pulumi-alicloud-kotlin/com.pulumi.alicloud.cfg.kotlin/Rule

Rule

class Rule : KotlinCustomResource

Provides a Config Rule resource. For information about Config Rule and how to use it, see What is Rule.

NOTE: Available since v1.204.0.

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const _default = alicloud.resourcemanager.getResourceGroups({
    status: "OK",
});
const defaultRule = new alicloud.cfg.Rule("default", {
    description: "If the resource matches one of the specified tag key-value pairs, the configuration is considered compliant.",
    sourceOwner: "ALIYUN",
    sourceIdentifier: "contains-tag",
    riskLevel: 1,
    tagValueScope: "example-value",
    tagKeyScope: "example-key",
    excludeResourceIdsScope: "example-resource_id",
    regionIdsScope: "cn-hangzhou",
    configRuleTriggerTypes: "ConfigurationItemChangeNotification",
    resourceGroupIdsScope: _default.then(_default => _default.ids?.[0]),
    resourceTypesScopes: ["ACS::RDS::DBInstance"],
    ruleName: "contains-tag",
    inputParameters: {
        key1: "value1",
        key2: "value2",
    },
});

import pulumi
import pulumi_alicloud as alicloud
default = alicloud.resourcemanager.get_resource_groups(status="OK")
default_rule = alicloud.cfg.Rule("default",
    description="If the resource matches one of the specified tag key-value pairs, the configuration is considered compliant.",
    source_owner="ALIYUN",
    source_identifier="contains-tag",
    risk_level=1,
    tag_value_scope="example-value",
    tag_key_scope="example-key",
    exclude_resource_ids_scope="example-resource_id",
    region_ids_scope="cn-hangzhou",
    config_rule_trigger_types="ConfigurationItemChangeNotification",
    resource_group_ids_scope=default.ids[0],
    resource_types_scopes=["ACS::RDS::DBInstance"],
    rule_name="contains-tag",
    input_parameters={
        "key1": "value1",
        "key2": "value2",
    })

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
    var @default = AliCloud.ResourceManager.GetResourceGroups.Invoke(new()
    {
        Status = "OK",
    });
    var defaultRule = new AliCloud.Cfg.Rule("default", new()
    {
        Description = "If the resource matches one of the specified tag key-value pairs, the configuration is considered compliant.",
        SourceOwner = "ALIYUN",
        SourceIdentifier = "contains-tag",
        RiskLevel = 1,
        TagValueScope = "example-value",
        TagKeyScope = "example-key",
        ExcludeResourceIdsScope = "example-resource_id",
        RegionIdsScope = "cn-hangzhou",
        ConfigRuleTriggerTypes = "ConfigurationItemChangeNotification",
        ResourceGroupIdsScope = @default.Apply(@default => @default.Apply(getResourceGroupsResult => getResourceGroupsResult.Ids[0])),
        ResourceTypesScopes = new[]
        {
            "ACS::RDS::DBInstance",
        },
        RuleName = "contains-tag",
        InputParameters =
        {
            { "key1", "value1" },
            { "key2", "value2" },
        },
    });
});

package main
import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/cfg"
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/resourcemanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_default, err := resourcemanager.GetResourceGroups(ctx, &resourcemanager.GetResourceGroupsArgs{
			Status: pulumi.StringRef("OK"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = cfg.NewRule(ctx, "default", &cfg.RuleArgs{
			Description:             pulumi.String("If the resource matches one of the specified tag key-value pairs, the configuration is considered compliant."),
			SourceOwner:             pulumi.String("ALIYUN"),
			SourceIdentifier:        pulumi.String("contains-tag"),
			RiskLevel:               pulumi.Int(1),
			TagValueScope:           pulumi.String("example-value"),
			TagKeyScope:             pulumi.String("example-key"),
			ExcludeResourceIdsScope: pulumi.String("example-resource_id"),
			RegionIdsScope:          pulumi.String("cn-hangzhou"),
			ConfigRuleTriggerTypes:  pulumi.String("ConfigurationItemChangeNotification"),
			ResourceGroupIdsScope:   pulumi.String(_default.Ids[0]),
			ResourceTypesScopes: pulumi.StringArray{
				pulumi.String("ACS::RDS::DBInstance"),
			},
			RuleName: pulumi.String("contains-tag"),
			InputParameters: pulumi.StringMap{
				"key1": pulumi.String("value1"),
				"key2": pulumi.String("value2"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.resourcemanager.ResourcemanagerFunctions;
import com.pulumi.alicloud.resourcemanager.inputs.GetResourceGroupsArgs;
import com.pulumi.alicloud.cfg.Rule;
import com.pulumi.alicloud.cfg.RuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var default = ResourcemanagerFunctions.getResourceGroups(GetResourceGroupsArgs.builder()
            .status("OK")
            .build());
        var defaultRule = new Rule("defaultRule", RuleArgs.builder()
            .description("If the resource matches one of the specified tag key-value pairs, the configuration is considered compliant.")
            .sourceOwner("ALIYUN")
            .sourceIdentifier("contains-tag")
            .riskLevel(1)
            .tagValueScope("example-value")
            .tagKeyScope("example-key")
            .excludeResourceIdsScope("example-resource_id")
            .regionIdsScope("cn-hangzhou")
            .configRuleTriggerTypes("ConfigurationItemChangeNotification")
            .resourceGroupIdsScope(default_.ids()[0])
            .resourceTypesScopes("ACS::RDS::DBInstance")
            .ruleName("contains-tag")
            .inputParameters(Map.ofEntries(
                Map.entry("key1", "value1"),
                Map.entry("key2", "value2")
            ))
            .build());
    }
}

