SecurityConfig / AwsConfig

AWS Config Recorder and Rules

Example

awsConfig:
enableConfigurationRecorder: true
enableDeliveryChannel: true
aggregation:
enable: true
delegatedAdminAccount: LogArchive
ruleSets:
- deploymentTargets:
organizationalUnits:
- Root
rules:
- name: accelerator-iam-user-group-membership-check
complianceResourceTypes:
- AWS::IAM::User
identifier: IAM_USER_GROUP_MEMBERSHIP_CHECK

Hierarchy

  • AwsConfig

Implements

Constructors

Properties

aggregation: undefined | AwsConfigAggregation

Config Recorder Aggregation configuration

enableConfigurationRecorder: true = true

Indicates whether AWS Config recorder enabled.

To enable AWS Config, you must create a configuration recorder and a delivery channel.

ConfigurationRecorder resource describes the AWS resource types for which AWS Config records configuration changes. The configuration recorder stores the configurations of the supported resources in your account as configuration items.

enableDeliveryChannel: true = true

Indicates whether delivery channel enabled.

AWS Config uses the delivery channel to deliver the configuration changes to your Amazon S3 bucket or Amazon SNS topic.

ruleSets: AwsConfigRuleSet[] = []

AWS Config rule sets

Generated using TypeDoc