Config
You must first create and start the CC configuration recorder in order to create CC managed rules with CFNlong. For more information, see Managing the Configuration Recorder. Adds or updates an CC rule to evaluate if your AWS resources comply with your desired configurations. For information on how many CC rules you can have per account, see Service Limits in the Developer Guide. There are two types of rules: Managed Rules and Custom Rules. You can use the `ConfigRule` resource to create both CC Managed Rules and CC Custom Rules. CC Managed Rules are predefined, customizable rules created by CC. For a list of managed rules, see List of Managed Rules. If you are adding an CC managed rule, you must specify the rule's identifier for the `SourceIdentifier` key. CC Custom Rules are rules that you create from scratch. There are two ways to create CC custom rules: with Lambda functions (Developer Guide) and with CFNGUARDshort (Guard GitHub Repository), a policy-as-code language. CC custom rules created with LAMlong are called Custom Lambda Rules and CC custom rules created with CFNGUARDshort are called Custom Policy Rules. If you are adding a new CC Custom LAM rule, you first need to create an LAMlong function that the rule invokes to evaluate your resources. When you use the `ConfigRule` resource to add a Custom LAM rule to CC, you must specify the Amazon Resource Name (ARN) that LAMlong assigns to the function. You specify the ARN in the `SourceIdentifier` key. This key is part of the `Source` object, which is part of the `ConfigRule` object. For any new CC rule that you add, specify the `ConfigRuleName` in the `ConfigRule` object. Do not specify the `ConfigRuleArn` or the `ConfigRuleId`. These values are generated by CC for new rules. If you are updating a rule that you added previously, you can specify the rule by `ConfigRuleName`, `ConfigRuleId`, or `ConfigRuleArn` in the `ConfigRule` data type that you use in this request. For more information about developing and using CC rules, see Evaluating Resources with Rules in the Developer Guide.
Constructors
Properties
Indicates whether an AWS resource or CC rule is compliant and provides the number of contributors that affect the compliance.
A name for the CC rule. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type.
The description that you provide for the CC rule.
The modes the CC rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.
A string, in JSON format, that is passed to the CC rule Lambda function. Search the CloudFormation User Guide for AWS::Config::ConfigRule for more information about the expected schema for this property.
The maximum frequency with which CC runs evaluations for a rule. You can specify a value for `MaximumExecutionFrequency` when:
Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. The scope can be empty.
Provides the rule owner (```` for managed rules, `CUSTOM_POLICY` for Custom Policy rules, and `CUSTOM_LAMBDA` for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.