security
Config
: TypeC<{ accessAnalyzer
: TypeC<{ enable
: BooleanC; }>; awsConfig
: TypeC<{ aggregation
: OptionalType<TypeC<{ delegatedAdminAccount
: OptionalType<SizedType<string, Type<string, string, unknown>>>; enable
: BooleanC; }>>; enableConfigurationRecorder
: BooleanC; enableDeliveryChannel
: BooleanC; ruleSets
: ArrayC<TypeC<{ deploymentTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>; rules
: ArrayC<TypeC<{ complianceResourceTypes
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; customRule
: OptionalType<TypeC<{ configurationChanges
: OptionalType<BooleanC>; lambda
: TypeC<{ handler
: SizedType<string, Type<string, string, unknown>>; rolePolicyFile
: SizedType<string, Type<string, string, unknown>>; runtime
: SizedType<string, Type<string, string, unknown>>; sourceFilePath
: SizedType<string, Type<string, string, unknown>>; timeout
: OptionalType<NumberC>; }>; maximumExecutionFrequency
: EnumType<string>; periodic
: OptionalType<BooleanC>; triggeringResources
: TypeC<{ lookupKey
: SizedType<string, Type<string, string, unknown>>; lookupType
: EnumType<string>; lookupValue
: ArrayC<SizedType<string, Type<string, string, unknown>>>; }>; }>>; description
: OptionalType<SizedType<string, Type<string, string, unknown>>>; identifier
: OptionalType<SizedType<string, Type<string, string, unknown>>>; inputParameters
: OptionalType<RecordC<SizedType<string, Type<string, string, unknown>>, SizedType<string, Type<string, string, unknown>>>>; name
: SizedType<string, Type<string, string, unknown>>; remediation
: OptionalType<TypeC<{ automatic
: BooleanC; maximumAutomaticAttempts
: OptionalType<NumberC>; parameters
: OptionalType<ArrayC<TypeC<{ name
: SizedType<string, Type<string, string, unknown>>; type
: EnumType<string>; value
: SizedType<string, Type<string, string, unknown>>; }>>>; retryAttemptSeconds
: OptionalType<NumberC>; rolePolicyFile
: SizedType<string, Type<string, string, unknown>>; targetAccountName
: OptionalType<SizedType<string, Type<string, string, unknown>>>; targetDocumentLambda
: OptionalType<TypeC<{ handler
: SizedType<string, Type<string, string, unknown>>; rolePolicyFile
: SizedType<string, Type<string, string, unknown>>; runtime
: SizedType<string, Type<string, string, unknown>>; sourceFilePath
: SizedType<string, Type<string, string, unknown>>; timeout
: OptionalType<NumberC>; }>>; targetId
: SizedType<string, Type<string, string, unknown>>; targetVersion
: OptionalType<SizedType<string, Type<string, string, unknown>>>; }>>; tags
: OptionalType<ArrayC<TypeC<{ key
: StringC; value
: StringC; }>>>; type
: OptionalType<SizedType<string, Type<string, string, unknown>>>; }>>; }>>; }>; centralSecurityServices
: TypeC<{ auditManager
: OptionalType<TypeC<{ defaultReportsConfiguration
: TypeC<{ destinationType
: EnumType<string>; enable
: BooleanC; }>; enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ca-central-1" | "eu-central-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-north-1" | "eu-south-1" | "eu-south-2" | "me-central-1" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2" | "cn-north-1" | "cn-northwest-1" | "eu-central-2" | "ap-south-2" | "us-gov-west-1" | "us-gov-east-1" | "us-iso-east-1" | "us-iso-west-1" | "us-isob-east-1" | "ap-southeast-4">>>; lifecycleRules
: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload
: OptionalType<NumberC>; enabled
: OptionalType<BooleanC>; expiration
: OptionalType<NumberC>; expiredObjectDeleteMarker
: OptionalType<BooleanC>; id
: OptionalType<StringC>; noncurrentVersionExpiration
: OptionalType<NumberC>; noncurrentVersionTransitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC; }>>>; transitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC; }>>>; }>>>; }>>; delegatedAdminAccount
: SizedType<string, Type<string, string, unknown>>; detective
: OptionalType<TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ca-central-1" | "eu-central-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-north-1" | "eu-south-1" | "eu-south-2" | "me-central-1" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2" | "cn-north-1" | "cn-northwest-1" | "eu-central-2" | "ap-south-2" | "us-gov-west-1" | "us-gov-east-1" | "us-iso-east-1" | "us-iso-west-1" | "us-isob-east-1" | "ap-southeast-4">>>; }>>; ebsDefaultVolumeEncryption
: TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ca-central-1" | "eu-central-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-north-1" | "eu-south-1" | "eu-south-2" | "me-central-1" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2" | "cn-north-1" | "cn-northwest-1" | "eu-central-2" | "ap-south-2" | "us-gov-west-1" | "us-gov-east-1" | "us-iso-east-1" | "us-iso-west-1" | "us-isob-east-1" | "ap-southeast-4">>>; kmsKey
: OptionalType<SizedType<string, Type<string, string, unknown>>>; }>; guardduty
: TypeC<{ eksProtection
: OptionalType<TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ca-central-1" | "eu-central-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-north-1" | "eu-south-1" | "eu-south-2" | "me-central-1" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2" | "cn-north-1" | "cn-northwest-1" | "eu-central-2" | "ap-south-2" | "us-gov-west-1" | "us-gov-east-1" | "us-iso-east-1" | "us-iso-west-1" | "us-isob-east-1" | "ap-southeast-4">>>; }>>; enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ca-central-1" | "eu-central-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-north-1" | "eu-south-1" | "eu-south-2" | "me-central-1" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2" | "cn-north-1" | "cn-northwest-1" | "eu-central-2" | "ap-south-2" | "us-gov-west-1" | "us-gov-east-1" | "us-iso-east-1" | "us-iso-west-1" | "us-isob-east-1" | "ap-southeast-4">>>; exportConfiguration
: TypeC<{ destinationType
: EnumType<string>; enable
: BooleanC; exportFrequency
: EnumType<string>; overrideExisting
: OptionalType<BooleanC>; }>; lifecycleRules
: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload
: OptionalType<NumberC>; enabled
: OptionalType<BooleanC>; expiration
: OptionalType<NumberC>; expiredObjectDeleteMarker
: OptionalType<BooleanC>; id
: OptionalType<StringC>; noncurrentVersionExpiration
: OptionalType<NumberC>; noncurrentVersionTransitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC; }>>>; transitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC; }>>>; }>>>; s3Protection
: TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ca-central-1" | "eu-central-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-north-1" | "eu-south-1" | "eu-south-2" | "me-central-1" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2" | "cn-north-1" | "cn-northwest-1" | "eu-central-2" | "ap-south-2" | "us-gov-west-1" | "us-gov-east-1" | "us-iso-east-1" | "us-iso-west-1" | "us-isob-east-1" | "ap-southeast-4">>>; }>; }>; macie
: TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ca-central-1" | "eu-central-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-north-1" | "eu-south-1" | "eu-south-2" | "me-central-1" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2" | "cn-north-1" | "cn-northwest-1" | "eu-central-2" | "ap-south-2" | "us-gov-west-1" | "us-gov-east-1" | "us-iso-east-1" | "us-iso-west-1" | "us-isob-east-1" | "ap-southeast-4">>>; lifecycleRules
: OptionalType<ArrayC<TypeC<{ abortIncompleteMultipartUpload
: OptionalType<NumberC>; enabled
: OptionalType<BooleanC>; expiration
: OptionalType<NumberC>; expiredObjectDeleteMarker
: OptionalType<BooleanC>; id
: OptionalType<StringC>; noncurrentVersionExpiration
: OptionalType<NumberC>; noncurrentVersionTransitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC; }>>>; transitions
: OptionalType<ArrayC<TypeC<{ storageClass
: EnumType<"STANDARD_IA" | "ONEZONE_IA" | "INTELLIGENT_TIERING" | "GLACIER" | "DEEP_ARCHIVE" | "GLACIER_IR" | "Value should be an AWS S3 Storage Class.">; transitionAfter
: NumberC; }>>>; }>>>; policyFindingsPublishingFrequency
: EnumType<string>; publishSensitiveDataFindings
: BooleanC; }>; s3PublicAccessBlock
: TypeC<{ enable
: BooleanC; excludeAccounts
: OptionalType<ArrayC<StringC>>; }>; scpRevertChangesConfig
: OptionalType<TypeC<{ enable
: BooleanC; snsTopicName
: OptionalType<SizedType<string, Type<string, string, unknown>>>; }>>; securityHub
: TypeC<{ enable
