{
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        lifecycleRules: OptionalType<ArrayC<TypeC<{
            abortIncompleteMultipartUpload: OptionalType<NumberC>;
            enabled: OptionalType<BooleanC>;
            expiration: OptionalType<NumberC>;
            expiredObjectDeleteMarker: OptionalType<BooleanC>;
            id: OptionalType<StringC>;
            noncurrentVersionExpiration: OptionalType<NumberC>;
            noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
                storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                transitionAfter: NumberC;
            }>>>;
            prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            transitions: OptionalType<ArrayC<TypeC<{
                storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                transitionAfter: NumberC;
            }>>>;
        }>>>;
        policyFindingsPublishingFrequency: EnumType<string>;
        publishSensitiveDataFindings: BooleanC;
    }>;
    s3PublicAccessBlock: TypeC<{
        enable: BooleanC;
        excludeAccounts: OptionalType<ArrayC<StringC>>;
    }>;
    scpRevertChangesConfig: OptionalType<TypeC<{
        enable: BooleanC;
        snsTopicName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    }>>;
    securityHub: TypeC<{
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        logging: OptionalType<TypeC<{
            cloudWatch: OptionalType<TypeC<{
                enable: BooleanC;
            }>>;
        }>>;
        notificationLevel: OptionalType<StringC>;
        regionAggregation: OptionalType<BooleanC>;
        snsTopicName: OptionalType<StringC>;
        standards: ArrayC<TypeC<{
            controlsToDisable: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            deploymentTargets: OptionalType<TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>>;
            enable: BooleanC;
            name: EnumType<string>;
        }>>;
    }>;
    ssmAutomation: TypeC<{
        documentSets: ArrayC<TypeC<{
            documents: ArrayC<TypeC<{
                name: SizedType<string, Type<string, string, unknown>>;
                template: SizedType<string, Type<string, string, unknown>>;
            }>>;
            shareTargets: TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>;
        }>>;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    }>;
}> = ...

