pulumi-alicloud-kotlin/com.pulumi.alicloud.cfg.kotlin/Rule

Rule

class Rule : KotlinCustomResource

Provides a Config Rule resource. For information about Config Rule and how to use it, see What is Rule.

NOTE: Available since v1.204.0.

Example Usage

Basic Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.resourcemanager.ResourcemanagerFunctions;
import com.pulumi.alicloud.resourcemanager.inputs.GetResourceGroupsArgs;
import com.pulumi.alicloud.cfg.Rule;
import com.pulumi.alicloud.cfg.RuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var defaultResourceGroups = ResourcemanagerFunctions.getResourceGroups(GetResourceGroupsArgs.builder()
            .status("OK")
            .build());
        var defaultRule = new Rule("defaultRule", RuleArgs.builder()
            .description("If the resource matches one of the specified tag key-value pairs, the configuration is considered compliant.")
            .sourceOwner("ALIYUN")
            .sourceIdentifier("contains-tag")
            .riskLevel(1)
            .tagValueScope("example-value")
            .tagKeyScope("example-key")
            .excludeResourceIdsScope("example-resource_id")
            .regionIdsScope("cn-hangzhou")
            .configRuleTriggerTypes("ConfigurationItemChangeNotification")
            .resourceGroupIdsScope(defaultResourceGroups.applyValue(getResourceGroupsResult -> getResourceGroupsResult.ids()[0]))
            .resourceTypesScopes("ACS::RDS::DBInstance")
            .ruleName("contains-tag")
            .inputParameters(Map.ofEntries(
                Map.entry("key", "example"),
                Map.entry("value", "example")
            ))
            .build());
    }
}

Import

Config Rule can be imported using the id, e.g.

$ pulumi import alicloud:cfg/rule:Rule example <id>

Properties

accountId

val accountId: Output<Int>

The ID of Alicloud account.

compliance

val compliance: Output<RuleCompliance>

compliance information.

compliancePackId

val compliancePackId: Output<String>

Compliance Package ID.

configRuleArn

val configRuleArn: Output<String>

config rule arn.

configRuleId

val configRuleId: Output<String>

The ID of the rule.

configRuleTriggerTypes

val configRuleTriggerTypes: Output<String>

The trigger type of the rule. Valid values: ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.

createTime

val createTime: Output<Int>

The timestamp when the rule was created.

description

val description: Output<String>?

The description of the rule.

eventSource

val eventSource: Output<String>

The event source of the rule.

excludeResourceIdsScope

val excludeResourceIdsScope: Output<String>?

The rule monitors excluded resource IDs, multiple of which are separated by commas, only applies to rules created based on managed rules, , custom rule this field is empty.

val id: Output<String>

inputParameters

val inputParameters: Output<Map<String, Any>>?

The settings of the input parameters for the rule.

maximumExecutionFrequency

val maximumExecutionFrequency: Output<String>

The frequency of the compliance evaluations, it is required if the ConfigRuleTriggerTypes value is ScheduledNotification. Valid values: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, TwentyFour_Hours.

modifiedTimestamp

val modifiedTimestamp: Output<Int>

The timestamp when the rule was last modified.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

regionIdsScope

val regionIdsScope: Output<String>?

The rule monitors region IDs, separated by commas, only applies to rules created based on managed rules.

resourceGroupIdsScope

val resourceGroupIdsScope: Output<String>?

The rule monitors resource group IDs, separated by commas, only applies to rules created based on managed rules.

resourceTypesScopes

val resourceTypesScopes: Output<List<String>>

The types of the resources to be evaluated against the rule.

riskLevel

val riskLevel: Output<Int>

The risk level of the resources that are not compliant with the rule. Valid values: 1: critical 2: warning 3: info

ruleName

val ruleName: Output<String>

The name of the rule.

scopeComplianceResourceTypes

val ~~scopeComplianceResourceTypes~~: Output<String>

Field 'scope_compliance_resource_types' has been deprecated from provider version 1.124.1. New field 'resource_types_scope' instead.

sourceDetailMessageType

val ~~sourceDetailMessageType~~: Output<String>

Field 'source_detail_message_type' has been deprecated from provider version 1.124.1. New field 'config_rule_trigger_types' instead.

sourceIdentifier

val sourceIdentifier: Output<String>

The identifier of the rule. For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule.

sourceMaximumExecutionFrequency

val ~~sourceMaximumExecutionFrequency~~: Output<String>

Field 'source_maximum_execution_frequency' has been deprecated from provider version 1.124.1. New field 'maximum_execution_frequency' instead.

sourceOwner

val sourceOwner: Output<String>

Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values: CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule

status

val status: Output<String>

The status of the rule. Valid values: ACTIVE: The rule is monitoring the configurations of target resources. DELETING_RESULTS: The compliance evaluation result returned by the rule is being deleted. EVALUATING: The rule is triggered and is evaluating whether the configurations of target resources are compliant. INACTIVE: The rule is disabled from monitoring the configurations of target resources.

tagKeyScope

val tagKeyScope: Output<String>?

The rule monitors the tag key, only applies to rules created based on managed rules.

tagValueScope

val tagValueScope: Output<String>?

The rule monitors the tag value, only applies to rules created based on managed rules. The following arguments will be discarded. Please use new fields as soon as possible:

urn

val urn: Output<String>