pulumi-aws-kotlin/com.pulumi.aws.cfg.kotlin/ConformancePack

ConformancePack

class ConformancePack : KotlinCustomResource

Manages a Config Conformance Pack. More information about this collection of Config rules and remediation actions can be found in the Conformance Packs documentation. Sample Conformance Pack templates may be found in the AWS Config Rules Repository.

NOTE: The account must have a Configuration Recorder with proper IAM permissions before the Conformance Pack will successfully create or update. See also the aws.cfg.Recorder resource.

Example Usage

Template Body

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cfg.ConformancePack;
import com.pulumi.aws.cfg.ConformancePackArgs;
import com.pulumi.aws.cfg.inputs.ConformancePackInputParameterArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new ConformancePack("example", ConformancePackArgs.builder()
            .inputParameters(ConformancePackInputParameterArgs.builder()
                .parameterName("AccessKeysRotatedParameterMaxAccessKeyAge")
                .parameterValue("90")
                .build())
            .templateBody("""
Parameters:
  AccessKeysRotatedParameterMaxAccessKeyAge:
    Type: String
Resources:
  IAMPasswordPolicy:
    Properties:
      ConfigRuleName: IAMPasswordPolicy
      Source:
        Owner: AWS
        SourceIdentifier: IAM_PASSWORD_POLICY
    Type: AWS::Config::ConfigRule
            """)
            .build(), CustomResourceOptions.builder()
                .dependsOn(aws_config_configuration_recorder.example())
                .build());
    }
}
Content copied to clipboard

Template S3 URI

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketObjectv2;
import com.pulumi.aws.s3.BucketObjectv2Args;
import com.pulumi.aws.cfg.ConformancePack;
import com.pulumi.aws.cfg.ConformancePackArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleBucketV2 = new BucketV2("exampleBucketV2");
        var exampleBucketObjectv2 = new BucketObjectv2("exampleBucketObjectv2", BucketObjectv2Args.builder()
            .bucket(exampleBucketV2.id())
            .key("example-key")
            .content("""
Resources:
  IAMPasswordPolicy:
    Properties:
      ConfigRuleName: IAMPasswordPolicy
      Source:
        Owner: AWS
        SourceIdentifier: IAM_PASSWORD_POLICY
    Type: AWS::Config::ConfigRule
            """)
            .build());
        var exampleConformancePack = new ConformancePack("exampleConformancePack", ConformancePackArgs.builder()
            .templateS3Uri(Output.tuple(exampleBucketV2.bucket(), exampleBucketObjectv2.key()).applyValue(values -> {
                var bucket = values.t1;
                var key = values.t2;
                return String.format("s3://%s/%s", bucket,key);
            }))
            .build(), CustomResourceOptions.builder()
                .dependsOn(aws_config_configuration_recorder.example())
                .build());
    }
}
Content copied to clipboard

Import

Config Conformance Packs can be imported using the name, e.g.,

$ pulumi import aws:cfg/conformancePack:ConformancePack example example
Content copied to clipboard

Properties

Link copied to clipboard
val arn: Output<String>

Amazon Resource Name (ARN) of the conformance pack.

Link copied to clipboard
val deliveryS3Bucket: Output<String>?

Amazon S3 bucket where AWS Config stores conformance pack templates. Maximum length of 63.

Link copied to clipboard
val deliveryS3KeyPrefix: Output<String>?

The prefix for the Amazon S3 bucket. Maximum length of 1024.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val inputParameters: Output<List<ConformancePackInputParameter>>?

Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the template_body or in the template stored in Amazon S3 if using template_s3_uri.

Link copied to clipboard
val name: Output<String>

The name of the conformance pack. Must begin with a letter and contain from 1 to 256 alphanumeric characters and hyphens.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val templateBody: Output<String>?

A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.

Link copied to clipboard
val templateS3Uri: Output<String>?

Location of file, e.g., s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.

Link copied to clipboard
val urn: Output<String>