resources:
  defaultRule:
    type: alicloud:cfg:Rule
    name: default
    properties:
      description: If the resource matches one of the specified tag key-value pairs, the configuration is considered compliant.
      sourceOwner: ALIYUN
      sourceIdentifier: contains-tag
      riskLevel: 1
      tagValueScope: example-value
      tagKeyScope: example-key
      excludeResourceIdsScope: example-resource_id
      regionIdsScope: cn-hangzhou
      configRuleTriggerTypes: ConfigurationItemChangeNotification
      resourceGroupIdsScope: ${default.ids[0]}
      resourceTypesScopes:
        - ACS::RDS::DBInstance
      ruleName: contains-tag
      inputParameters:
        key1: value1
        key2: value2
variables:
  default:
    fn::invoke:
      function: alicloud:resourcemanager:getResourceGroups
      arguments:
        status: OK

Import

Config Rule can be imported using the id, e.g.

$ pulumi import alicloud:cfg/rule:Rule example <id>

Properties

accountId

val accountId: Output<Int>

The ID of Alicloud account.

compliance

val compliance: Output<RuleCompliance>

compliance information.

compliancePackId

val compliancePackId: Output<String>

Compliance Package ID.

configRuleArn

val configRuleArn: Output<String>

config rule arn.

configRuleId

val configRuleId: Output<String>

The ID of the rule.

configRuleTriggerTypes

val configRuleTriggerTypes: Output<String>

The trigger type of the rule. Valid values: ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.

createTime

val createTime: Output<Int>

The timestamp when the rule was created.

description

val description: Output<String>?

The description of the rule.

eventSource

val eventSource: Output<String>

The event source of the rule.

excludeResourceIdsScope

val excludeResourceIdsScope: Output<String>?

The rule monitors excluded resource IDs, multiple of which are separated by commas, only applies to rules created based on managed rules, , custom rule this field is empty.

val id: Output<String>

inputParameters

val inputParameters: Output<Map<String, String>>?

The settings of the input parameters for the rule.

maximumExecutionFrequency

val maximumExecutionFrequency: Output<String>

The frequency of the compliance evaluations, it is required if the ConfigRuleTriggerTypes value is ScheduledNotification. Valid values: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, TwentyFour_Hours.

modifiedTimestamp

val modifiedTimestamp: Output<Int>

The timestamp when the rule was last modified.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

regionIdsScope

val regionIdsScope: Output<String>?

The rule monitors region IDs, separated by commas, only applies to rules created based on managed rules.

resourceGroupIdsScope

val resourceGroupIdsScope: Output<String>?

The rule monitors resource group IDs, separated by commas, only applies to rules created based on managed rules.

resourceTypesScopes

val resourceTypesScopes: Output<List<String>>

The types of the resources to be evaluated against the rule.

riskLevel

val riskLevel: Output<Int>

The risk level of the resources that are not compliant with the rule. Valid values: 1: critical 2: warning 3: info

ruleName

val ruleName: Output<String>

The name of the rule.

scopeComplianceResourceTypes

val ~~scopeComplianceResourceTypes~~: Output<String>

Field 'scope_compliance_resource_types' has been deprecated from provider version 1.124.1. New field 'resource_types_scope' instead.

sourceDetailMessageType

val ~~sourceDetailMessageType~~: Output<String>

Field 'source_detail_message_type' has been deprecated from provider version 1.124.1. New field 'config_rule_trigger_types' instead.

sourceIdentifier

val sourceIdentifier: Output<String>

The identifier of the rule. For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule.

sourceMaximumExecutionFrequency

val ~~sourceMaximumExecutionFrequency~~: Output<String>

Field 'source_maximum_execution_frequency' has been deprecated from provider version 1.124.1. New field 'maximum_execution_frequency' instead.

sourceOwner

val sourceOwner: Output<String>

Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values: CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule

status

val status: Output<String>

The status of the rule. Valid values: ACTIVE: The rule is monitoring the configurations of target resources. DELETING_RESULTS: The compliance evaluation result returned by the rule is being deleted. EVALUATING: The rule is triggered and is evaluating whether the configurations of target resources are compliant. INACTIVE: The rule is disabled from monitoring the configurations of target resources.

tagKeyScope

val tagKeyScope: Output<String>?

The rule monitors the tag key, only applies to rules created based on managed rules.

tagValueScope

val tagValueScope: Output<String>?

The rule monitors the tag value, only applies to rules created based on managed rules. The following arguments will be discarded. Please use new fields as soon as possible:

urn

val urn: Output<String>