Central security services configuration

cloudWatchConfig: TypeC<{
    alarmSets: ArrayC<TypeC<{
        alarms: ArrayC<TypeC<{
            alarmDescription: SizedType<string, Type<string, string, unknown>>;
            alarmName: SizedType<string, Type<string, string, unknown>>;
            comparisonOperator: SizedType<string, Type<string, string, unknown>>;
            evaluationPeriods: NumberC;
            metricName: SizedType<string, Type<string, string, unknown>>;
            namespace: SizedType<string, Type<string, string, unknown>>;
            period: NumberC;
            snsAlertLevel: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            snsTopicName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            statistic: SizedType<string, Type<string, string, unknown>>;
            threshold: NumberC;
            treatMissingData: SizedType<string, Type<string, string, unknown>>;
        }>>;
        deploymentTargets: TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>;
        regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>>;
    logGroups: OptionalType<ArrayC<TypeC<{
        deploymentTargets: TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>;
        encryption: OptionalType<TypeC<{
            kmsKeyArn: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            kmsKeyName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            useLzaManagedKey: OptionalType<BooleanC>;
        }>>;
        logGroupName: SizedType<string, Type<string, string, unknown>>;
        logRetentionInDays: NumberC;
        terminationProtected: OptionalType<BooleanC>;
    }>>>;
    metricSets: ArrayC<TypeC<{
        deploymentTargets: TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>;
        metrics: ArrayC<TypeC<{
            filterName: SizedType<string, Type<string, string, unknown>>;
            filterPattern: SizedType<string, Type<string, string, unknown>>;
            logGroupName: SizedType<string, Type<string, string, unknown>>;
            metricName: SizedType<string, Type<string, string, unknown>>;
            metricNamespace: SizedType<string, Type<string, string, unknown>>;
            metricValue: SizedType<string, Type<string, string, unknown>>;
        }>>;
        regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>>;
}> = ...
configRule: TypeC<{
    complianceResourceTypes: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    customRule: OptionalType<TypeC<{
        configurationChanges: OptionalType<BooleanC>;
        lambda: TypeC<{
            handler: SizedType<string, Type<string, string, unknown>>;
            rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
            runtime: SizedType<string, Type<string, string, unknown>>;
            sourceFilePath: SizedType<string, Type<string, string, unknown>>;
            timeout: OptionalType<NumberC>;
        }>;
        maximumExecutionFrequency: EnumType<string>;
        periodic: OptionalType<BooleanC>;
        triggeringResources: TypeC<{
            lookupKey: SizedType<string, Type<string, string, unknown>>;
            lookupType: EnumType<string>;
            lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>>;
        }>;
    }>>;
    description: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    identifier: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>;
    name: SizedType<string, Type<string, string, unknown>>;
    remediation: OptionalType<TypeC<{
        automatic: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        maximumAutomaticAttempts: OptionalType<NumberC>;
        parameters: OptionalType<ArrayC<TypeC<{
            name: SizedType<string, Type<string, string, unknown>>;
            type: EnumType<string>;
            value: SizedType<string, Type<string, string, unknown>>;
        }>>>;
        retryAttemptSeconds: OptionalType<NumberC>;
        rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
        targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        targetDocumentLambda: OptionalType<TypeC<{
            handler: SizedType<string, Type<string, string, unknown>>;
            rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
            runtime: SizedType<string, Type<string, string, unknown>>;
            sourceFilePath: SizedType<string, Type<string, string, unknown>>;
            timeout: OptionalType<NumberC>;
        }>>;
        targetId: SizedType<string, Type<string, string, unknown>>;
        targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    }>>;
    tags: OptionalType<ArrayC<TypeC<{
        key: StringC;
        value: StringC;
    }>>>;
    type: OptionalType<SizedType<string, Type<string, string, unknown>>>;
}> = ...
configRuleRemediationType: TypeC<{
    automatic: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    maximumAutomaticAttempts: OptionalType<NumberC>;
    parameters: OptionalType<ArrayC<TypeC<{
        name: SizedType<string, Type<string, string, unknown>>;
        type: EnumType<string>;
        value: SizedType<string, Type<string, string, unknown>>;
    }>>>;
    retryAttemptSeconds: OptionalType<NumberC>;
    rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
    targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    targetDocumentLambda: OptionalType<TypeC<{
        handler: SizedType<string, Type<string, string, unknown>>;
        rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
        runtime: SizedType<string, Type<string, string, unknown>>;
        sourceFilePath: SizedType<string, Type<string, string, unknown>>;
        timeout: OptionalType<NumberC>;
    }>>;
    targetId: SizedType<string, Type<string, string, unknown>>;
    targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>>;
}> = ...
customRuleConfigType: TypeC<{
    configurationChanges: OptionalType<BooleanC>;
    lambda: TypeC<{
        handler: SizedType<string, Type<string, string, unknown>>;
        rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
        runtime: SizedType<string, Type<string, string, unknown>>;
        sourceFilePath: SizedType<string, Type<string, string, unknown>>;
        timeout: OptionalType<NumberC>;
    }>;
    maximumExecutionFrequency: EnumType<string>;
    periodic: OptionalType<BooleanC>;
    triggeringResources: TypeC<{
        lookupKey: SizedType<string, Type<string, string, unknown>>;
        lookupType: EnumType<string>;
        lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>>;
    }>;
}> = ...
customRuleLambdaType: TypeC<{
    handler: SizedType<string, Type<string, string, unknown>>;
    rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
    runtime: SizedType<string, Type<string, string, unknown>>;
    sourceFilePath: SizedType<string, Type<string, string, unknown>>;
    timeout: OptionalType<NumberC>;
}> = ...
detectiveConfig: TypeC<{
    enable: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
}> = ...