: BooleanC; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ca-central-1" | "eu-central-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-north-1" | "eu-south-1" | "eu-south-2" | "me-central-1" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2" | "cn-north-1" | "cn-northwest-1" | "eu-central-2" | "ap-south-2" | "us-gov-west-1" | "us-gov-east-1" | "us-iso-east-1" | "us-iso-west-1" | "us-isob-east-1" | "ap-southeast-4">>>; notificationLevel
: OptionalType<StringC>; regionAggregation
: OptionalType<BooleanC>; snsTopicName
: OptionalType<StringC>; standards
: ArrayC<TypeC<{ controlsToDisable
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; enable
: BooleanC; name
: EnumType<string>; }>>; }>; ssmAutomation
: TypeC<{ documentSets
: ArrayC<TypeC<{ documents
: ArrayC<TypeC<{ name
: SizedType<string, Type<string, string, unknown>>; template
: SizedType<string, Type<string, string, unknown>>; }>>; shareTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>; }>>; excludeRegions
: OptionalType<ArrayC<EnumType<"af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ca-central-1" | "eu-central-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-north-1" | "eu-south-1" | "eu-south-2" | "me-central-1" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2" | "cn-north-1" | "cn-northwest-1" | "eu-central-2" | "ap-south-2" | "us-gov-west-1" | "us-gov-east-1" | "us-iso-east-1" | "us-iso-west-1" | "us-isob-east-1" | "ap-southeast-4">>>; }>; }>; cloudWatch
: TypeC<{ alarmSets
: ArrayC<TypeC<{ alarms
: ArrayC<TypeC<{ alarmDescription
: SizedType<string, Type<string, string, unknown>>; alarmName
: SizedType<string, Type<string, string, unknown>>; comparisonOperator
: SizedType<string, Type<string, string, unknown>>; evaluationPeriods
: NumberC; metricName
: SizedType<string, Type<string, string, unknown>>; namespace
: SizedType<string, Type<string, string, unknown>>; period
: NumberC; snsAlertLevel
: OptionalType<SizedType<string, Type<string, string, unknown>>>; snsTopicName
: OptionalType<SizedType<string, Type<string, string, unknown>>>; statistic
: SizedType<string, Type<string, string, unknown>>; threshold
: NumberC; treatMissingData
: SizedType<string, Type<string, string, unknown>>; }>>; deploymentTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>; regions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>>; metricSets
: ArrayC<TypeC<{ deploymentTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>; metrics
: ArrayC<TypeC<{ filterName
: SizedType<string, Type<string, string, unknown>>; filterPattern
: SizedType<string, Type<string, string, unknown>>; logGroupName
: SizedType<string, Type<string, string, unknown>>; metricName
: SizedType<string, Type<string, string, unknown>>; metricNamespace
: SizedType<string, Type<string, string, unknown>>; metricValue
: SizedType<string, Type<string, string, unknown>>; }>>; regions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>>; }>; iamPasswordPolicy
: TypeC<{ allowUsersToChangePassword
: BooleanC; hardExpiry
: BooleanC; maxPasswordAge
: NumberC; minimumPasswordLength
: NumberC; passwordReusePrevention
: NumberC; requireLowercaseCharacters
: BooleanC; requireNumbers
: BooleanC; requireSymbols
: BooleanC; requireUppercaseCharacters
: BooleanC; }>; keyManagementService
: OptionalType<TypeC<{ keySets
: ArrayC<TypeC<{ alias
: OptionalType<SizedType<string, Type<string, string, unknown>>>; deploymentTargets
: TypeC<{ accounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedAccounts
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; excludedRegions
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; organizationalUnits
: OptionalType<ArrayC<SizedType<string, Type<string, string, unknown>>>>; }>; description
: OptionalType<SizedType<string, Type<string, string, unknown>>>; enableKeyRotation
: OptionalType<BooleanC>; enabled
: OptionalType<BooleanC>; name
: SizedType<string, Type<string, string, unknown>>; policy
: OptionalType<SizedType<string, Type<string, string, unknown>>>; removalPolicy
: OptionalType<EnumType<string>>; }>>; }>>; }> = ...
AWS Accelerator SecurityConfig Types