Delivery
Provides an AWS Config Delivery Channel.
Note: Delivery Channel requires a Configuration Recorder to be present. Use of
depends_on(as shown below) is recommended to avoid race conditions.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.cfg.Recorder;
import com.pulumi.aws.cfg.RecorderArgs;
import com.pulumi.aws.cfg.DeliveryChannel;
import com.pulumi.aws.cfg.DeliveryChannelArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucketV2 = new BucketV2("bucketV2", BucketV2Args.builder()
.forceDestroy(true)
.build());
final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("config.amazonaws.com")
.build())
.actions("sts:AssumeRole")
.build())
.build());
var role = new Role("role", RoleArgs.builder()
.assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var fooRecorder = new Recorder("fooRecorder", RecorderArgs.builder()
.roleArn(role.arn())
.build());
var fooDeliveryChannel = new DeliveryChannel("fooDeliveryChannel", DeliveryChannelArgs.builder()
.s3BucketName(bucketV2.bucket())
.build(), CustomResourceOptions.builder()
.dependsOn(fooRecorder)
.build());
final var policyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("s3:*")
.resources(
bucketV2.arn(),
bucketV2.arn().applyValue(arn -> String.format("%s/*", arn)))
.build())
.build());
var rolePolicy = new RolePolicy("rolePolicy", RolePolicyArgs.builder()
.role(role.id())
.policy(policyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(policyDocument -> policyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
}
}Content copied to clipboard
Import
Delivery Channel can be imported using the name, e.g.,
$ pulumi import aws:cfg/deliveryChannel:DeliveryChannel foo exampleContent copied to clipboard
*/
Properties
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
The name of the S3 bucket used to store the configuration history.
Link copied to clipboard
The prefix for the specified S3 bucket.
Link copied to clipboard
The ARN of the AWS KMS key used to encrypt objects delivered by AWS Config. Must belong to the same Region as the destination S3 bucket.
Link copied to clipboard
Options for how AWS Config delivers configuration snapshots. See below
Link copied to clipboard
The ARN of the SNS topic that AWS Config delivers notifications to.