AWS Detective configuration

documentConfig: TypeC<{
    name: SizedType<string, Type<string, string, unknown>>;
    template: SizedType<string, Type<string, string, unknown>>;
}> = ...
documentSetConfig: TypeC<{
    documents: ArrayC<TypeC<{
        name: SizedType<string, Type<string, string, unknown>>;
        template: SizedType<string, Type<string, string, unknown>>;
    }>>;
    shareTargets: TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>;
}> = ...
ebsDefaultVolumeEncryptionConfig: TypeC<{
    deploymentTargets: OptionalType<TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>>;
    enable: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    kmsKey: OptionalType<SizedType<string, Type<string, string, unknown>>>;
}> = ...
encryptionConfig: TypeC<{
    kmsKeyArn: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    kmsKeyName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    useLzaManagedKey: OptionalType<BooleanC>;
}> = ...
guardDutyConfig: TypeC<{
    eksProtection: OptionalType<TypeC<{
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    }>>;
    enable: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    exportConfiguration: TypeC<{
        destinationType: EnumType<string>;
        enable: BooleanC;
        exportFrequency: EnumType<string>;
        overrideExisting: OptionalType<BooleanC>;
        overrideGuardDutyPrefix: OptionalType<TypeC<{
            customOverride: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            useCustomPrefix: BooleanC;
        }>>;
    }>;
    lifecycleRules: OptionalType<ArrayC<TypeC<{
        abortIncompleteMultipartUpload: OptionalType<NumberC>;
        enabled: OptionalType<BooleanC>;
        expiration: OptionalType<NumberC>;
        expiredObjectDeleteMarker: OptionalType<BooleanC>;
        id: OptionalType<StringC>;
        noncurrentVersionExpiration: OptionalType<NumberC>;
        noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
            storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
            transitionAfter: NumberC;
        }>>>;
        prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        transitions: OptionalType<ArrayC<TypeC<{
            storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
            transitionAfter: NumberC;
        }>>>;
    }>>>;
    s3Protection: TypeC<{
        enable: BooleanC;
        excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    }>;
}> = ...

AWS GuardDuty configuration

guardDutyEksProtectionConfig: TypeC<{
    enable: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
}> = ...

AWS GuardDuty S3 Protection configuration.

guardDutyExportFindingsConfig: TypeC<{
    destinationType: EnumType<string>;
    enable: BooleanC;
    exportFrequency: EnumType<string>;
    overrideExisting: OptionalType<BooleanC>;
    overrideGuardDutyPrefix: OptionalType<TypeC<{
        customOverride: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        useCustomPrefix: BooleanC;
    }>>;
}> = ...

AWS GuardDuty Export Findings configuration.

guardDutyS3ProtectionConfig: TypeC<{
    enable: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
}> = ...

AWS GuardDuty S3 Protection configuration.

iamPasswordPolicyConfig: TypeC<{
    allowUsersToChangePassword: BooleanC;
    hardExpiry: BooleanC;
    maxPasswordAge: NumberC;
    minimumPasswordLength: NumberC;
    passwordReusePrevention: NumberC;
    requireLowercaseCharacters: BooleanC;
    requireNumbers: BooleanC;
    requireSymbols: BooleanC;
    requireUppercaseCharacters: BooleanC;
}> = ...
keyConfig: TypeC<{
    alias: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    deploymentTargets: TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>;
    description: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    enableKeyRotation: OptionalType<BooleanC>;
    enabled: OptionalType<BooleanC>;
    name: SizedType<string, Type<string, string, unknown>>;
    policy: OptionalType<SizedType<string, Type<string, string, unknown>>>;
    removalPolicy: OptionalType<EnumType<string>>;
}> = ...

AWS KMS Key configuration

keyManagementServiceConfig: TypeC<{
    keySets: ArrayC<TypeC<{
        alias: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        deploymentTargets: TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>;
        description: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        enableKeyRotation: OptionalType<BooleanC>;
        enabled: OptionalType<BooleanC>;
        name: SizedType<string, Type<string, string, unknown>>;
        policy: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        removalPolicy: OptionalType<EnumType<string>>;
    }>>;
}> = ...

