pulumi-aws-kotlin/com.pulumi.aws.cfg.kotlin/RemediationConfigurationArgs

RemediationConfigurationArgs

data class RemediationConfigurationArgs(val automatic: Output<Boolean>? = null, val configRuleName: Output<String>? = null, val executionControls: Output<RemediationConfigurationExecutionControlsArgs>? = null, val maximumAutomaticAttempts: Output<Int>? = null, val parameters: Output<List<RemediationConfigurationParameterArgs>>? = null, val resourceType: Output<String>? = null, val retryAttemptSeconds: Output<Int>? = null, val targetId: Output<String>? = null, val targetType: Output<String>? = null, val targetVersion: Output<String>? = null) : ConvertibleToJava<RemediationConfigurationArgs>

Provides an AWS Config Remediation Configuration.

Note: Config Remediation Configuration requires an existing Config Rule to be present.

Example Usage

AWS managed rules can be used by setting the source owner to AWS and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the AWS Config Developer Guide.

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cfg.Rule;
import com.pulumi.aws.cfg.RuleArgs;
import com.pulumi.aws.cfg.inputs.RuleSourceArgs;
import com.pulumi.aws.cfg.RemediationConfiguration;
import com.pulumi.aws.cfg.RemediationConfigurationArgs;
import com.pulumi.aws.cfg.inputs.RemediationConfigurationParameterArgs;
import com.pulumi.aws.cfg.inputs.RemediationConfigurationExecutionControlsArgs;
import com.pulumi.aws.cfg.inputs.RemediationConfigurationExecutionControlsSsmControlsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var thisRule = new Rule("thisRule", RuleArgs.builder()
            .source(RuleSourceArgs.builder()
                .owner("AWS")
                .sourceIdentifier("S3_BUCKET_VERSIONING_ENABLED")
                .build())
            .build());
        var thisRemediationConfiguration = new RemediationConfiguration("thisRemediationConfiguration", RemediationConfigurationArgs.builder()
            .configRuleName(thisRule.name())
            .resourceType("AWS::S3::Bucket")
            .targetType("SSM_DOCUMENT")
            .targetId("AWS-EnableS3BucketEncryption")
            .targetVersion("1")
            .parameters(
                RemediationConfigurationParameterArgs.builder()
                    .name("AutomationAssumeRole")
                    .staticValue("arn:aws:iam::875924563244:role/security_config")
                    .build(),
                RemediationConfigurationParameterArgs.builder()
                    .name("BucketName")
                    .resourceValue("RESOURCE_ID")
                    .build(),
                RemediationConfigurationParameterArgs.builder()
                    .name("SSEAlgorithm")
                    .staticValue("AES256")
                    .build())
            .automatic(true)
            .maximumAutomaticAttempts(10)
            .retryAttemptSeconds(600)
            .executionControls(RemediationConfigurationExecutionControlsArgs.builder()
                .ssmControls(RemediationConfigurationExecutionControlsSsmControlsArgs.builder()
                    .concurrentExecutionRatePercentage(25)
                    .errorPercentage(20)
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard

Import

Remediation Configurations can be imported using the name config_rule_name, e.g.,

$ pulumi import aws:cfg/remediationConfiguration:RemediationConfiguration this example
Content copied to clipboard

Constructors

Link copied to clipboard
fun RemediationConfigurationArgs(automatic: Output<Boolean>? = null, configRuleName: Output<String>? = null, executionControls: Output<RemediationConfigurationExecutionControlsArgs>? = null, maximumAutomaticAttempts: Output<Int>? = null, parameters: Output<List<RemediationConfigurationParameterArgs>>? = null, resourceType: Output<String>? = null, retryAttemptSeconds: Output<Int>? = null, targetId: Output<String>? = null, targetType: Output<String>? = null, targetVersion: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): RemediationConfigurationArgs

Properties

Link copied to clipboard
val automatic: Output<Boolean>? = null

Remediation is triggered automatically if true.

Link copied to clipboard
val configRuleName: Output<String>? = null

Name of the AWS Config rule.

Link copied to clipboard
val executionControls: Output<RemediationConfigurationExecutionControlsArgs>? = null

Configuration block for execution controls. See below.

Link copied to clipboard
val maximumAutomaticAttempts: Output<Int>? = null

Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.

Link copied to clipboard
val parameters: Output<List<RemediationConfigurationParameterArgs>>? = null

Can be specified multiple times for each parameter. Each parameter block supports arguments below.

Link copied to clipboard
val resourceType: Output<String>? = null

Type of resource.

Link copied to clipboard
val retryAttemptSeconds: Output<Int>? = null

Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.

Link copied to clipboard
val targetId: Output<String>? = null

Target ID is the name of the public document.

Link copied to clipboard
val targetType: Output<String>? = null

Type of the target. Target executes remediation. For example, SSM document. The following arguments are optional:

Link copied to clipboard
val targetVersion: Output<String>? = null

Version of the target. For example, version of the SSM document