Class AwsConfig

AWS Config Recorder and Rules

Example

awsConfig:
  enableConfigurationRecorder: false
  ** enableDeliveryChannel DEPRECATED
  enableDeliveryChannel: true
  overrideExisting: false
  aggregation:
    enable: true
    delegatedAdminAccount: LogArchive
  ruleSets:
    - deploymentTargets:
        organizationalUnits:
          - Root
      rules:
        - name: accelerator-iam-user-group-membership-check
          complianceResourceTypes:
            - AWS::IAM::User
          identifier: IAM_USER_GROUP_MEMBERSHIP_CHECK

Hierarchy

AwsConfig

Implements

TypeOf<typeof awsConfig>

Index

Constructors

constructor

Properties

aggregation enableConfigurationRecorder enableDeliveryChannel overrideExisting ruleSets

Constructors

constructor

new AwsConfig(): AwsConfig
Returns AwsConfig

Properties

`Readonly` aggregation

aggregation: undefined | AwsConfigAggregation

Config Recorder Aggregation configuration

`Readonly` enableConfigurationRecorder

enableConfigurationRecorder: false = false

Indicates whether AWS Config recorder enabled.

To enable AWS Config, you must create a configuration recorder

ConfigurationRecorder resource describes the AWS resource types for which AWS Config records configuration changes. The configuration recorder stores the configurations of the supported resources in your account as configuration items.

`Readonly` enableDeliveryChannel

enableDeliveryChannel: undefined | boolean

Indicates whether delivery channel enabled.

AWS Config uses the delivery channel to deliver the configuration changes to your Amazon S3 bucket. DEPRECATED

`Readonly` overrideExisting

overrideExisting: undefined | boolean

Indicates whether or not to override existing config recorder settings Must be enabled if any account and region combination has an existing config recorder, even if config recording is turned off The Landing Zone Accelerator will override the settings in all configured accounts and regions ** Do not enable this setting if you have deployed LZA ** successfully with enableConfigurationRecorder set to true ** and overrideExisting either unset or set to false ** Doing so will cause a resource conflict When the overrideExisting property is enabled ensure that any scp's are not blocking the passRole iam permission for the iam role name {acceleratorPrefix}Config

`Readonly` ruleSets

ruleSets: AwsConfigRuleSet[] = []

AWS Config rule sets

Class AwsConfig

Example

Hierarchy

Implements

Index

Constructors

Properties

Constructors

constructor

Returns AwsConfig

Properties

`Readonly` aggregation

`Readonly` enableConfigurationRecorder

`Readonly` enableDeliveryChannel

`Readonly` overrideExisting

`Readonly` ruleSets

Settings

Member Visibility

Theme

Class AwsConfig

Example

Hierarchy

Implements

Index

Constructors

Properties

Constructors

constructor

Returns AwsConfig

Properties

Readonly aggregation

Readonly enableConfigurationRecorder

Readonly enableDeliveryChannel

Readonly overrideExisting

Readonly ruleSets

Settings

Member Visibility

Theme

`Readonly` aggregation

`Readonly` enableConfigurationRecorder

`Readonly` enableDeliveryChannel

`Readonly` overrideExisting

`Readonly` ruleSets