KMS key management configuration

logGroupsConfig: TypeC<{
    deploymentTargets: TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>;
    encryption: OptionalType<TypeC<{
        kmsKeyArn: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        kmsKeyName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        useLzaManagedKey: OptionalType<BooleanC>;
    }>>;
    logGroupName: SizedType<string, Type<string, string, unknown>>;
    logRetentionInDays: NumberC;
    terminationProtected: OptionalType<BooleanC>;
}> = ...
macieConfig: TypeC<{
    enable: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    lifecycleRules: OptionalType<ArrayC<TypeC<{
        abortIncompleteMultipartUpload: OptionalType<NumberC>;
        enabled: OptionalType<BooleanC>;
        expiration: OptionalType<NumberC>;
        expiredObjectDeleteMarker: OptionalType<BooleanC>;
        id: OptionalType<StringC>;
        noncurrentVersionExpiration: OptionalType<NumberC>;
        noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
            storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
            transitionAfter: NumberC;
        }>>>;
        prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        transitions: OptionalType<ArrayC<TypeC<{
            storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
            transitionAfter: NumberC;
        }>>>;
    }>>>;
    policyFindingsPublishingFrequency: EnumType<string>;
    publishSensitiveDataFindings: BooleanC;
}> = ...

AWS Macie configuration

metricConfig: TypeC<{
    filterName: SizedType<string, Type<string, string, unknown>>;
    filterPattern: SizedType<string, Type<string, string, unknown>>;
    logGroupName: SizedType<string, Type<string, string, unknown>>;
    metricName: SizedType<string, Type<string, string, unknown>>;
    metricNamespace: SizedType<string, Type<string, string, unknown>>;
    metricValue: SizedType<string, Type<string, string, unknown>>;
}> = ...
metricSetConfig: TypeC<{
    deploymentTargets: TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>;
    metrics: ArrayC<TypeC<{
        filterName: SizedType<string, Type<string, string, unknown>>;
        filterPattern: SizedType<string, Type<string, string, unknown>>;
        logGroupName: SizedType<string, Type<string, string, unknown>>;
        metricName: SizedType<string, Type<string, string, unknown>>;
        metricNamespace: SizedType<string, Type<string, string, unknown>>;
        metricValue: SizedType<string, Type<string, string, unknown>>;
    }>>;
    regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
}> = ...
networkPerimeterConfig: TypeC<{
    managedVpcOnly: OptionalType<BooleanC>;
}> = ...
remediationParametersConfigType: TypeC<{
    name: SizedType<string, Type<string, string, unknown>>;
    type: EnumType<string>;
    value: SizedType<string, Type<string, string, unknown>>;
}> = ...

Config rule remediation input parameter configuration type

resourcePolicyConfig: TypeC<{
    document: SizedType<string, Type<string, string, unknown>>;
    resourceType: EnumType<"IAM_ROLE" | "LAMBDA_FUNCTION" | "S3_BUCKET" | "SNS_TOPIC" | "SQS_QUEUE" | "KMS_KEY" | "SECRETS_MANAGER_SECRET" | "ECR_REPOSITORY" | "OPENSEARCH_DOMAIN" | "APIGATEWAY_REST_API" | "LEX_BOT" | "EFS_FILE_SYSTEM" | "EVENTBRIDGE_EVENTBUS" | "BACKUP_VAULT" | "CODEARTIFACT_REPOSITORY" | "CERTIFICATE_AUTHORITY">;
}> = ...
resourcePolicyEnforcementConfig: TypeC<{
    enable: BooleanC;
    networkPerimeter: OptionalType<TypeC<{
        managedVpcOnly: OptionalType<BooleanC>;
    }>>;
    policySets: ArrayC<TypeC<{
        deploymentTargets: TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>;
        inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>;
        resourcePolicies: ArrayC<TypeC<{
            document: SizedType<string, Type<string, string, unknown>>;
            resourceType: EnumType<"IAM_ROLE" | "LAMBDA_FUNCTION" | "S3_BUCKET" | "SNS_TOPIC" | "SQS_QUEUE" | "KMS_KEY" | "SECRETS_MANAGER_SECRET" | "ECR_REPOSITORY" | "OPENSEARCH_DOMAIN" | "APIGATEWAY_REST_API" | "LEX_BOT" | "EFS_FILE_SYSTEM" | "EVENTBRIDGE_EVENTBUS" | "BACKUP_VAULT" | "CODEARTIFACT_REPOSITORY" | "CERTIFICATE_AUTHORITY">;
        }>>;
    }>>;
    remediation: TypeC<{
        automatic: BooleanC;
        maximumAutomaticAttempts: OptionalType<NumberC>;
        retryAttemptSeconds: OptionalType<NumberC>;
    }>;
}> = ...

Resource policy enforcement configuration

resourcePolicyRemediationType: TypeC<{
    automatic: BooleanC;
    maximumAutomaticAttempts: OptionalType<NumberC>;
    retryAttemptSeconds: OptionalType<NumberC>;
}> = ...
resourcePolicySetConfig: TypeC<{
    deploymentTargets: TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>;
    inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>;
    resourcePolicies: ArrayC<TypeC<{
        document: SizedType<string, Type<string, string, unknown>>;
        resourceType: EnumType<"IAM_ROLE" | "LAMBDA_FUNCTION" | "S3_BUCKET" | "SNS_TOPIC" | "SQS_QUEUE" | "KMS_KEY" | "SECRETS_MANAGER_SECRET" | "ECR_REPOSITORY" | "OPENSEARCH_DOMAIN" | "APIGATEWAY_REST_API" | "LEX_BOT" | "EFS_FILE_SYSTEM" | "EVENTBRIDGE_EVENTBUS" | "BACKUP_VAULT" | "CODEARTIFACT_REPOSITORY" | "CERTIFICATE_AUTHORITY">;
    }>>;
}> = ...
resourceTypeEnum: EnumType<"IAM_ROLE" | "LAMBDA_FUNCTION" | "S3_BUCKET" | "SNS_TOPIC" | "SQS_QUEUE" | "KMS_KEY" | "SECRETS_MANAGER_SECRET" | "ECR_REPOSITORY" | "OPENSEARCH_DOMAIN" | "APIGATEWAY_REST_API" | "LEX_BOT" | "EFS_FILE_SYSTEM" | "EVENTBRIDGE_EVENTBUS" | "BACKUP_VAULT" | "CODEARTIFACT_REPOSITORY" | "CERTIFICATE_AUTHORITY"> = ...
s3PublicAccessBlockConfig: TypeC<{
    enable: BooleanC;
    excludeAccounts: OptionalType<ArrayC<StringC>>;
}> = ...

Amazon Web Services S3 configuration

scpRevertChangesConfig: TypeC<{
    enable: BooleanC;
    snsTopicName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
}> = ...

Revert Manual Service Control Policy (SCP) Changes configuration

securityConfig: TypeC<{
    accessAnalyzer: TypeC<{
        enable: BooleanC;
    }>;
    awsConfig: TypeC<{
        aggregation: OptionalType<TypeC<{
            delegatedAdminAccount: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            enable: BooleanC;
        }>>;
        enableConfigurationRecorder: BooleanC;
        enableDeliveryChannel: OptionalType<BooleanC>;
        overrideExisting: OptionalType<BooleanC>;
        ruleSets: ArrayC<TypeC<{
            deploymentTargets: TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>;
            rules: ArrayC<TypeC<{
                complianceResourceTypes: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                customRule: OptionalType<TypeC<{
                    configurationChanges: OptionalType<BooleanC>;
                    lambda: TypeC<{
                        handler: SizedType<string, Type<string, string, unknown>>;
                        rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                        runtime: SizedType<string, Type<string, string, unknown>>;
                        sourceFilePath: SizedType<string, Type<string, string, unknown>>;
                        timeout: OptionalType<NumberC>;
                    }>;
                    maximumExecutionFrequency: EnumType<string>;
                    periodic: OptionalType<BooleanC>;
                    triggeringResources: TypeC<{
                        lookupKey: SizedType<string, Type<string, string, unknown>>;
                        lookupType: EnumType<string>;
                        lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>>;
                    }>;
                }>>;
                description: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                identifier: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>;
                name: SizedType<string, Type<string, string, unknown>>;
                remediation: OptionalType<TypeC<{
                    automatic: BooleanC;
                    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
                    maximumAutomaticAttempts: OptionalType<NumberC>;
                    parameters: OptionalType<ArrayC<TypeC<{
                        name: SizedType<string, Type<string, string, unknown>>;
                        type: EnumType<string>;
                        value: SizedType<string, Type<string, string, unknown>>;
                    }>>>;
                    retryAttemptSeconds: OptionalType<NumberC>;
                    rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                    targetAccountName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                    targetDocumentLambda: OptionalType<TypeC<{
                        handler: SizedType<string, Type<string, string, unknown>>;
                        rolePolicyFile: SizedType<string, Type<string, string, unknown>>;
                        runtime: SizedType<string, Type<string, string, unknown>>;
                        sourceFilePath: SizedType<string, Type<string, string, unknown>>;
                        timeout: OptionalType<NumberC>;
                    }>>;
                    targetId: SizedType<string, Type<string, string, unknown>>;
                    targetVersion: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                }>>;
                tags: OptionalType<ArrayC<TypeC<{
                    key: StringC;
                    value: StringC;
                }>>>;
                type: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            }>>;
        }>>;
    }>;
    centralSecurityServices: TypeC<{
        auditManager: OptionalType<TypeC<{
            defaultReportsConfiguration: TypeC<{
                destinationType: EnumType<string>;
                enable: BooleanC;
            }>;
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            lifecycleRules: OptionalType<ArrayC<TypeC<{
                abortIncompleteMultipartUpload: OptionalType<NumberC>;
                enabled: OptionalType<BooleanC>;
                expiration: OptionalType<NumberC>;
                expiredObjectDeleteMarker: OptionalType<BooleanC>;
                id: OptionalType<StringC>;
                noncurrentVersionExpiration: OptionalType<NumberC>;
                noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
                    storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                    transitionAfter: NumberC;
                }>>>;
                prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                transitions: OptionalType<ArrayC<TypeC<{
                    storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                    transitionAfter: NumberC;
                }>>>;
            }>>>;
        }>>;
        delegatedAdminAccount: SizedType<string, Type<string, string, unknown>>;
        detective: OptionalType<TypeC<{
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        }>>;
        ebsDefaultVolumeEncryption: TypeC<{
            deploymentTargets: OptionalType<TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>>;
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            kmsKey: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        }>;
        guardduty: TypeC<{
            eksProtection: OptionalType<TypeC<{
                enable: BooleanC;
                excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            }>>;
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            exportConfiguration: TypeC<{
                destinationType: EnumType<string>;
                enable: BooleanC;
                exportFrequency: EnumType<string>;
                overrideExisting: OptionalType<BooleanC>;
                overrideGuardDutyPrefix: OptionalType<TypeC<{
                    customOverride: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                    useCustomPrefix: BooleanC;
                }>>;
            }>;
            lifecycleRules: OptionalType<ArrayC<TypeC<{
                abortIncompleteMultipartUpload: OptionalType<NumberC>;
                enabled: OptionalType<BooleanC>;
                expiration: OptionalType<NumberC>;
                expiredObjectDeleteMarker: OptionalType<BooleanC>;
                id: OptionalType<StringC>;
                noncurrentVersionExpiration: OptionalType<NumberC>;
                noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
                    storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                    transitionAfter: NumberC;
                }>>>;
                prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                transitions: OptionalType<ArrayC<TypeC<{
                    storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                    transitionAfter: NumberC;
                }>>>;
            }>>>;
            s3Protection: TypeC<{
                enable: BooleanC;
                excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            }>;
        }>;
        macie: TypeC<{
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            lifecycleRules: OptionalType<ArrayC<TypeC<{
                abortIncompleteMultipartUpload: OptionalType<NumberC>;
                enabled: OptionalType<BooleanC>;
                expiration: OptionalType<NumberC>;
                expiredObjectDeleteMarker: OptionalType<BooleanC>;
                id: OptionalType<StringC>;
                noncurrentVersionExpiration: OptionalType<NumberC>;
                noncurrentVersionTransitions: OptionalType<ArrayC<TypeC<{
                    storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                    transitionAfter: NumberC;
                }>>>;
                prefix: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                transitions: OptionalType<ArrayC<TypeC<{
                    storageClass: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">;
                    transitionAfter: NumberC;
                }>>>;
            }>>>;
            policyFindingsPublishingFrequency: EnumType<string>;
            publishSensitiveDataFindings: BooleanC;
        }>;
        s3PublicAccessBlock: TypeC<{
            enable: BooleanC;
            excludeAccounts: OptionalType<ArrayC<StringC>>;
        }>;
        scpRevertChangesConfig: OptionalType<TypeC<{
            enable: BooleanC;
            snsTopicName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
        }>>;
        securityHub: TypeC<{
            enable: BooleanC;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
            logging: OptionalType<TypeC<{
                cloudWatch: OptionalType<TypeC<{
                    enable: BooleanC;
                }>>;
            }>>;
            notificationLevel: OptionalType<StringC>;
            regionAggregation: OptionalType<BooleanC>;
            snsTopicName: OptionalType<StringC>;
            standards: ArrayC<TypeC<{
                controlsToDisable: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                deploymentTargets: OptionalType<TypeC<{
                    accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                    excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                    excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                    organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                }>>;
                enable: BooleanC;
                name: EnumType<string>;
            }>>;
        }>;
        ssmAutomation: TypeC<{
            documentSets: ArrayC<TypeC<{
                documents: ArrayC<TypeC<{
                    name: SizedType<string, Type<string, string, unknown>>;
                    template: SizedType<string, Type<string, string, unknown>>;
                }>>;
                shareTargets: TypeC<{
                    accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                    organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                }>;
            }>>;
            excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
        }>;
    }>;
    cloudWatch: TypeC<{
        alarmSets: ArrayC<TypeC<{
            alarms: ArrayC<TypeC<{
                alarmDescription: SizedType<string, Type<string, string, unknown>>;
                alarmName: SizedType<string, Type<string, string, unknown>>;
                comparisonOperator: SizedType<string, Type<string, string, unknown>>;
                evaluationPeriods: NumberC;
                metricName: SizedType<string, Type<string, string, unknown>>;
                namespace: SizedType<string, Type<string, string, unknown>>;
                period: NumberC;
                snsAlertLevel: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                snsTopicName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                statistic: SizedType<string, Type<string, string, unknown>>;
                threshold: NumberC;
                treatMissingData: SizedType<string, Type<string, string, unknown>>;
            }>>;
            deploymentTargets: TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>;
            regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>>;
        logGroups: OptionalType<ArrayC<TypeC<{
            deploymentTargets: TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>;
            encryption: OptionalType<TypeC<{
                kmsKeyArn: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                kmsKeyName: OptionalType<SizedType<string, Type<string, string, unknown>>>;
                useLzaManagedKey: OptionalType<BooleanC>;
            }>>;
            logGroupName: SizedType<string, Type<string, string, unknown>>;
            logRetentionInDays: NumberC;
            terminationProtected: OptionalType<BooleanC>;
        }>>>;
        metricSets: ArrayC<TypeC<{
            deploymentTargets: TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>;
            metrics: ArrayC<TypeC<{
                filterName: SizedType<string, Type<string, string, unknown>>;
                filterPattern: SizedType<string, Type<string, string, unknown>>;
                logGroupName: SizedType<string, Type<string, string, unknown>>;
                metricName: SizedType<string, Type<string, string, unknown>>;
                metricNamespace: SizedType<string, Type<string, string, unknown>>;
                metricValue: SizedType<string, Type<string, string, unknown>>;
            }>>;
            regions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>>;
    }>;
    iamPasswordPolicy: TypeC<{
        allowUsersToChangePassword: BooleanC;
        hardExpiry: BooleanC;
        maxPasswordAge: NumberC;
        minimumPasswordLength: NumberC;
        passwordReusePrevention: NumberC;
        requireLowercaseCharacters: BooleanC;
        requireNumbers: BooleanC;
        requireSymbols: BooleanC;
        requireUppercaseCharacters: BooleanC;
    }>;
    keyManagementService: OptionalType<TypeC<{
        keySets: ArrayC<TypeC<{
            alias: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            deploymentTargets: TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>;
            description: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            enableKeyRotation: OptionalType<BooleanC>;
            enabled: OptionalType<BooleanC>;
            name: SizedType<string, Type<string, string, unknown>>;
            policy: OptionalType<SizedType<string, Type<string, string, unknown>>>;
            removalPolicy: OptionalType<EnumType<string>>;
        }>>;
    }>>;
    resourcePolicyEnforcement: OptionalType<TypeC<{
        enable: BooleanC;
        networkPerimeter: OptionalType<TypeC<{
            managedVpcOnly: OptionalType<BooleanC>;
        }>>;
        policySets: ArrayC<TypeC<{
            deploymentTargets: TypeC<{
                accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
                organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            }>;
            inputParameters: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>;
            resourcePolicies: ArrayC<TypeC<{
                document: SizedType<string, Type<string, string, unknown>>;
                resourceType: EnumType<"IAM_ROLE" | "LAMBDA_FUNCTION" | "S3_BUCKET" | "SNS_TOPIC" | "SQS_QUEUE" | "KMS_KEY" | "SECRETS_MANAGER_SECRET" | "ECR_REPOSITORY" | "OPENSEARCH_DOMAIN" | "APIGATEWAY_REST_API" | "LEX_BOT" | "EFS_FILE_SYSTEM" | "EVENTBRIDGE_EVENTBUS" | "BACKUP_VAULT" | "CODEARTIFACT_REPOSITORY" | "CERTIFICATE_AUTHORITY">;
            }>>;
        }>>;
        remediation: TypeC<{
            automatic: BooleanC;
            maximumAutomaticAttempts: OptionalType<NumberC>;
            retryAttemptSeconds: OptionalType<NumberC>;
        }>;
    }>>;
}> = ...
securityHubConfig: TypeC<{
    enable: BooleanC;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
    logging: OptionalType<TypeC<{
        cloudWatch: OptionalType<TypeC<{
            enable: BooleanC;
        }>>;
    }>>;
    notificationLevel: OptionalType<StringC>;
    regionAggregation: OptionalType<BooleanC>;
    snsTopicName: OptionalType<StringC>;
    standards: ArrayC<TypeC<{
        controlsToDisable: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        deploymentTargets: OptionalType<TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>>;
        enable: BooleanC;
        name: EnumType<string>;
    }>>;
}> = ...
securityHubLoggingCloudwatchConfig: TypeC<{
    enable: BooleanC;
}> = ...
securityHubLoggingConfig: TypeC<{
    cloudWatch: OptionalType<TypeC<{
        enable: BooleanC;
    }>>;
}> = ...
securityHubStandardConfig: TypeC<{
    controlsToDisable: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    deploymentTargets: OptionalType<TypeC<{
        accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedAccounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        excludedRegions: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
    }>>;
    enable: BooleanC;
    name: EnumType<string>;
}> = ...

AWS Security Hub standards configuration

snsSubscriptionConfig: TypeC<{
    email: SizedType<string, Type<string, string, unknown>>;
    level: SizedType<string, Type<string, string, unknown>>;
}> = ...

SNS notification subscription configuration. Deprecated Replaced by snsTopics in global config

ssmAutomationConfig: TypeC<{
    documentSets: ArrayC<TypeC<{
        documents: ArrayC<TypeC<{
            name: SizedType<string, Type<string, string, unknown>>;
            template: SizedType<string, Type<string, string, unknown>>;
        }>>;
        shareTargets: TypeC<{
            accounts: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
            organizationalUnits: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>;
        }>;
    }>>;
    excludeRegions: OptionalType<ArrayC<EnumType<string>>>;
}> = ...
triggeringResourceType: TypeC<{
    lookupKey: SizedType<string, Type<string, string, unknown>>;
    lookupType: EnumType<string>;
    lookupValue: ArrayC<SizedType<string, Type<string, string, unknown>>>;
}> = ...

Generated using TypeDoc